The DAO Maker organization joins the list of victims of DeFi hacks this month, and it's only been one day since the largest hack in the history of this digital ecosystem was perpetrated.
The DAO Maker, a decentralized organization within the ecosystem DeFi, which has no relation to the Maker Foundation or its MakerDAO protocol, is the victim of a new hack in which the decentralized finance ecosystem lost another $7 million.
According to members of The DAO Maker, the organization's crowdfunding platform was hacked, leaving a total of 5.521 users affected, who lost an average of $1.250 each.
The hack occurred when attackers exploited a vulnerability present in the SHO contract of the funding platform. The DAO Maker security team was able to respond to the hacker's actions, neutralizing the attack and preventing further losses for users, they explained on Twitter. Likewise, members of the organization pointed out that users with funds under $900 were not affected by the exploit in the contract, as the hacker focused on "high-value" accounts.
The DAO Maker published a report with the details of the hack that occurred.
It may interest you: Poly Network hack, the largest in DeFi history, drives the community crazy
New hack in DeFi
The DAO Maker post-mortem report explains that the hacker found a vulnerability in the contract that gave him “admin privilege” to access several of the organization’s digital wallets. First, the attacker transferred $10.000 using the stablecoin USD Coin (USDC). Seeing that the transaction was successful, he quietly executed 15 more transactions, the organization explained. In total, the hacker extracted $7 million from the contract.
The organization's team members became aware of the transfers and began working to detect the leak and stop the attack. To date, the organization says it is working with several forensic analysis firms in blockchain, such as Cipher Blade, as well as exchanges and exchange platforms cryptocurrencies, and using EtherScan to track the hacker and try to recover the stolen money. The analytics firm reported that it has already identified one of the hacker's addresses on Binance with the funds siphoned from the organization.
The DAO Maker called on the crypto community, exchanges, operators and miners to be alert to the hacker's movements and block the funds in order to avoid preventing them from being exchanged. Likewise, the organization reported that the remaining funds on the platform were moved to a new secure wallet and that it did not stop the platform's operations, so those users who were not affected by the hack can continue operating and even withdraw their funds without problems.
DeFi needs more security
The DAO Maker defines itself as a crowdfunding platform for incubating communities. CEO Christoph Zaknun, who wrote the organization's statement on the hack, assured that The DAO Maker's vaults are secure and that the hack has not had a detrimental impact on its business model.
“Absolutely no one, not even us, has the ability to update the code or remove any DAO from the vaults. As CEO, this has always been one of my core principles for DAO Maker.”, manifested.
However, it is clear that the decentralized finance ecosystem needs to strengthen its security levels, to ensure the protection of investors and gain their trust. The hack of The DAO Maker occurred just one day after the Poly Network exploit, considered the largest hack in DeFi history, in which $613 million was stolen. It should be noted that the attacker who stole from Poly Network has already returned most of the funds, claiming that he never intended to keep the money and that he did so only to exploit the vulnerability before another corrupt actor did so and stole the funds.
CipherTrace, a renowned blockchain analytics firm in the industry, reported that DeFi hacks have caused the loss of more than $470 million this year, not taking into account the two recent exploits. To give an idea of the magnitude of this situation, in all of 2020, DeFi hacks barely exceeded $100 million.
As The DAO Maker explained, the organization's success may have motivated the hacker to exploit its contract. This logic can be applied to the entire industry, which has grown exponentially over the past year and now has a total liquidity of over 78.900 million en Ethereum y 138.650 million across the entire decentralized financial ecosystem.
Continue reading: DeFi hacks become popular and cause losses worth $474 million in 2021
