TL;DR
- AirDAO Heist: On March 21, 2024, AirDAO reported the theft of 35.2 million AMB tokens and 125.51 ETH from its AMB/ETH Uniswap liquidity pool due to a phishing scam, amounting to a loss of roughly $875.4 million.
- Response and Recovery: AirDAO responded quickly by notifying the community and offering a 10% ‘white hat hacking fee’ for the return of the assets, while also collaborating with law enforcement and exchanges to track the hacker.
- Security Implications: The incident highlights the persistent security risks in DeFi and the need for vigilance against sophisticated social engineering attacks, with AirDAO’s ongoing recovery efforts setting a precedent for DAOs.
AirDAO, a decentralized autonomous organization (DAO) managing the Layer 1 network Ambrosius, has reported a significant loss of digital assets due to an exploit in its AMB/ETH Uniswap liquidity pool. The incident, which unfolded on March 21, 2024, resulted in the theft of 35.2 million AMB tokens and 125.51 ETH, translating to a staggering loss of approximately $875,393.9 million.
The AirDAO team has identified a theft of 35.2m AMB tokens and 125.51 ETH from our AMB/ETH Uniswap pool. We are working with exchanges and relevant authorities to identify the hacker and retrieve all stolen funds. If the hacker returns the funds immediately we will pay a white… pic.twitter.com/lGWrT6ZCWJ
— AirDAO (@airdao_io) March 21, 2024
The exploit was executed through a sophisticated phishing scam, where the attackers posed as a known partner of AirDAO and sent an email with a malicious attachment. Once opened, the attachment compromised the liquidity pool, allowing the unauthorized transfer of funds.
AirDAO’s swift response involved alerting the crypto community via an X post, where they described the incident as an “isolated theft” and assured stakeholders that efforts to recover the stolen funds were in full swing. The organization has been working closely with exchanges and relevant authorities to track down the hacker and retrieve the assets.
In a bid to incentivize the return of the stolen funds, AirDAO has offered a “white hat hacking fee” of 10% if the assets are returned promptly. However, they have also made it clear that non-cooperation would result in continued collaboration with law enforcement to pursue the perpetrator.
AirDAO’s Measures to Recover Stolen Funds
Blockchain security firm PeckShield has been actively monitoring the situation and reported that the hacker has already transferred the stolen assets to various exchanges, including MEXC, ChangeNow, and KuCoin. PeckShield’s analysis also revealed slightly different figures, indicating that the theft included 126.5 ETH and 41.61 million AMB, estimating the loss at $957,669.87.
As the investigation continues, AirDAO has committed to keeping the community informed about the progress and has announced plans to add more liquidity to the Uniswap LP as soon as possible. They have also reassured their users that the worst of the situation has been contained.
This incident serves as a stark reminder of the vulnerabilities present in decentralized finance (DeFi) platforms and the importance of robust security measures. It also highlights the need for constant vigilance against social engineering attacks, which have become increasingly sophisticated and difficult to detect.
As the crypto community watches closely, the outcome of AirDAO’s recovery efforts will undoubtedly set a precedent for how DAOs handle security breaches and asset recovery in the future.
