Indexed DAO to distribute remaining treasury after defeating hijack attempts


Indexed DAO to distribute remaining treasury after defeating hijack attempts

Indexed Finance, the Ethereum-based project that was hacked for $16 million in 2021, has fended off two hijacking attempts and will return control of its DAO to its founders, who plan to redistribute the treasury to victims of the 2021 hack.

In a thread on X, former core contributor Laurence Day explained how the Indexed community rallied to defeat two attempts to hijack Indexed DAO’s remaining treasury. Each attacker purchased large amounts of the protocol’s NDX token and attempted to seize the roughly $120k worth of digital assets the DAO still controls through malicious proposals.

The first such proposal, which had no title or description in an apparent attempt to evade detection, was defeated after Day and others marshaled the Indexed DAO community to vote against it. The attacker’s proposal came within one hour of passing before enough ‘no’ votes were cast to defeat it.

However, since the Indexed team had to publicly whip votes against the proposal, Day suspected that a copycat attack would likely take place. Furthermore, as Day explained in his thread, an additional vulnerability could put funds outside the DAO’s treasury at risk, should the DAO fall into hostile hands.

To lessen the risk of a second attack, the Indexed DAO passed a ‘poison pill’ proposal, allowing them to burn the remaining treasury funds if necessary to dissuade an attacker.

When the second attack came as expected, the attacker initially attempted to negotiate for 50% of the remaining treasury, according to on-chain messages. Indexed founder Dillon Kellar countered with an offer of $10,000 in DAI stablecoins, threatening to burn the entire treasury if the attacker didn’t accept.

With four hours remaining until Kellar’s ultimatum, and after attempting to counter-negotiate for $17,000, the attacker took the original offer and canceled their malicious proposal. Control of the DAO will now revert to a multisig controlled by Day, Kellar, and pseudonymous cofounder PR0, who plan to reimburse victims of the 2021 hack with the remaining treasury funds.

“We’ll deal with the administrative hassle later, but the Indexed saga is over,” Day posted.


Leave A Reply

Your email address will not be published.