Indexed DAO to distribute remaining treasury after defeating hijack attempts
Quick Take Indexed DAO, which was hacked for $16 million in 2021, survived two hijacking attempts in recent days by attackers who sought to access the protocol’s remaining treasury. Control of the DAO will return to Indexed’s founders, who plan to distribute the remaining funds to victims of the 2021 hack.
Indexed Finance, the Ethereum-based project that was hacked for $16 million in 2021, has fended off two hijacking attempts and will return control of its DAO to its founders, who plan to redistribute the treasury to victims of the 2021 hack.
In a thread on X, former core contributor Laurence Day explained how the Indexed community rallied to defeat two attempts to hijack Indexed DAO's remaining treasury. Each attacker purchased large amounts of the protocol's NDX token and attempted to seize the roughly $120k worth of digital assets the DAO still controls through malicious proposals.
The first such proposal, which had no title or description in an apparent attempt to evade detection, was defeated after Day and others marshaled the Indexed DAO community to vote against it. The attacker's proposal came within one hour of passing before enough 'no' votes were cast to defeat it.
However, since the Indexed team had to publicly whip votes against the proposal, Day suspected that a copycat attack would likely take place. Furthermore, as Day explained in his thread, an additional vulnerability could put funds outside the DAO's treasury at risk, should the DAO fall into hostile hands.
To lessen the risk of a second attack, the Indexed DAO passed a 'poison pill' proposal, allowing them to burn the remaining treasury funds if necessary to dissuade an attacker.
When the second attack came as expected, the attacker initially attempted to negotiate for 50% of the remaining treasury, according to on-chain messages . Indexed founder Dillon Kellar countered with an offer of $10,000 in DAI stablecoins, threatening to burn the entire treasury if the attacker didn't accept.
With four hours remaining until Kellar's ultimatum, and after attempting to counter-negotiate for $17,000, the attacker took the original offer and canceled their malicious proposal. Control of the DAO will now revert to a multisig controlled by Day, Kellar, and pseudonymous cofounder PR0, who plan to reimburse victims of the 2021 hack with the remaining treasury funds.
"We'll deal with the administrative hassle later, but the Indexed saga is over," Day posted .
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Trump nominates Congresswoman Lori Chavez-DeRemer as Labor Secretary
ZKasino official misappropriated user funds and started to go long on ETH on the chain
CFTC report endorses tokenizing trading collateral