Indexed Finance, the Ethereum-based project that was hacked for $16 million in 2021, has repelled two hijacking attempts and will return control of its DAO to its founders, who plan to redistribute its coffers to the victims of the 2021 hack .
In a wire on Each attacker bought large amounts of the protocol’s NDX token and tried it about $120k of digital assets that the DAO still controls through malicious proposals.
The first such proposal, which had no title or description in an apparent attempt to evade detection, was defeated After Day and others rallied the Indexed DAO community to vote against it. The attacker’s proposal came less than an hour after enough “no” votes were cast to reject it.
However, because the Indexed team had to publicly vote against the proposal, Day suspected that a copycat attack was likely to occur. Furthermore, as Day explained in his thread, an additional vulnerability could put funds outside the DAO’s treasury at risk, should the DAO fall into hostile hands.
To reduce the risk of a second attack, the indexed DAO adopted a ‘poison pill’ proposal, allowing them to burn remaining treasury money if necessary to deter an attacker.
When the second attack went as expected, the attacker initially tried to negotiate for 50% of the remaining treasury, according to messages in the chain. Indexed founder Dillon Kellar responded with an offer of $10,000 worth of DAI stablecoins and threatened to burn the entire treasury if the attacker did not accept.
With four hours to go until Kellar’s ultimatum, and after an attempted counter-negotiation for $17,000, the attacker took the original offer and canceled their malicious proposal. Control of the DAO will now revert to a multisig controlled by Day, Kellar and pseudonymous co-founder PR0, who plan to reimburse the victims of the 2021 hack with the remaining treasury money.
“We’ll deal with the red tape later, but the Indexed saga is over,” Day says Posted.
