26 November 2023
In an interesting line of events, Ethereum-based DeFi project Indexed Finance recently faced and triumphed over a dual hijack attempt of the protocol DAO’s treasury. Following this development, the project’s founders will now re-assume control from the DAO.
In a thread on X on Saturday, Laurence Day, a former executive at Indexed Finance, shared two failed hijack attempts targeted at the treasury of the project’s DAO, which is currently valued at $120,000.
According to Day, both attackers purchased a high amount of Indexed’s native token – NDX and attempted to assume control of the protocol’s treasury via malicious proposals. The first proposal, identified as Proposal 24, was without a heading or description. Being virtually unnoticeable, this proposal almost gained approval within an hour of voting.
Okay so here’s what just happened to the Indexed DAO
The wreckage can be seen in the Tally panel below
This is a long thread, but I want to record it somewhere pic.twitter.com/wRTRZZcwhm
— laurence, backed by paradigm (@functi0nZer0) November 25, 2023
However, upon detection, Day, alongside other community members, publicly rallied others to vote against the proposal and eventually thwarted the first hijack attempt.
Related Reading: HTX Recommence Operations After Temporary Halt Due to Hack
Indexed Finance Anticipates Second Attack, Emerges Victorious Again
Considering the publicity and attention surrounding the incident, the Indexed DAO suspected another attacker might attempt to replicate the same tactics to gain access to its treasury.
Therefore, the DAO passed proposal 26, identified as the poison pill, which granted them the authority to burn the assets in the treasury if considered as the only means of halting such an attack.
As suspected, another hijacker attempted to take control of the treasury and even succeeded in getting the proposal passed – proposal 27. However, proposals on the Indexed Finance platform have to be queued for 48 hours before execution.
During this time, the hijacker approached the DAO to cancel the poison pill proposals, and in return, he would take only a 50% bounty of the funds in the Treasury. However, he soon received a counter-offer from Indexed Co-founder Dillon Kellar, who offered him $10,000 DAI in exchange for canceling his proposal 27 or risk the DAO burning all the assets in the treasury.
The hijacker eventually accepted Kellar’s proposal with 4 hours remaining for the execution of the poison pill proposal, marking the successful foiling of the second hijack attempt.
Indexed Finance DAO Hands Over Treasury Control To Founders
Following the multiple hijack attempts, the Indexed Finance DAO has now ceded treasury control to Laurence Day as well as Kellar and an individual with the pseudonym PR0. Together, these three persons will manage the Treasury using a ⅔ multi-sig system.
At the time of writing, NDX trades at $0.00823, with a 24.15% decline on the last day. In tandem, the token’s daily trading volume is also down by 44.35% and valued at $2,347.