MakerDAO Responds to Dev Accusing Network of $340M Vulnerabilty

Published at: Dec. 10, 2019

The Maker Foundation has announced a series of governance polls aimed at security after software developer Micah Zoltu explained how any hacker with $20 million at their disposal could stage an attack on the MakerDAO network and steal close to $340 million.

In a Dec. 9 blog post, the Maker Foundation interim risk team announced a series of governance polls into its voting system, with one poll asking the Maker community whether the governance security module (GSM) should be upgraded from 0 seconds to 24 hours.

Earlier on Dec. 9, Zoltu had made the claim that it would cost a hacker around $20 million to attack the MakerDAO network and potentially walk away with $340 million worth of Ether (ETH) locked within the MakerDAO. Zoltu said:

“Maker DAO v2 was supposed to launch with safeguards against a hostile MKR holder stealing all collateral and potentially robbing a good chunk of Uniswap, Compound, and other systems integrated with Maker in the process. Instead, they decided not to.”

Zoltu explained that MakerDAO attempts to mitigate the threat of nefarious exploits by enforcing the GSM delay after each new contract is chosen. This safety period allows for the network to check the contract and decide whether it was malicious or not.

However, during this delay it is also possible a malicious actor with sufficient funds, could show up and vote up their own contracts programmed to steal all of the collateral. Zoltu said that it currently would take around 80,000 Maker (MKR), or about $41million, to do “just about whatever you want to the Maker contracts.” 

Zoltu further claimed that the value for the GSM delay is currently set at 0 seconds, which gives network defenders no possibilities “to defend against an attack launched by a wealthy but malicious party.”

Maker Foundation asks community whether to fix the issue

Although Zoltu stated in his blog post that Maker is not willing to give up instantaneous governance control to protect against this kind of attack, the Maker Foundation interim risk team did add a poll on the issue. 

Should the proposal to introduce the governance security module (GSM) pass, then the GSM delay would be increased from 0 to 24 hours, giving defenders ample time to prevent or fight back against a malicious attack.

Tags
Blockchain
Cryptocurrencies
Hackers
Related Posts
Report: Blockchain-related hacks have declined in 2020
The amount of cryptocurrency and blockchain-related hacks has been decreasing over the course of 2020, a new report claims. According to data analyzed by VPN provider Atlas VPN, the number of hacks in the first half of 2020 dropped more than three times compared to the same period in 2019. The data is part of a report released by Atlas VPN on Oct. 28. According to Atlas VPN, 2019 was a record-breaking year for blockchain hackers that exploited 94 successful attacks in the first half of the year, while in H1 2020 there were 31. Per the report, 2019 as …
Technology / Nov. 2, 2020
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Coin Bureau Youtube channel hacked despite 2FA protection
Coin Bureau, a popular information portal for cryptocurrency developments with over 600,000 followers on Twitter, experienced a security breach on its Youtube channel on Monday. Hackers allegedly uploaded a video with links to scam fiat/cryptocurrency addresses soliciting a token sale before being taken down by Youtube. According to Coin Bureau staff, they were baffled by the incident as its accounts were "secured with ultra-strong passwords and Google security keys." So our YouTube channel was just hacked. Have absolutely no idea how this happened. All accounts are secured with ultra strong passwords and Google security keys. @YouTubeCreators this is a serious …
Technology / Jan. 24, 2022
FTX hacker reportedly transfers a portion of stolen funds to OKX after using Bitcoin mixer
Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money. A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far. 1/ Myself and @bax1337 spent this past weekend …
Blockchain / Nov. 29, 2022