Combination of Errors Leads to Theft
PeopleDAO, a group formed to purchase a copy of the U.S. Constitution, has lost 76.5 ETH ($120,000) due to a social engineering hack on March 6 that targeted the project’s monthly contributor payout form on Google Sheets.
Errors in sharing access to the payout form and overlooking a hidden row in the form led to the hacker being able to insert their address and a 76.5 ETH payment. The hacker then made this row invisible on the form. The theft was not detected during the multi-signature signers’ transfer execution, and the attacker’s wallet received the payment.
PeopleDAO Working with Blockchain Security Experts to Track Hacker
PeopleDAO is now working with blockchain security experts to track the hacker and has reported the matter to U.S. law enforcement agencies, as well as the exchanges used by the hacker. The team is taking steps to improve accounting and multi-signature education, embracing tools built on Safe to prevent a repeat occurrence. A 10% white hat bounty has been offered to the hacker for returning the funds, but as of reporting, there has been no response.
Source: TheBlock