PeopleDAO’s tweet shows that when PeopleDAO’s community treasury multi-signature wallet on the digital asset management platform Safe (formerly Gnosis Safe) issued monthly contributor rewards on March 6, 76 ETH (approximately 12 Ten thousand U.S. dollars). This event has nothing to do with the PEOPLE token contract. PeopleDAO collects monthly contributor reward information through Google Form. The person in charge of accounting mistakenly shared a link with editing permissions in the Discord public channel. Payments to your own address and set them to be invisible. Due to the malicious concealment, the team leader did not find it during the review. After downloading the csv file with insertef data, it was submitted to Safe's CSV Airdrop tool for reward distribution. Since there were 80 transfers in the transaction, 6 of the 9 multi-signature accounts did not notice the malicious transfer, and after the transaction was signed and executed, 76 ETH were transferred to the hacker's address. With the assistance of SlowMist and ZachXBT, the team found that the attacked funds had been deposited in two exchanges, HitBTC and Binance, and contacted the two exchanges. In addition, PeopleDAO has reported this case to the US Federal Bureau of Investigation (FBI) and Federal Trade Commission (FTC), and will continue to cooperate with various parties to recover losses. PeopleDAO stated that if the hackers return the stolen funds within the next 48 hours, they will provide them with a 10% white hat bounty.
TheBlock