Decentralized autonomous venture builder, Build Finance DAO underwent a “hostile governance takeover” recently, resulting in the loss of around $470k in funds, according to a Twitter announcement today. In a series of tweets, the platform revealed how over the last few days, an unknown actor managed to grab a large supply of tokens to vote through a proposal enabling them to gain full control over the DAO’s treasury and its ability to mint tokens.
Urbane Grandier, a member of Build Finance’s core team, in its Discord server said, “As things stand, the attacker has full control of the government contract, minting keys, and treasury. The DAO no longer has control over any part of the key infrastructure.”
“It is with deep regret that we have to inform the community of this total and irrecoverable loss of BUILD DAO treasury assets through the deeds of one malicious actor,” they added.
Build Finance’s governance incident
The platform’s moderator 0xSHA2 on February 9 posted a message in the Discord server that said someone had made a proposal if passed, would allow them to mint tokens unabated. The moderator encouraged token holders to vote against the proposal.
According to the tweet thread, this proposal was made by a wallet named Suho.eth. This proposal however failed.
Despite that, the perpetrator was able to send their governance tokens to a separate wallet This time the proposal went unnoticed and was not tracked down by the Discord server’s bot [which would detect proposals and put them in a dedicated channel].
Following that, the malicious attacker was able to create 1.1 million BUILD tokens for themselves. They again stole another 130,000 METRIC tokens from the project’s treasury, sold them, and minted a further 1 billion BUILD tokens.
Since then, the perpetrator was able to send a large number of funds to the mixer Tornado Cash. The stash transferred added up to nearly 160 ETH, which as per estimates put the heist at around $470,000.
Following the incident, Build Finance’s team is now looking to get back the stolen assets. As per the latest update, the team is reportedly in touch with the perpetrator and devising strategies to recover the lost funds.