“Ask and it will be given to you,” says Jesus in the Sermon on the Mount. It really can be as simple as the decentralized crypto project PeopleDAO found out painfully: A smartass entered himself into the payout table – and hid this table row. This is easy because it is a common function in spreadsheet programs. The trick actually worked.
PeopleDAO regularly makes small payouts to participants. This is organized using a table created with Google Sheets. The team communicates via a Discord instance, among other things. There, one of those responsible posted a hyperlink to the Google Sheet – but in error a link that allowed the table to be edited without a password. A stranger immediately took advantage of this and added a line according to which more than 76.5 Ethereum should be transferred to a specific wallet.
He immediately hidden this line so that line 81 did not appear in a simple visual check. The data is there, but only shown if the viewer selects that.
Translated, DAO stands for decentralized autonomous organization – simply put, a form of organization that wants to manage decisions, processes and its financial resources via a blockchain. This is more difficult and risky than participants generally assume.
Of course, the transfer is not automatic. PeopleDAO has nine authorized signatories, six of whom must approve. No one noticed the “missing” line or the much too high total, reports the project itself. The crypto coins with a total value of around 120,000 US dollars went on their journey.
PeopleDAO draws these lessons
PeopleDAO has made representations to the FBI, the US Trade Commission FTC and the two crypto exchanges to which the stolen crypto coins were forwarded. The smart guy might not have been that smart after all: If the accounts on the crypto exchanges were correctly registered in his name, he should be able to be found. Most likely, the person himself is surprised at the success of his joke. At the same time, PeopleDAO offers the misleadingly labeled “hacker” a reward of ten percent if they voluntarily return the transfer.
Recommended Editorial Content
With your consent, an external survey (Opinary GmbH) will be loaded here.
Always load polls
And those responsible draw three amazing lessons: First, they want to “strictly secure” access to the table used for accounting (rather than perhaps using a more suitable system). Secondly, the signatories should check all the details before they sign (clever!). Third, they want to improve the user interface to show the total amount to be released (innovative!).
PeopleDAO is rooted in misunderstanding
PeopleDAO goes back to the ConstitutionDAO. This project raised more than $40 million in no time in 2021 to bid on one of the 13 surviving original prints of the US Constitution. It was publicly known up to what amount ConstitutionDAO would bid – the initiators had apparently not explored the mechanisms behind auctions. In the end, someone else bought the document at auction.
ConstitutionDAO evolved into PeopleDAO with the deposited cryptocoins of those donors who did not request a refund. Because the donations were made with cryptocurrency, the transfer fees were very high, so that the refund often did not pay off. Now the DAO is an incubator that wants to help build more – hopefully more successful – DAOs.
(ds)
