DAO Maker, a cryptocurrency crowdfunding platform that offers public token sales for new projects, has been hacked and drained of approximately $7 million in funds overnight, according to the company.
According to the company, the attack, which was first reported by Wu Blockchain, involved a hacker exploiting an exploit involving one of the company’s crypto wallets with administrator privileges. After successfully stealing 10,000 USDC dollar-pegged stablecoins with the exploit, the attacker went on to complete 15 more transactions.
Finally, DAO Maker claims that 5,251 users’ funds were stolen from the platform before the security team could address the exploit, with an average of $1,250 lost per user. According to the firm, the hacker targeted high-value accounts because users with $900 or less in their accounts were “completely unaffected.”
DAO Maker has enlisted the help of blockchain forensics firm Cipher Blade in its efforts to identify the attacker and reclaim the stolen funds. Cipher Blade has identified an account at cryptocurrency exchange Binance that was used in the attack, according to DAO Maker’s post, and is working with Ethereum block explorer and analytics platform Etherscan to learn more about the hacker. Furthermore, cryptocurrency exchanges have been given information about the hacker’s wallet.
All deposits to the platform have been deactivated while DAO Maker investigates, and the company will “devise a set of solutions” over the next five days to “alleviate the incurred damages” and bring the attacker to justice.
DAO Maker bills itself as a “social mining and community incubation” platform, but it is essentially a tokenized startup crowdfunding platform.
DAO Maker, unlike traditional crowdfunding platforms such as Kickstarter or Indiegogo, is governed by smart contracts—or bits of code that perform a set of instructions—in the form of a decentralized autonomous organization (DAO). It’s one of many DAO-powered projects aimed at shaking up the world of traditional venture capital funding for startups.
“We want to reassure our investors and supporters—the vaults are safe, and the hack has had no negative impact on our business,” writes DAO Maker CEO Christoph Zaknun in a blog post. “No one, not even us, has the capability of upgrading the code or removing any DAO from the vaults. This has always been one of my core principles as CEO of DAO Maker.”
The DAO Maker attack follows a massive $600 million hack of the cross-blockchain interoperability platform Poly Network, the largest cryptocurrency hack to date. The Poly Network hack occurred on Tuesday morning, but in an unexpected twist, the attacker—who claimed to have done it “for fun”—has begun returning the funds. As of this morning, approximately $342 million in funds had been returned to Poly Network.