Google Form
-
PeopleDAO Community Vault Hacked for $120k
On March 12, PeopleDAO tweets showed that when PeopleDAO’s community vault on the digital asset management platform Safe (formerly Gnosis Safe) issued a monthly contributor award on March 6, it was stolen 76 ETHs (about $120000) by hackers through social engineering attacks. This event has nothing to do with the PEOPLE token contract. PeopleDAO collects monthly contributor reward information through Google Form. The accounting principal mistakenly shared a link with editing rights in the public channel of Discord. After the hacker obtained editing rights through the link, he inserted a payment of 76 ETHs to his address in the form and set it as invisible. Due to the malicious concealment, the team leader did not find it during the review. After downloading the csv file with insertef data, it was submitted to Safe’s CSV Airdrop tool for reward distribution. Since there were 80 transfers in the transaction, 6 of the 9 multi-signature accounts did not notice the malicious transfer. After…