[ad_1]
TL;DR
On Could 18, the Twister Money DAO unintentionally voted in a malicious proposal.
In brief, the attacker submitted a proposal which was authorised to be voted on, after which the sneaky attacker activated a ‘self-destruct perform’ which changed the unique proposal with a brand new, malicious one, giving them full management of the votes.
Then yesterday, the attacker made a brand new proposal to doubtlessly “restore the state of Governance.”
Did the attacker wish to shine mild on the challenge and pump up the worth of TORN? Or had been they offering a get up name for DAOs to do extra in-depth audits of the proposals despatched to them?
Full Story
Late final week, some loopy issues occurred with the Twister Money challenge.
Twister Money is legendary for issues like being banned by the US Authorities.
Suffice to say it is controversial at the most effective of occasions (it is a ‘mixing service’ on the Ethereum community which mainly makes your crypto untraceable) however buckle up trigger this story is wild.
On Could 18, the Twister Money DAO unintentionally voted in a malicious proposal.
This man explains it manner higher; however briefly, the attacker submitted a proposal which was authorised to be voted on, after which the sneaky attacker activated a ‘self-destruct perform’ which changed the unique proposal with a brand new, malicious one, giving them full management of the votes.
They had been then capable of grant themselves 1.2M TORN (that are Twister Money DAO’s governance tokens) from the governance contract.
They swapped 380,000 TORN tokens for 372 ETH and – get this – ran it again by way of Twister Money to make it untraceable!
By preserving the opposite 820k TORN tokens, they nonetheless have full management over the DAO – it is a hostile takeover if we have ever seen one.
Then yesterday, the attacker made a brand new proposal to doubtlessly “restore the state of Governance.”
Which led some individuals to consider this has all been a ploy to place the token within the highlight, boosting it is value.
On the time of this writing, TORN is down over 30% so if that was the case, it is definitely not working too nicely…
The extra seemingly situation is that the attacker needed to supply a get up name for DAOs to do extra in-depth audits of the proposals despatched to them.
(And possibly not permit proposals with a ‘self-destruct perform’ constructed into them?)
[ad_2]
Source link
