Sep 29, 2022 Toghrul Aliyev

Opium Network has detected an attack that can empty multiple DAOs funds

On September 28, 2022, Opium Network detected an attack on the Gnosis Guild’s Reality module also known as the DAOModule. The Reality module allows Snapshot voting, which is done off-chain, to be settled on-chain. To achieve this, the bond (in ETH or other cryptocurrencies) is sent to the reality.eth oracle along with the hashes of the transactions that will be performed and the snapshot voting hash as a stake for the accuracy of the supplied data. By posting a larger bond or submitting the data to arbitration for confirmation, submitted data might be contested. The data is propagated for execution on behalf of the DAO if it is never contested.

As the team claims, the attack attempted to push a fraudulent proposal on the Opium Network DAO. Additionally, it discovered the attackers’ wallet address. 0.1 ETH was taken out of Aztec Network by the fraudulent actors. Then, they launched an assault on the initial victim, possibly at Xave Finance, whose timeout for the proposition challenge was set at one hour. The victim's safe was consequently broken into and 7.5 ETH were taken.

After stealing 7.5 ETH, the attackers used half of the funds to post a bond on another six DAOs. All other DAOs that are under attack, as claimed by the Opium Network, still have time to save whatever assets they may still hold. The DAO with the highest risk, possibly Ntropika Labs, has 12 hours left to react to the malicious proposal, at the time of writing the article. It is more likely that the next four impacted DAOs are NFT guilds. They all have less than six days to respond to the nefarious proposals. 

At the time of writing the article, none of the DAOs responded to this matter. 

 

Recent news:

Video Tutorials