Listed Finance, an Ethereum-based mission that suffered a $16 million hack in 2021, has efficiently thwarted two hijacking makes an attempt. Management of the mission’s decentralized autonomous group (DAO) shall be returned to its founders, who purpose to allocate the remaining treasury to victims of the 2021 hack.
In a thread on X (previously Twitter), Laurence Day, a former core contributor, detailed the efforts of the Listed neighborhood in overcoming two hijacking makes an attempt on the remaining treasury of the Listed DAO. Each attackers acquired important quantities of the protocol’s NDX token and aimed to take management of the DAO’s approximately $120,000 in digital asset holdings via malicious proposals.
The preliminary proposal, missing a title or description in an obvious effort to keep away from detection, was thwarted as Day and fellow neighborhood members mobilized the Listed DAO for votes towards it. The attacker’s proposal neared approval inside an hour, however ample ‘no’ votes have been forged to forestall its passage.
Okay so this is what simply occurred to the Listed DAO
The wreckage may be seen within the Tally panel under
This can be a lengthy thread, however I need to file it someplace pic.twitter.com/wRTRZZcwhm
— laurence, backed by paradigm (@functi0nZer0) November 25, 2023
Nonetheless, because the Listed group needed to brazenly coordinate votes towards the proposal, Day anticipated the potential of a copycat assault. Moreover, as Day detailed in his thread, a further vulnerability may jeopardize funds past the DAO’s treasury if the DAO leads to unfriendly management.
To mitigate the specter of a subsequent assault, the Listed DAO accepted a ‘poison tablet’ proposal, granting them the authority to burn the remaining treasury funds if deemed obligatory to discourage potential attackers.
Upon the anticipated second assault, the assailant initially sought to barter for 50% of the remaining treasury, as revealed in on-chain messages. Listed founder Dillon Kellar responded by proposing $10,000 in DAI stablecoins which is issued by MakerDAO and warned of burning your entire treasury if the attacker refused.
With solely 4 hours left till Kellar’s ultimatum, and following an try to counter-negotiate for $17,000, the attacker accepted the unique provide and withdrew their malicious proposal. Authority over the DAO will now return to a multisig managed by Day, Kellar, and the pseudonymous co-founder PR0, with plans to compensate victims of the 2021 hack utilizing the remaining treasury funds.