On March 6, the PeopleDAO community, created to acquire a rare copy of the US Constitution, was hacked. The damage amounted to 76.5 ETH ($120,000).
1/10
bad news:
PeopleDAO Community Treasury on @safe has recently been exploited of 76 ETH (~$120,000) via social engineering during monthly reward payout on March 6th.
This expoloit is not related to $PEOPLE token contract.
Details below:— PeopleDAO (📜, 🤝) (@The_PeopleDAO) March 11, 2023
As it became known, PeopleDAO’s accounting department mistakenly posted a link to a Google spreadsheet with a monthly payment form on a public Discord channel. The document has edit permissions. The unknown person entered the address of his wallet and the amount of payment in the amount of 76.5 ETH into it, after which he made this line invisible.
5/10
Because there are 80 transfers in the tx, 6 out of 9 multisig signers did not notice the malicious transfer, signed and executed the tx, sending 76 ETH to the hacker’s address.
txhash: https://t.co/NUGnRDS5xd
Hacker address: 0x80f751a95f678255cae9a280d4f25e5b926eae366 pic.twitter.com/OM3XGp4b5W— PeopleDAO (📜, 🤝) (@The_PeopleDAO) March 11, 2023
Subsequently, the hacker transferred 69.2 ETH to the HitBTC exchange and 7.3 ETH to Binance. Both trading platforms along with law enforcement have been notified of the incident.
PeopleDAO is also conducting an internal investigation with blockchain security experts ZachXBT and SlowMist. The community offered the hacker a cashback reward of 10% of the stolen amount. At the time of writing, he has not responded to the offer.
Separately, the team will improve accounting and train validators to work with multi-signatures.
Source: Cryptocurrency
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.