First, I was shocked to hear that DAO on Solana lost $230K after the ‘attack proposal’ went unnoticed…What’s the situation now? I didn’t catch up with the news.
The situation represents a fresh example of a governance failure resulting in lost funds.
For those of you who are not familiar with the latest events, Synthetify was exploited by an attacker who made and voted for public proposals in the protocol’s decentralized autonomous organization. By the time other DAO members noticed something was amiss, the funds had already been sent to Tornado Cash.
Taking advantage of the DAO’s inactivity, the exploiter created ten identical-looking proposals and used their own tokens to reach the voting quorum. Nine of the proposals were empty, but the tenth contained code that sent around $230,000 in USDC, mSOL, and stSOL to the attacker’s address, according to an X thread from the security auditing firm Neodyme.
I really didn’t expect this to come…I’m usually really careful when it comes to DAOs, and even now, when it comes to new ones, in my case, Caga Crypto, I would love to try it out, but I’m waiting to hear about some experiences first.
As Solana co-founder Anatoly Yakovenko wrote on X “Any DAO with pure token voting is just waiting to be attacked." Would you agree?