Indexed finance thwarts hackers, 2021 set to compensate hacker victims
Indexed Finance, an Ethereum-based project that suffered a $16 million hack in 2021, has successfully thwarted two hacking attempts. Control of the project's decentralized autonomous organization (DAO) will return to its founders, with the goal of allocating the remaining treasury to hacking victims in 2021.
Lawrence Day, a former major contributor to the X (formerly Twitter) thread, detailed the efforts of the indexed community to defeat two hacking attempts on the rest of the DAO treasury. Both attackers acquired a large amount of the protocol's NDX token and intended to control the DAO's roughly $120,000 worth of digital assets through malicious intent.
In an apparent effort to remain anonymous, the first proposal, which had no title or description, gathered Day and other members of the community to vote against the indexed DAO. The striker's proposal nearly passed within an hour, but enough “no” votes were cast to prevent it from passing.
OK, so here's what happened to the index DAO.
Debris can be seen in the Tally panel below.
This is a long thread, but I want to record it somewhere pic.twitter.com/wRTRZZcwhm
— Lawrence, Powered by Paradigm (@functi0nZer0) November 25, 2023
However, because the indexed group must clearly coordinate dissenting voices, Day anticipates a copycat attack. Additionally, as Day detailed in the lawsuit, additional exposure could put funds at risk if the DAO's treasury falls under unfriendly control.
To address the threat of a follow-on attack, the indexed DAO approved a “poison pill” proposal, giving it the power to burn remaining treasury funds if necessary to fend off attackers.
RELATED: Azuki Dao turns into ‘Bean' as he drops lawsuit against founder
In the expected second attack, the attacker initially wanted to negotiate 50% of the remaining treasury as revealed in the chain messages. Informative founder Dillon Kellar responded by offering $10,000 worth of DAI and warned that if the attacker refused, he would burn the entire treasury.
With only four hours to go before Keller's ultimatum and an attempt to renegotiate for $17,000, the striker gave in to the original offer and dropped the tricky proposal. Authority over The DAO now reverts to the multi-sig controlled by Day, Kellar and unnamed co-founder PR0, which plans to compensate hack victims in 2021 using remaining treasury funds.
Magazine: Are DAOs Overhyped and Dysfunctional? Lessons from the front lines
