Crypto hack: he shares a bad link and collects 76 ETH

Tweet from PeopleDAO announcing the hack

A small mistake that costs a lot – If you follow cryptocurrencies closely, you unfortunately know all too well what is to come. A new protocol Challenge fell prey to a hack. It is precisely PeopleDAO who was the victim of a misappropriation of 76ETH.

Contents

PeopleDAO robbed of $120,000

PeopleDAO is a decentralized autonomous organization operating on the Ethereum blockchain. This group was formed with the objective of redeeming a copy of the United States Constitution.

On March 11, PeopleDAO teams announced sad news. Indeed, the treasury of the protocol was exploited and 76ETHeither $120,000were stolen.

Tweet from PeopleDAO announcing the hack
PeopleDAO announces the hack – Source: Twitter

PeopleDAO directly wanted to reassure PEOPLE token holders. The protocol said the attack was unrelated to the token’s contract.

>> A safe platform to buy your cryptos? Register on PrimeXBT (commercial link) <<

A social engineering attack enabled by mishandling

Unlike most DeFi hacks, PeopleDAO was not exploited due to a flaw in one of its smart contracts. In fact, the protocol uses a monthly google sheet spreadsheet to collect information about the monthly rewards of its contributors.

“The accounting manager mistakenly shared a link with edit access in a public Discord channel. The hacker got the editor role via the link. »

PeopleDAO Statement

After accessing the spreadsheet, the attacker took advantage of his edit right to add a payment of 76 ETH to his own address. He then made the line invisible so that the change would not be detected.

“The modification being hidden, the team leaders did not identify it during the recheck. The csv file containing the insert data was then uploaded and submitted to the CSV Airdrop tool in Safe to distribute the reward. »

PeopleDAO Statement

This modification was also not detected at the time of the signing of the transaction by 6 of the 9 signatories of the multsig. Result: the treasury carried out the transfer of 76 ETH on the address of the attacker.

PeopleDAO in pursuit of its hacker

Now PeopleDAO is working in conjunction with SlowMist and the crypto-investigator ZachXBT to trace the funds. According to initial analyses, the funds were transferred on the platforms Binance And HitBTC. In addition, they reported the fraud to the FBI and the Federal Trade Commission (FTC).

At the same time, PeopleDAO offered a reward 10% of the amount, i.e. 7.6ETH, to the hacker if he returned the funds. However, it would seem that the latter did not make contact within the allotted 48 hours.

This is unfortunately not the only hack of this beginning of the week. In fact, the protocol Euler Finance was the target of a major hackwhich led to the loss over $190 million.

Hacks are unfortunate hazards, but not inevitable… Play it safe and register now on the PrimeXBT platform (commercial link).

Last Verdict

To get more updates about the insurance you can follow our website or can bookmark it.

Leave a Reply

Your email address will not be published. Required fields are marked *