DAO Maker, a cryptocurrency crowdfunding platform that offers public token sales for upstart projects, has been hacked and drained of about $7 million worth of funds overnight, the company announced today.
According to the firm, the attack—which was first reported by Wu Blockchain—saw a hacker tap into an exploit regarding one of the company’s crypto wallets with administrator privileges. After successfully using the exploit to first steal 10,000 stablecoins, the attacker proceeded to complete 15 more transactions. dollar-pegged
Ultimately, DAO Maker says that 5,251 users had their funds stolen from the platform before its security team could address the exploit, with an average of $1,250 lost per user. The firm suggests that the hacker focused on high-value accounts, as users with $900 or less worth of funds in their accounts were “completely unaffected.”
DAO Maker has tapped blockchain forensics firm Cipher Blade to aid in the investigation to try to identify the attacker and reclaim the stolen funds. According to DAO Maker’s post, Cipher Blade has identified an account at cryptocurrency exchange Binance that was used in the attack, and is working with block explorer and analytics platform Etherscan to determine more about the hacker. Additionally, cryptocurrency exchanges have been provided information on the hacker’s wallet.
All deposits into the platform have been deactivated as DAO Maker continues its investigation, and the company will “devise a set of solutions” over the next five days regarding plans to “alleviate the incurred damages” and bring the attacker to justice.
DAO Maker describes itself as a “social mining and community incubation” platform, but essentially it’s a crowdfunding site for tokenized startups.
Unlike a traditional crowdfunding platform like Kickstarter or Indiegogo, however, DAO Maker is governed by smart contracts—or bits of code that perform a set of instructions—in the form of a decentralized autonomous organization (DAO). It’s one of many DAO-driven projects working to shake up the world of traditional venture capital funding for startups.
“We want to assure our investors and supporters—the vaults are safe and the hack has had no detrimental impact on our business,” reads the post from DAO Maker CEO Christoph Zaknun. “Absolutely no one, not even us, has the ability to upgrade the code or remove any DAO from the vaults. As a CEO, this has always been one of my core principles for DAO Maker.”
The DAO Maker attack comes right on the heels of a massive $600 million hack of cross-blockchain interoperability platform Poly Network, the largest cryptocurrency hack to date. The Poly Network hack took place on Tuesday morning, but in a surprising twist, the attacker—who said they did it just “for fun”—has started returning the funds. As of this morning, some $342 million worth of funds have been returned to Poly Network.
This post first appeared on: Decrypt