Build Finance DAO suffered a “hostile governance takeover” in the last few days and lost nearly $470,000 in funds.
In Brief:
- The perpetrator tricked DAO members to gain control over DAO’s treasury and its ability to mint tokens.
- The perpetrator stole BUILD and METRIC tokens worth $470K.
- Build Finance is in the process to contact the perpetrator to recover funds.
An anonymous person gained control of DAO’s treasury and its ability to mint tokens after using a large supply of tokens in DAO’s voting.
“As things stand, the attacker has full control of the governance contract, minting keys and treasury. The DAO no longer has control over any part of the key infrastructure,” said Urbane Grandier, a member of Build Finance’s core team, in its Discord server.
“It is with deep regret that we have to inform the community of this total and irrecoverable loss of BUILD DAO treasury assets through the deeds of one malicious actor,” they added.
Decentralized venture builder, Build Finance aimed at the future decentralized projects to incentivize them with BUILD tokens, which ultimately helps venture to grow the ecosystem.
Initially, only 100,000 tokens were available. After that, the community was able to mint more tokens as per their requirements. The entire project is maintained by DAO members, which take collective decisions via voting.
On Feb 9, Build Finance moderator 0xSHA2 tricked DAO’s members through making a fraudulent proposal and convinced them to vote against the proposal. The proposal was created by Suho.eth which has failed intentionally.
The perpetrator transferred their governance tokens to a different address and tried again. However, the proposal was kept unnoticeable on the Discord server that ultimately passed on Feb 10.
After getting full control over DAO, the perpetrator minted 1.1 million BUILD tokens and drained the majority of the funds from Balancer and Uniswap.
Furthermore, he stole 130,000 METRIC tokens from the project’s treasury and sold them as well as minted 1 billion BUILD tokens.
Following most cyberattacks, the perpetrator sent the major fund to Tornado Cash. That allowed the perpetrator to swap tokens with 160 ETH.
Build Finance is in the process to contact the perpetrator to recover funds and in search of a new way to survive.
“We would welcome a discussion in the discord with community members about the way to move forward from this but it is difficult to see a future for BUILD with only its brand recognition and IP assets, and no liquid treasury,” said Grandier.
Decentralized platforms are still in their infancy and many DAO lack security of funds. Recently Badger DAO lost more than $120M in a front-end hack.
