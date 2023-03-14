



The PeopleDAO, a group formed to buy copies of the US Constitution, lost 76.5 ETH ($120,000) to a social engineering hack on March 6th.

According to the project team, multiple errors combined to lead to the theft. First, our accountant accidentally shared a link to a payment form with edit access to the project’s public channel on her Discord server. The hacker was able to use this edit access on the form to insert the address and her 76.5 ETH payment. The hackers then hid this line on the form.

This hidden line of the form escaped the team’s notice during the recheck. It was also not detected by multi-signature signers who performed a transfer after the data from the form was sent to Safe’s airdrop tool. So the attacker’s wallet said he received a payment of 76.5 ETH. The hacker then transferred Ether to his two centralized exchanges HitBTC and Binance, sending 69.2 ETH ($110,000) to the former and 7.3 ETH to the latter.

PeopleDAO says it is working with blockchain security experts such as ZachXBT and SlowMist to track down hackers. The team said it reported the issue not only to the exchanges used by the hackers, but also to law enforcement agencies in the United States. PeopleDAO offered hackers a 10% white hat bounty if they returned the funds. At the time of reporting, the hackers have not responded to this offer.

The team said it was taking steps to avoid similar accidents in the future. We are improving accounting and multisig education,” the team told The Block.

PeopleDAO says it plans to host demo sessions with team members on how to use these tools to prevent recurrence.

