PeopleDAO gets hacked through Google Sheets
PeopleDAO, a group created to purchase a copy of the United States Constitution, has been hacked. In addition, there has been an enormous theft of $120,000. The hacker accessed the project’s Google Sheets monthly contribution payout form.
According to the team members’ views, this successful hacking resulted from numerous human errors. According to credible sources, it began when the accounting manager inadvertently released a link to the pay-out form on a public channel of the project’s Discord Server, allowing for the form’s alteration. It is believed that the hacker took advantage of the form’s ability to be edited and entered their address along with a 76.5 ETH transaction. The row was subsequently made invisible.
Consequently, this very row that was made invisible happened to have been overlooked by the team members. There was also no identification made by the multi-signature signers responsible for the transfer implementation after the data from the form was forwarded to the airdrop tool on Safe. Through this, the hacker could pull out the 76.5 ETH payment from his wallet. This ether was then forwarded by him to two separate centralized exchanges, one being HitBTC and the other being Binance. The amounts received by both of these exchanges were 69.2 ETH ($110,000) and 7.3 ETH, respectively.
According to information obtained from the PeopleDAO headquarters, they have hired the help of blockchain security specialists like ZachXBT and SlowMist in order to determine what exactly happened and who the hacker was. Also, the team took the initiative to make sure that the US Law Enforcement Agencies knew about both the planning and the execution of the activity. In case the hacker decides to pay back the money, PeopleDAO has offered him a 10% white hat bounty as a side note. But there hasn’t been a response from the other side.
At the present moment in time, the team members happen to be in the process of working out suitable and effective measures in order to ensure no repetition of the occurrence takes place in the future. To achieve this, they are looking into ways and means of enhancing their accounting as well as multi-signature methods. For this, they happen to be adopting the tools created on Safe that help enhance the overall signer experience. It will also organize demo sessions with the team members regarding effectively utilizing the adopted tools to avoid any scope for repetition.