DAO Maker crowdfunding platform loses $7M in latest DeFi exploit
Hackers have stolen funds out of more than 5,000 user accounts with crowdfunding platform DAO Maker, a site aimed at raising money for crypto projects.
According to a report from DAO Maker CEO Christoph Zaknun, hackers were able to remove roughly $7 million in USD Coin (USDC) from 5,251 user accounts at approximately 1:00 am UTC today. The platform said the attacker used a smart contract exploit to initially steal 10,000 USDC, then made 15 more transactions to acquire additional funds.
"One of the reasons why this did happen is probably that the amount of deposits within the [Strong Holder Offering] contract really exceeded our expectations," said Zaknun in an AMA on Twitch. "Initially, we never expected more than $2.5 million to be deposited in there, but over time, the SHOs became very popular."
DAO Maker claimed users with up to $900 in their accounts “have remained completely unaffected,” with the platform moving the funds into different wallets. However, the project said it would be suspending all deposits pending a full Root Cause Analysis.
Blockchain intelligence firm CipherBlade is conducting an investigation into the hack and has identified a Binance account associated with the attacker. The platform also said it would be exploring compensation for all affected users.
Despite the name, DAO Maker has no apparent connection to MakerDAO, the decentralized finance, or DeFi, protocol behind the stablecoin Dai (DAI).
The attack on the crowdfunding platform comes following one of the largest hacks in the DeFi space. This week, an unknown person used an exploit on cross-chain protocol Poly Network to remove at least $600 million from three chains.
Related: Poly Network hacker returns less than 1% of the $600M theft
In a bizarre twist, the hacker has since returned $258 million of the funds and spoken with Poly Network users directly in a Wednesday AMA using embedded messages in Ethereum transactions. They seemed to have not had a plan to transfer the funds after successfully stealing them, and claimed to do the hack “for fun” because “cross-chain hacking is hot.”