Indexed DAO to distribute remaining treasury after defeating hijack attempts
Quick Take
- Indexed DAO, which was hacked for $16 million in 2021, survived two hijacking attempts in recent days by attackers who sought to access the protocol’s remaining treasury.
- Control of the DAO will return to Indexed’s founders, who plan to distribute the remaining funds to victims of the 2021 hack.
Indexed Finance, the Ethereum-based project that was hacked for $16 million in 2021, has fended off two hijacking attempts and will return control of its DAO to its founders, who plan to redistribute the treasury to victims of the 2021 hack.
In a thread on X, former core contributor Laurence Day explained how the Indexed community rallied to defeat two attempts to hijack Indexed DAO's remaining treasury. Each attacker purchased large amounts of the protocol's NDX token and attempted to seize the roughly $120k worth of digital assets the DAO still controls through malicious proposals.
The first such proposal, which had no title or description in an apparent attempt to evade detection, was defeated after Day and others marshaled the Indexed DAO community to vote against it. The attacker's proposal came within one hour of passing before enough 'no' votes were cast to defeat it.
However, since the Indexed team had to publicly whip votes against the proposal, Day suspected that a copycat attack would likely take place. Furthermore, as Day explained in his thread, an additional vulnerability could put funds outside the DAO's treasury at risk, should the DAO fall into hostile hands.
To lessen the risk of a second attack, the Indexed DAO passed a 'poison pill' proposal, allowing them to burn the remaining treasury funds if necessary to dissuade an attacker.
When the second attack came as expected, the attacker initially attempted to negotiate for 50% of the remaining treasury, according to on-chain messages. Indexed founder Dillon Kellar countered with an offer of $10,000 in DAI stablecoins, threatening to burn the entire treasury if the attacker didn't accept.
With four hours remaining until Kellar's ultimatum, and after attempting to counter-negotiate for $17,000, the attacker took the original offer and canceled their malicious proposal. Control of the DAO will now revert to a multisig controlled by Day, Kellar, and pseudonymous cofounder PR0, who plan to reimburse victims of the 2021 hack with the remaining treasury funds.
"We'll deal with the administrative hassle later, but the Indexed saga is over," Day posted.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
