FriesDAO Hacked for $2.3 Million in the Latest Profanity Exploit
Unidentified thieves have stolen $2.3 million in FRIES tokens from FriesDAO by accessing their ‘deployer wallet.’
FriesDAO Becomes Victim of Hackers Loses $2.3 Million
This month has seen a lot of hacks and attacks, and October seems to be a particularly bad month for cryptocurrency ventures.
With only three days left, October 2022 will be remembered as “Crypto Hackers Month,” which is bad news for cryptocurrency investors. October is expected to be the worst month for digital assets lost in breaches.
FriesDAO notified its community of the hack via a tweet:
“It has come to our attention that the refund deployer contract was taken advantage of and managed to obtain FRIES tokens, which were later returned for USDC and sold to the Uniswap pool. This is an ongoing investigation; The exploiter is invited to contact us for a dialogue.”
What is FriesDAO?
FriesDAO (Franchise and Restaurant Integrated Efficiently and Systematically) is an Ethereum-based DAO attempting to acquire fast food restaurants. FriesDAO will attempt, for the first time in history, to combine blockchain-based governance with the real-world operations of well-known franchise brands.
FriesDAO intends to buy and scale fast food restaurant franchises such as Poppy’s, Burger King, and Taco Bell by inviting holders of the FRIES token to operate a decentralized network of quick service restaurants or QSRs.
FriesDAO Fell Victim to the Latest Crypto Exploit
The exploit resulted from hackers gaining control of FriesDAO’s “deployer wallet”. The hackers then took possession of many FRIES, the project’s governance token. Using his access to the employer’s wallet, the criminal stole additional tokens from a staking pool. CertiK calculated that the stolen tokens were sold for $2.3 million in stablecoins held at the hacker’s address.
The deployer wallet for FriesDAO was built using Profanity, a wallet-generation tool known to contain a critical flaw. Last month, security analysts at 1Inch found that malicious hackers could calculate the private keys of vanity addresses issued by Profanity to steal crypto.
Following the publication of 1 Inch, hackers took advantage of a vulnerability to steal $160 million in crypto assets from market maker Wintermute. FriesDAO has been attacked in a way that is familiar to crypto investors. Investors are concerned about whether the DeFi platform is following the recommended security procedures in light of the incident.
The attack could have been prevented, as the profanity vulnerability has been public knowledge for more than a month. CertiK calls on all Web3 projects that have used profanity tools to quickly transfer control of any assets held in affected wallets to securely generated addresses.
October Becomes the Worst Month For Crypto Hacks
Chainalysis released a hacking report in mid-October. At the time, October was the worst month for crypto-related crimes, with total losses exceeding $718 million. Since then, this figure has increased and is currently close to one billion.
On October 11th alone, there were four crypto hacking incidents with a total value of approximately $122 million. Using a smart contract, the hackers stole $200,000 in cryptocurrency from Rabi Wallet, $1.89 million from QANplatform’s Ethereum Bridge, $2 million from TempleDAO, and $118 million from Solana-native Mango Markets.
Experts estimate that millions of dollars worth of coins and tokens are stolen every day, even though it has been several years since the digital currency sector emerged and gained global appeal.