Indexed Finance Overcomes Hijacking Attempts and Plans to Return Control of its DAO
Indexed Finance, the Ethereum-based project that suffered a $16 million hack in 2021, has successfully defended against two hijacking attempts and will soon transfer control of its decentralized autonomous organization (DAO) back to its founders. The founders intend to redistribute the remaining treasury to the victims of last year’s hack.
The Battle Against the Hijackers
In a thread on X, Laurence Day, a former core contributor of Indexed Finance, detailed how the community rallied together to thwart two attempts by attackers to take control of the DAO’s remaining funds. The attackers purchased large amounts of the protocol’s NDX token in an effort to seize approximately $120,000 worth of digital assets still held by the DAO through malicious proposals.
The first proposal, which lacked a title or description in an apparent attempt to evade detection, was narrowly defeated after Day and other members of the Indexed DAO community mobilized to vote against it. The proposal came within one hour of passing before enough votes were cast against it.
A Potential Copycat Attack
Day suspected that another attack might occur since the team had publicly whipped votes against the first proposal. Additionally, Day highlighted an additional vulnerability that could put funds outside the treasury at risk if the DAO fell into hostile hands.
A Defensive Measure
To mitigate the risk of a second attack, the Indexed DAO approved a ‘poison pill’ proposal. This measure would allow them to burn the remaining treasury funds if necessary, discouraging potential attackers from making further attempts.
Negotiations and Resolution
As anticipated, a second attack took place. The attacker initially sought 50% of the remaining treasury but eventually negotiated with Indexed founder Dillon Kellar, who offered $10,000 in DAI stablecoins. Kellar threatened to burn the entire treasury if the attacker did not accept the offer.
After attempting to counter-negotiate for $17,000, the attacker ultimately accepted the original offer with four hours remaining until Kellar’s ultimatum. As a result, control of the DAO will soon be transferred to a multisig controlled by Day, Kellar, and pseudonymous cofounder PR0. Their plan is to use the remaining treasury funds to reimburse the victims of the 2021 hack.
Conclusion: Indexed Finance Resolves the Crisis
The ordeal has come to an end, according to Day’s post on X. The founders and core contributors of Indexed Finance can now focus on resolving administrative matters and ensuring that the victims of last year’s hack receive compensation.
By
By
By
By
By