Indexed Finance, an Ethereum-based project that was hit by a $16 million hack in 2021, has managed to fend off two hijacking attempts. As a result, control of the project’s decentralized autonomous organization (DAO) is set to be returned to its founders, who have intentions to use the remaining treasury to compensate the victims of the 2021 hack.
Laurence Day, a former core contributor, took to X (formerly Twitter) to share the details of how the Indexed community rallied together to overcome two hijacking attempts on the remaining treasury of the Indexed DAO. Both attackers managed to acquire substantial amounts of the protocol’s NDX token and aimed to seize control of the DAO’s approximately $120,000 in digital asset holdings by making malicious proposals.
The initial proposal, which suspiciously lacked a title or description, was swiftly countered as Day and other community members mobilized the Indexed DAO for votes against it. Although the attacker’s proposal came close to approval within an hour, enough “No” votes were cast to prevent its passage.
However, because the Indexed team had to openly coordinate votes against the proposal, Day foresaw the potential for a copycat attack. Moreover, Day highlighted a further vulnerability in his thread, which could put funds at risk beyond the DAO’s treasury if it ended up in unfriendly control.
To address the possible threat of a subsequent attack, the Indexed DAO approved a “poison pill” proposal, giving it the power to burn the remaining treasury funds if necessary to discourage potential attackers.
It was revealed that the assailant in the anticipated second attack initially sought to negotiate for 50% of the remaining treasury through on-chain messages. Indexed founder Dillon Kellar responded by offering $10,000 worth of Dai (DAI) and warned of burning the entire treasury if the attacker refused.
Only four hours remained until Kellar’s ultimatum, and after an attempt to counter-negotiate for $17,000, the attacker agreed to the original offer and withdrew their malicious proposal. Consequently, control over the DAO will go back to a multisig controlled by Day, Kellar, and the pseudonymous co-founder PR0, with plans to use the remaining treasury funds to compensate victims of the 2021 hack.
This turn of events showcases the resilience of the Indexed Finance community and their ability to come together to fend off potential threats. The astute strategy employed to counter the hijacking attempts demonstrates the dedication of the project’s leaders and members to safeguard the DAO’s assets and reimburse those affected by the previous hack.
The recent developments in the Indexed Finance saga offer valuable lessons in the evolving landscape of decentralized finance and underscore the importance of robust security measures and proactive decision-making. As the project continues its journey towards recovery and restitution, it sets a significant example for other DAOs and crypto projects facing similar challenges.
+ There are no comments
Add yours