- Several bugs led to the exploit at once
- PeopleDAO offered the hacker a 10% reward.
- scammer pTransferred all funds to two exchanges, HitBTC and Binance
The PeopleDAO crypto community was hacked and lost about 76.5 ETH.
The development team reported that several bugs led to the exploit at once. First, the chief accountant accidentally shared a link to the form of payments in Google spreadsheets with access rights to the public channel. After that, the hacker used that access to edit the form and pasted in his address. Further, he simply made this line invisible in the form.
During the check, the developers did not see any errors and completed the translations. Thus, the fraudster received a payment of 76.5 ETH. After that, he transferred all funds to two exchanges, HitBTC and Binance. Interestingly, most (69.2 ETH) was sent to the first platform, and 7.3 ETH to another.
PeopleDAO said that it is already working on a solution to the situation. To do this, she contacted blockchain security experts such as ZachXBT and SlowMist. Also, US law enforcement agencies and the exchanges to which the funds were sent have already been notified about this incident. The company offered the hacker a 10% reward if he returned the funds, but he has not yet responded to this offer.