Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
When PeopleDAO’s community treasury multi-signature wallet on the digital asset management platform Safe (formerly Gnosis Safe) distributed monthly contributor rewards on March 6, 76 ETH (approximately $120,000) were stolen by hackers through social engineering attacks. This event has nothing to do with the PEOPLE token contract. PeopleDAO collects monthly contributor reward information through Google Form. The person in charge of accounting mistakenly shared a link with editing permissions in the Discord public channel. Payments to your own address and set them to be invisible. Due to the malicious concealment, the team leader did not find it during the review. After downloading the csv file with insertef data, it was submitted to Safe's CSV Airdrop tool for reward distribution. With the assistance of SlowMist and ZachXBT, the team found that the attacked funds had been deposited in two exchanges, HitBTC and Binance, and contacted the two exchanges. Attack method (per SlowMist): Permission Stolen. Reported loss: 76 ETH.
- chain
- —
- protocol
- PeopleDAO
- bug_class
- social-engineering
- date_occurred
- 2023-03-06
- loss_usd
- —
- source_id
- sm:peopledao::2023-03-06