Crypto crowdfunding platform DAO Maker hit with a $7mn hack on its Strong Holder Offering (SHO) contract.
On August 12th, at approximately 1 AM UTC, a hacker attacked cryptocurrency accounts of DAO Maker users and looted around $7 million, as per a statement released by DAO Maker CEO Christoph Zaknun.
The cybercriminal siphoned 10,000 USDC from 5251 accounts with an average of 1250 USDC per user and stole a total of 7,376,245 USDC.
Fortunately, user accounts with up to $900 in funds remained completely unaffected.
Later, the attacker converted the funds to 2,261.45 ETH and transferred them to an Ethereum wallet to prevent the funds from getting blacklisted.
The hacker targeted the SHO contracts, primarily.
DAO Maker has admitted that the security of the attacked SHO contract has always been “a hotspot for potential risk”. That’s why they have certain contingency mechanisms, such as capping the maximum individual deposit amount to $10,000 USDC.
What is an SHO contract?
Strong Holder Offering is a special fundraising service by DAO Maker, similar to an IDO (Initial DEX offering), wherein projects promote their token sales on the DAO Maker platform. The token sale can have its stipulation(s) regarding minimum investment, the cryptocurrency accepted, etc.
SHO model primarily focuses on public investments.
The catch here is, just as the name suggests, the target investors have a “strong hold or grip”. Such investors can hold a coin for extended periods, which is the incentive for projects to go for an SHO.
Responsive measures to the Hack
Zaknun said that the company has partnered with Cipher Blade, a leading blockchain forensics company, to track the criminal and recover the funds.
The Cipher Blade team has already “identified an implicated Binance account and are closely collaborating with Etherscan to learn more about the hackers’ whereabouts. Additionally, all exchanges have been already informed of the hackers’ wallet,” added Zaknun.
Exchanges have begun blocking the perpetrator’s wallets, DAO Maker tweeted.
The company has assured the investors and supporters that their “Vaults” (accounts) are safe. Also, it maintained that business has not been affected to a significant degree.
In an AMA on Twitch, Zaknun announced that the Root Cause Analysis report will be published and audited to avoid a similar situation in the future.
The company has moved the unaffected funds to a brand-new secure wallet. Users can still withdraw their funds unimpeded as per their discretion.
This is the second such attack this week following the massive hack resulting in a $600 million loss to PolyNetwork. However, as of now, the hacker has returned around half of the funds.
Note: Their names are similar but DAO Maker has no relation with Maker DAO, the developer of stablecoin DAI.
Financial investment always comes with risk. That’s why they should always be diversified. DeFi space is maturing gradually and may become more secure with time. Currently, its state is similar to that of initial days of online banking. In its nascence, online banking too was hitting roadblocks. But, it overcame nearly all the hindrances and is extensively used. Even today occasional mishaps occur with online banking, but we still use it.