Indexed Finance, known for its Ethereum-based project, has recently overcome two aggressive takeover attempts on its Decentralized Autonomous Organization (DAO). This triumph comes after the organization’s troubling history, marked by a substantial $16 million hack in 2021. The Indexed DAO, now out of imminent danger, is preparing to redistribute its treasury funds, focusing on compensating victims of the previous hack.
The battle against malicious proposals
Laurence Day, a former core contributor, recently shared on a thread on X how the Indexed community came together to thwart two attempts to hijack the remaining treasury of the Indexed DAO.
The first threat to the Indexed DAO emerged when an attacker, holding a considerable amount of the protocol’s NDX token, initiated a stealthy proposal aimed at seizing control of the organization. This proposal, conspicuously devoid of a title or description, was nearly successful in eluding detection. However, the Indexed community, spearheaded by former core contributor Laurence Day, acted with alacrity. Rallying together, they garnered enough opposition votes to block the proposal just an hour before its potential passage.
The team implemented a defensive strategy to anticipate further attacks, particularly exploiting a vulnerability that could jeopardize funds beyond the immediate treasury. They introduced a ‘poison pill’ proposal, a radical approach allowing for the burning of treasury funds to deter future attacks.
Indexed Finance negotiations and resolution
The Indexed DAO’s foresight proved accurate as a second attack surfaced. In this instance, the attacker, emboldened by their holdings, sought to negotiate for a substantial share of the treasury. Dillon Kellar, one of Indexed’s founding members, responded with a strategic counteroffer – about $10,000 in DAI stablecoins—accompanied by an ultimatum to burn the entire treasury if not accepted. The attacker acquiesced to Kellar’s terms as the deadline approached, accepting the offer and retracting their proposal.
Following these episodes, the Indexed team shifted their defense strategy to restitution. They canceled the ‘poison pill’ proposal and instead transitioned control of the timelock to a multisig system controlled by Day, Kellar, and the pseudonymous co-founder PR0 to enhance security and stabilize governance.
Moving forward: Healing and rebuilding trust
As Indexed Finance transitions from its defensive stance, the focus is now on healing and rebuilding trust within the community. This recent episode not only underscores the resilience and unity of the Indexed DAO but also highlights the dynamic nature of security and governance challenges in the decentralized finance (DeFi) space.
With the threats successfully neutralized and plans in place to compensate the victims of the 2021 hack, Indexed Finance is poised to enter a new chapter.