This time, one of the decentralized autonomous organizations (DAO) was targeted in the cryptocurrency market. According to security firm CertiK, FriesDAO’s Profanity-built wallet has been hacked. CertiK says the damage in the altcoin hack incident was $2.3 million. DAO’s distributor wallet was created with an insecure tool called Profanity.
This time, the hacked altcoin project was FriesDAO.
An unknown attacker stole $2.3 million in tokens from a decentralized autonomous organization called FriesDAO. October seems to be a particularly bad month for crypto projects. This attack also came amid a series of attacks and abuses this month.
The hack started when the hacker took control of FriesDAO’s ‘distributor wallet’. The attacker then took control and transferred a large amount of FRIES, the project’s management tokens. The perpetrator also exploited their access to the issuer wallet by draining other tokens from a stake pool. Security firm CertiK estimates that the stolen tokens were sold for $2.3 million in stablecoins held at the hacker’s address. FriesDAO informed users of the hack:
We discovered that the redemption distribution agreement was exploited and managed to get FRIES tokens which were then returned for USDC and sold to the Uniswap pool.
CertiK: It was possible to prevent this attack
FriesDAO’s distributor wallet was created using Profanity, a wallet creation tool. Profanity is known to contain a critical vulnerability. cryptocoin.com Last month, security analysts at 1inch found that private keys of private addresses generated through Profanity can be calculated by malicious hackers to steal funds. After 1inch, hackers exploited the vulnerability to steal $160 million worth of crypto assets from market maker Wintermute.
FriesDAO also relied on Profanity to generate the distributor wallet address. According to CertiK, due to the vulnerability, the hacker extracted the private key of the wallet to move the funds out. The security firm said in a statement that FriesDAO’s exploit could have been avoided if the team had been more diligent and had changed the deployer’s address in time. CertiK underlined the following in a statement regarding the attack:
This attack could have been prevented. Because the Profanity vulnerability has been known to everyone for over a month. CertiK calls on all Web3 projects that use the Profanity tool to instantly transfer control of assets held in affected wallets to securely generated addresses.
