Late last month, FriesDAO, the organization that made a splash when it raised over $5 million via a token offering earlier this year, saw its treasury raided and drained by a hacker.
According to a postmortem created by the DAO’s admins, hackers were able to access the DAO’s treasury and take all of the group’s USDC tokens:
On October 27th, 5:58PM UTC, friesDAO contracts were exploited by an attacker taking control of our own deployer address through a profanity attack vector. The hacker was able to drain the treasury of its USDC through the refund contract, drain the FRIES tokens in the staking contract, subsequently selling it all into the Uniswap pool.
The document goes pretty deep into crypto-speak to explain what happened, but the bottom line is a hacker was able to access the DAOs treasury via a crypto exploit called the Profanity flaw. There have been a number of Profanity-exploit related crypto hacks over the past couple of months and, unfortunately for FriesDAO, they are one of the latest.
The news looks like a potentially crippling blow to the DAO, which had been deep in negotiation to buy its first restaurant. Those within the DAO are continuing to try and figure out who stole the funds and figure out next steps, but things are not looking good. The overall tenor in the group’s Discord is one of resignation as they try to figure out if they can salvage the acquisition, start anew by raising new funds, or if they should just take their losses and move on.
It’s a huge bummer for an innovative organization that looked like it would be the first to create the world’s first DAO-owned restaurant. More broadly, this type of news will no doubt potentially plant seeds of doubt among decision makers at bigger brands who had been evaluating moves into the world of Web3.