DAO Maker Statement — Thursday, 12th of August
The rapid expansion of the DAO Maker has posed several challenges to the ecosystem. These include turbulence in project onboarding and changes to company structure.
Regretfully, we must announce that in the early hours of August 12th (approx. 1 AM UTC) DAO Maker faced malicious use of one of our wallets with access to admin privileges.
The cybercriminal, after tentatively testing this exploit and managing to steal 10,000 USDC, then proceeded to quietly make 15 more transactions.
In this manner, the hacker was able to siphon approximately $7M, until our security team was able to trace, contain and stop the drain of funds. A total of 5251 users were affected, losing $1250 USD on average per user.
Fortunately, users with up to $900 have remained completely unaffected.
We decisively moved the unaffected funds to a brand-new secure wallet, while users are still able to withdraw their funds unimpeded, should they choose to do so.
Cipher Blade, a leading blockchain forensics expert company, has been contracted and is doing everything possible to track down the criminal and return the stolen funds. They have already identified an implicated Binance account and are closely collaborating with Etherscan to learn more about the hackers' whereabouts. Additionally, all exchanges have been already informed of the hackers' wallet.
The SHO contract has always been a hotspot for potential risk, as it was used for every single SHO. This is the precise reason why DAO Maker put in place certain contingencies, such as capping the maximum individual deposit amount to $10,000 USDC.
Presently, the SHO contract has been secured in order to prevent situations like this from occurring in the future.
Pending a full RCA (Root Cause Analysis), all deposits have been deactivated.
A few words on the safety of our Vaults:
We want to assure our investors and supporters — the Vaults are safe and the hack has had no detrimental impact on our business. Absolutely no one, not even us, has the ability to upgrade the code or remove any DAO from the Vaults. As a CEO, this has always been one of my core principles for DAO Maker.
The Vault contracts themselves are standard farm contracts and were successfully audited by 4 different firms.
Over the next five days, DAO Maker will devise a set of solutions to alleviate the incurred damages and work in full force to bring the hacker to justice through the massive forensics investigation undertaken. All affected users will be informed via email and on their DAO log-in portal.
We want to thank our past and current clients who have been exceedingly supportive during this turbulent time.
Christoph Zaknun, CEO of DAO Maker