After a $16 million attack in 2021, Indexed Finance, an Ethereum-based enterprise, was able to successfully repel two attempts at hijacking. The founders of the project will regain control of the decentralized autonomous organization (DAO), with the intention of distributing the remaining money to the victims of the 2021 breach.
Former core member Laurence Day described in detail how the Indexed community thwarted two attempts to take control of the remaining coffers of the Indexed Finance in a post on X (previously Twitter). Both attackers obtained substantial quantities of the NDX token for the system with the intention of using fraudulent proposals to seize control of the DAO’s holdings of digital assets, which totaled about $120,000.
Indexed Finance Authorizes “Poison Pill” Proposal
The original plan was stopped by Day and other community members who organized the Indexed Finance for votes against it. The proposal had no title or description, seemingly to avoid discovery. Within an hour, the attacker’s request was almost approved, but there were enough “No” votes to stop it from passing.
But Day expected a copycat attack, given that the Indexed team had to publicly organize votes against the idea. Furthermore, if Indexed Finance ends up under hostile control, another vulnerability might put money outside of its treasury at risk, as Day explained in his post.
The Indexed Finance authorized a “poison pill” proposal, giving it the power to destroy any leftover treasury cash in order to discourage future attacks and lessen the likelihood of one. According to on-chain messages, the attacker first tried to bargain for half of the remaining treasure upon the expected second attack. In response, Indexed creator Dillon Kellar offered $10,000 in Dai tickers for just $1.00 and threatened to burn the whole treasury if the assailant refused.