DAO Maker, a crypto fundraising platform commonly mistaken for MakerDAO, suffered a hack that resulted in the loss of more than $7.00 million (£5.07 million). A report unveiled this news on August 12, citing a disclosure from PeckShield, a Chinese blockchain security company. Reportedly, the attacker leveraged a vulnerability on the network and made away with 7,376,245 USDC.
According to the report, the hacker transferred the funds to an Ethereum address then exchanged the USDC for 2,261 ETH through UniSwap, a decentralized finance protocol that facilitates crypto exchange. Allegedly, the attacker breached the network’s security systems by taking advantage of a bug.
Are you looking for fast-news, hot-tips and market analysis?
Sign-up for the Invezz newsletter, today.
Following the attack, DAO Maker published a blog post, saying the exploited bug was in the SHO contract, which is susceptible to potential risk because it is used in every SHO. Reportedly, the attacker tested this vulnerability by transferring 10,000 USDC from a wallet with admin privileges. After this transaction went through, the malicious actor proceeded to make 15 more transactions unnoticed. As a result, 5,251 users were affected, and DAO Maker estimates an average loss of approximately $1,250.00 (£904.96) per user.
Light at the end of the tunnel
Seeing as each cloud has a silver lining, DAO Maker said users with up to $900.00 (£651.57) did not suffer any losses. Assuring users that it is doing everything possible to recover the stolen funds, DAO Maker said that it had secured the services of Cipher Blade, a blockchain forensics company. Reportedly, these efforts have already seen Cipher Blade discover a Binance account involved in the hack.
The blockchain forensics company is working closely with Etherscan to pinpoint the attacker’s location. Additionally, Cipher Blade has shared the hacker’s wallet information on every crypto exchange. To prevent similar exploits in the future, DAO Maker has secured the SHO contract. The project has also deactivated all deposits, pending a Root Cause Analysis.
Reassuring its users that everything will be okay, DAO Maker said,
We want to assure our investors and supporters — the Vaults are safe and the hack has had no detrimental impact on our business. Absolutely no one, not even us, has the ability to upgrade the code or remove any DAO from the Vaults
This news comes as hackers continue targeting the DeFi sector. On August 10, Poly Network, a cross-chain DeFi platform, announced that it suffered an attack that saw hackers siphon approximately $600.00 million (£434.37 million) from its wallets.
67% of retail CFD accounts lose money