Since the beginning of one of the harshest crypto winters, investors have been inundated with negative news. FriesDAO has been compromised. Unknown assailants have stolen $2.3 million in tokens from FriesDAO, a decentralized autonomous organization. This comes amid a rush of breaches and attacks this month, as October appears to be an especially awful month for cryptocurrency ventures.
October 2022 will go down in history as “crypto hackers month” With three days remaining, the situation for crypto investors has become bleak. October is projected to be the worst month ever for digital assets lost in breaches, highlighting the hazards of decentralized finance.
What is FriesDAO?
FriesDAO (Franchises & Restaurants Integrated Efficiently & Systematically) is an Ethereum-based DAO attempting to acquire fast food restaurants. FriesDAO will seek to combine blockchain-based governance with the real-world operations of well-known franchise brands for the first time in history.
FriesDAO intends to purchase and scale fast food restaurant franchises such as Popeye’s, Burger King, and Taco Bell by inviting holders of FRIES tokens to operate a decentralized network of Quick Service Restaurants or QSR.
FriesDAO falls victim to the latest crypto exploit
The exploit was the result of the hacker acquiring control of the “deployer wallet” of FriesDAO. The hacker then moved a huge quantity of FRIES, the project’s governance tokens, to their possession.
Using their access to the deployer’s wallet, the criminal stole additional tokens from a staking pool. CertiK calculated that the stolen tokens were sold for $2.3 million in stablecoins kept at the hacker’s address. In the official statement, FriesDAO noted:
It has come to our attention that the refund deployer contract was exploited and managed to obtain FRIES tokens which were subsequently refunded for USDC and sold into the Uniswap pool.
FriesDAO
The deployer wallet for FriesDAO was built using Profanity, a wallet-generation tool known to include a significant flaw. Last month, security analysts at 1inch discovered that malevolent hackers could calculate the private keys of vanity addresses issued by Profanity in order to steal crypto.
Following 1inch’s publication, hackers exploited the vulnerability to steal $160 million in crypto assets from market maker Wintermute. FriesDAO has been attacked in a manner all too familiar to crypto investors. Investors are concerned about whether or not DeFi platforms observe recommended security procedures in light of the incident.
This attack was preventable, as the Profanity vulnerability has been public knowledge for over a month. CertiK calls on all Web3 projects which have used the Profanity tool to immediately transfer control of any assets held in affected wallets to securely-generated addresses.
Certik
FriesDAO’s deployer wallet address was likewise generated using Profanity. According to CertiK, the hacker used the vulnerability to steal the private key from the wallet and withdraw cash. The security firm asserts that the FriesDAO exploits might have been averted if the team had been more vigilant and promptly replaced the deployer’s address.
October becomes the worst month for crypto hacks
Chainalysis released a hacking report in mid-October. At that time, October was projected to be the worst month ever for crypto-related crimes, with total losses exceeding $718 million. Since then, the figure has increased and is currently close to one billion.
On October 11 alone, four crypto hacking incidents with a total value of around $122 million occurred. Using a smart contract, hackers stole $200,000 in cryptocurrency from Rabby Wallet, $1.89 million from QANplatform’s Ethereum bridge, $2 million from TempleDAO, and $118 million from Solana-native Mango Markets.
In the crypto sector, attack vectors range from exploiting bridges. This blockchain-based tool enables users to transact between networks, to market manipulation, where unscrupulous traders use millions of dollars to move thinly-traded markets in their favor in order to earn multiples of the initial capital deployed.
This year will undoubtedly surpass 2021 as the most prolific year for hacking, according to analysts from Chainalysis. Through 125 attacks, hackers have amassed almost $3 billion to date.
The fact that hacks and thefts have not entirely upended the world of digital tokens is a testimonial to the appeal of the crypto market and the attention of many investors. Experts estimate that millions of dollars worth of coins and tokens are stolen every day, despite the fact that it has been years since the digital currency field emerged and acquired global appeal.
