An attacker stole $7 million from DAO Maker’s smart contract and instantly changed the funds from USDC to ETH.
Today, the crypto launchpad DAO Maker was hacked for $7 million in USDC.
Vulnerability in the DAO Maker
Today, an attacker hacked the crowdfunding site DAO Maker, taking more than $7 million from hundreds of user accounts.
The assault was caused by a “dumb flaw” in one of PeckShield’s smart contracts. An unknown third party may have been given the power to move cash out due to the vulnerability.
DAO Maker CEO Christoph Zaknun announced the event in a post-mortem report, saying:
“We must announce that in the early hours of August 12th (approx. 1 AM UTC) DAO Maker faced malicious use of one of our wallets with access to admin privileges.”
To avoid the money being blocklisted, the attacker changed the loot to 2,261.45 ETH and transmitted it to an Ethereum wallet.
Earlier this morning, some DAO Maker‘s Telegram channel members claimed that their USDC holdings had dropped to zero.
According to a preliminary investigation, USDC stablecoins placed by users under a specific smart contract were impacted. As a result, all deposits in the contract have been deactivated at this time.
According to DAO Maker’s post-mortem study, a total of 5,251 individuals were impacted, with losses average of $1,250 per user.
DAO Maker organizes Ethereum-based crowdfunding for new crypto ventures. The platform demands users to pre-fund their wallets with USDC tokens before crowd sales to minimize gas wars. USDC is automatically taken from the pre-funded account after the allocation is finalized.
According to analysts, the exploiter was able to call the withdrawal functions because the contract lacked appropriate security checks. They also mentioned that Etherscan had not validated the exploited contract. The absence of verification is typically regarded as a red signal, implying that the team was careless in their work.
The attack occurred just as the project’s founders reported increased traffic to their launchpad, DAO Pad. The team intended to launch fully-regulated tokenized stocks.
The issue has also had an impact on DAO Maker’s native token. CoinGecko’s DAO token has dropped by roughly 15% today, falling from $1.95 to $1.70 at press time. The absence of price impact may be because single staking vaults containing native tokens were unaffected by the assault.