{"id":75471,"date":"2023-03-13T18:22:05","date_gmt":"2023-03-13T16:22:05","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=75471"},"modified":"2025-09-10T11:51:20","modified_gmt":"2025-09-10T08:51:20","slug":"peopledao-loses-120000-in-ethereum-via-google-sheets-exploit","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/peopledao-loses-120000-in-ethereum-via-google-sheets-exploit\/","title":{"rendered":"PeopleDAO loses $120,000 in Ethereum via Google Sheets exploit"},"content":{"rendered":"<p>On March 6, the PeopleDAO community, formed to acquire a rare copy of the U.S. Constitution, was subjected to a hacking attack. The loss amounted to 76.5 ETH ($120,000).<\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">1\/10<br \/>Bad news: <br \/>PeopleDAO Community Treasury on <a href=\\\"https:\/\/twitter.com\/safe?ref_src=twsrc%5Etfw\\\">@safe<\/a> has recently been exploited of 76 ETH (~$120,000) via social engineering during monthly reward payout on March 6th.<br \/>This expoloit is not related to <a href=\\\"https:\/\/twitter.com\/search?q=%24PEOPLE&#038;src=ctag&#038;ref_src=twsrc%5Etfw\\\">$PEOPLE<\/a> token contract.<br \/>Details below:<\/p>\n<p>\u2014 PeopleDAO (?, ?) (@The_PeopleDAO) <a href=\\\"https:\/\/twitter.com\/The_PeopleDAO\/status\/1634518915668668416?ref_src=twsrc%5Etfw\\\">March 11, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>According to findings, the PeopleDAO accounting team accidentally posted a link to a Google Sheet containing the monthly payout form on a public Discord channel. The document had edit rights enabled. An unknown person entered his wallet address and a payment amount of 76.5 ETH, after which he made that row invisible.<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u201cThe team leaders did not detect the hidden line during the recheck. Then the file with the data from the table was sent to Safe&#8217;s CSV Airdrop tool for distributing the reward. Validators also did not notice the malicious transfer,\u201d explained the PeopleDAO team.<\/p>\n<\/blockquote>\n<blockquote class=\\\"twitter-tweet\\\" data-conversation=\\\"none\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">5\/10<br \/>Because there are 80 transfers in the tx, 6 out of 9 multisig signers did not notice the malicious transfer, signed and executed the tx, sending 76 ETH to the hacker&#8217;s address.<br \/>Txhash: <a href=\\\"https:\/\/t.co\/NUGnRDS5xd\\\">https:\/\/t.co\/NUGnRDS5xd<\/a><br \/>Hacker address: 0x80f751a95f678255cae9a280d4f25e5b926eae366 <a href=\\\"https:\/\/t.co\/OM3XGp4b5W\\\">pic.twitter.com\/OM3XGp4b5W<\/a><\/p>\n<p>\u2014 PeopleDAO (?, ?) (@The_PeopleDAO) <a href=\\\"https:\/\/twitter.com\/The_PeopleDAO\/status\/1634518985172717568?ref_src=twsrc%5Etfw\\\">March 11, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>Subsequently, the hacker moved 69.2 ETH to the HitBTC exchange and 7.3 ETH to Binance. Both trading platforms, along with law enforcement agencies, were notified of the incident.<\/p>\n<figure class=\\\"wp-block-image\\\"><img decoding=\\\"async\\\" src=\\\"https:\/\/lh5.googleusercontent.com\/Q3S9tdY_efr9FZrNJ4qeali17OHAh6nWUziKYqRKNtWQdqdkAabNwMoGksnPxA4-yrqJ6Jz5Ok4gTBSZAv0Fr1kQc8eG0X9IipmM7_IlLA3_yPSw26AvwALH_557qW4DUIE_-WnnlDvqO_9nC9R1NLg\\\" alt=\\\"\u0423 PeopleDAO \u043f\u043e\u0445\u0438\u0442\u0438\u043b\u0438 $120 000 \u0432 Ethereum \u0447\u0435\u0440\u0435\u0437 Google-\u0442\u0430\u0431\u043b\u0438\u0446\u0443\\\"\/><figcaption>Data: SlowMist.<\/figcaption><\/figure>\n<p>PeopleDAO is also conducting an internal investigation with blockchain security experts ZachXBT and SlowMist. The community offered the hacker a bounty of 10% of the stolen amount for the return of funds. As of writing, he had not responded to the offer.<\/p>\n<p>Separately, the team will work on improving bookkeeping and training validators in multi-signature operations.<\/p>\n<p>Earlier ForkLog reported that the DeFi protocol Euler Finance was hacked <a href=\"https:\/\/forklog.com\/en\/news\/euler-finance-hacked-for-196-million\">by more than $196 million<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The PeopleDAO community was hacked. The loss amounted to 76.5 ETH ($120,000).<\/p>\n","protected":false},"author":1,"featured_media":75472,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,80],"class_list":["post-75471","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-dao"],"aioseo_notices":[],"amp_enabled":true,"views":"21","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75471","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=75471"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75471\/revisions"}],"predecessor-version":[{"id":75473,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/75471\/revisions\/75473"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/75472"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=75471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=75471"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=75471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}