Indexed Finance thwarts hijackers, set to compensate 2021 hack victims

0

In a thread on X, Laurence Day, a former core contributor, detailed the efforts of the Indexed community in overcoming two hijacking attempts on the remaining treasury of the Indexed DAO.

Indexed Finance, an Ethereum-based project that suffered a $16 million hack in 2021, has successfully thwarted two hijacking attempts. The project’s decentralized autonomous organization (DAO) control will be returned to its founders, aiming to allocate the remaining treasury to victims of the 2021 hack.

In a thread on X, Laurence Day, a former core contributor, detailed the efforts of the Indexed community in overcoming two hijacking attempts on the remaining treasury of the Indexed DAO. Both attackers acquired significant amounts of the protocol’s NDX token, aiming to take control of the DAO’s approximately $120,000 digital asset holdings through malicious proposals.

The initial proposal, lacking a title or description in an apparent effort to avoid detection, was thwarted as Day and fellow community members mobilized the Indexed DAO for votes against it. The attacker’s proposal neared approval within an hour, but sufficient ‘no’ votes were cast to prevent its passage.

Nonetheless, as the Indexed team had to openly coordinate votes against the proposal, Day anticipated the possibility of a copycat attack. Additionally, as Day detailed in his thread, an additional vulnerability could jeopardize funds beyond the DAO’s treasury if the DAO ends up in unfriendly control.

To mitigate the threat of a subsequent attack, the Indexed DAO approved a ‘poison pill’ proposal, granting them the authority to burn the remaining treasury funds if deemed necessary to deter potential attackers.

Related: Azuki DAO rebrands to ‘Bean’ as it drops lawsuit against founder

Upon the anticipated second attack, the assailant initially sought to negotiate for 50% of the remaining treasury, as revealed in on-chain messages. Indexed founder Dillon Kellar responded by proposing $10,000 in DAI stablecoins which is issued by MakerDAO and warned of burning the entire treasury if the attacker refused.

With only four hours left until Kellar’s ultimatum, and following an attempt to counter-negotiate for $17,000, the attacker accepted the original offer and withdrew their malicious proposal. Authority over the DAO will now return to a multisig controlled by Day, Kellar, and the pseudonymous co-founder PR0, with plans to compensate victims of the 2021 hack using the remaining treasury funds.

Magazine: Are DAOs overhyped and unworkable? Lessons from the front lines

Leave a Reply

Your email address will not be published. Required fields are marked *

You have not selected any currencies to display

Subscribe To The Latest Crypto News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.