This time, one of the decentralized autonomous organizations (DAO) was targeted in the cryptocurrency market. According to security firm CertiK, FriesDAO’s wallet built with Profanity has been hacked. CertiK says the damage in the altcoin hack incident was $2.3 million. DAO’s distributor wallet was created with a non-faithful tool called Profanity.
This time, the hacked altcoin project was FriesDAO.
An unknown attacker stole $2.3 million in tokens from a decentralized autonomous organization called FriesDAO. October seems to be a particularly lousy month for crypto projects. This attack came amid a series of attacks and abuses this month.
The hack started when the hacker took control of FriesDAO’s ‘distributor wallet’. The attacker then took control and transferred the project’s administration tokens, largely FRIES. The perpetrator also exploited their access to the distributor wallet by dumping other tokens from a stake pool. Security firm CertiK claims that the stolen tokens were sold for $2.3 million in stablecoins held at the hacker’s address. FriesDAO informed users of the hack:
We discovered that the redemption distribution agreement was exploited and managed to get FRIES tokens, which were later returned for USDC and sold to the Uniswap pool.
CertiK: It was possible to prevent this attack
FriesDAO’s distributor wallet was created using Profanity, a wallet creation tool. Profanity is known to contain a critical vulnerability. Koindeks.com As you follow, last month, security analysts at 1inch found that private keys of private addresses generated through Profanity can be calculated by malicious hackers to steal funds. After 1inch, hackers exploited the vulnerability to steal $160 million worth of crypto assets from market maker Wintermute.
FriesDAO also relied on Profanity to generate the distributor wallet address. According to CertiK, due to the vulnerability, the hacker extracted the private key of the wallet to move the funds out. The security firm said in a statement that FriesDAO’s exploit could have been avoided if the team had been more diligent and had changed the address of the deployer in a timely manner. CertiK underlined the following awe in its statement regarding the attack:
This attack could have been avoided. Because the Profanity vulnerability has been known to everyone for more than a month. CertiK invites all Web3 projects that use the Profanity tool to instantly transfer control of assets held in affected wallets to addresses created in a fiduciary form.