Build Finance DAO’s main contract is controlled by malefactor; loot is on its way to Tornado Cash
Contents
Build Finance, a decentralized autonomous organization (DAO), has fallen victim to a hostile takeover undertaken by Suho.eth, one of its members.
Build Finance attacker obtains $0.5 million, funds sent to Tornado Cash mixer
As per the announcement by Peckshield, a malefactor that drained the treasury and liquidity pools, started sending Ethers (ETH) to Tornado Cash mixer mechanism.
The exploiter of @finance_build has deposited 163 ether to @TornadoCash .https://t.co/FsTRPNa3Eb pic.twitter.com/crrGLSPV3z
— PeckShieldAlert (@PeckShieldAlert) February 15, 2022
The attack took place as a result of a “hostile governance takeover,” as explained in a post-mortem by the team. Suho.eth wallet submitted a series of proposals that allowed it to mint new BUILD tokens.
He/she gained enough voting power to have the proposals implemented. As a result, the attacker minted one billion BUILD and drained 130,000 METRIC tokens from the protocol’s liquidity pools.
Unfortunately, the attacker rejected offers from the Build Finance (BUILD) team:
Team members have made direct contact with the attacker but there seems to be no appetite for a dialogue, much less any reparations.
Another day, another DeFi attack
To avoid extra losses, Build Finance representatives recommended that users not buy BUILD tokens, which are available on veteran decentralized exchange KyberSwap and HotBit CEX.
Crypto markets witnessed a series of brutal attacks and “rug pulls” in February 2022. As covered by U.Today previously, yesterday, on Feb. 14, 2022, Titano Finance (TITANO) DeFi protocol was rugged by its own team.
A total of $1,900,000 were drained by attackers from Titano PLAY, a core element of Titano Finance’s smart contracts architecture.