PeopleDAO hack so dumb it’s almost funny
Unbelievably, PeopleDAO used a Google Sheet to handle automatic payrolls and linked to it in a public Discord server with edit access.
All the
hacker had to do was insert their own address with a payment due of 76.5ETH — and then make that info invisible.
PeopleDAO, formerly
ConstitutionDAO, was formed in Nov 2021 to purchase a rare original copy of the U.S. Constitution only to be outbid by a billionaire after disclosing their max bid publicly.
ConstitutionDAO failed in another way: they had no clear mechanism to unwind the individual contributions, causing massive gas losses in the process.
They should’ve used better tools. In DeXe’s DAO builder, payroll is done via proposals and voting — like all DAO governance is meant to be done. And integration with any other DeFi protocol is done automatically.
Read more »
here
