Unknown attackers withdrew more than $7 million in USD Coin from the DAO Maker platform
Hackers attacked the crowdfunding platform DAO Maker. According to PeckShield analysts, unknown parties withdrew more than $7 million in the stablecoin USD Coin (USDC).
The DAO Maker team confirmed the breach, which occurred at around 4:00 MSK. The hacker gained access to one of the wallets with administrator rights.
Initially the attacker tested the exploit by withdrawing 10,000 USDC. He then quietly carried out another 15 transactions.
In this manner he managed to withdraw around $7 million in USDC, before security specialists could trace and halt the leakage of funds.
A total of 5,251 users were affected.
The platform contracted Cipher Blade to track the hacker and recover the funds. Specialists from the firm have already identified an account on Binance linked to the incident. DAO Maker notified exchanges about the hacker’s wallet.
@TheDaoMaker hacked for over $7,000,000 USDC — still under investigation
— PeckShield Inc. (@peckshield) August 12, 2021
The attackers withdrew some users’ DAO Maker deposits in USDC and converted them to Ethereum. This is corroborated by the explorer Etherscan, which shows that the address allegedly belonging to the hacker holds more than 2261 ETH (~$7 million at the time of writing).
According to journalist Colin Wu, the incident affected 9,000–10,000 accounts. The stablecoins could have been converted into ETH to prevent the issuer of USDC — the Centre consortium — from freezing the assets.
According to Chinese defi blogger Big orange, all 9000-10000 USDC accounts were stolen by hackers.
— Wu Blockchain (@WuBlockchain) August 12, 2021
In the DAO Maker Telegram channel, the project administration said they were aware of ‘deposit issues’. Users were assured that the incident affected only the depository smart contract—the DAO tokens and staking assets remained safe.
Throughout the day, users repeatedly reported missing deposits. The project representative Paul Ujah asked that speculation about the depository contract breach be avoided. The channel administration disabled the ability to post messages.
Against this backdrop, the DAO token fell more than 15% (on KuCoin). At the time of writing, the asset was trading near $1.67.
Earlier, the Poly Network cross-chain protocol was attacked on the Ethereum, Binance Smart Chain and Polygon. The total damage amounted to $611 million in various cryptocurrencies. Some of the stolen funds, for example in Tether (USDT), were frozen.
As reported, the hacker behind the attack stated his intention to return the assets. Experts suggested that one reason for restitution was that the unknown exposed personal data.
On August 12, the hacker returned all assets, stolen from the Polygon and Binance Smart Chain networks.
Subscribe to ForkLog news on VK.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!