Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

AssangeDAO accused of rug pull after transferring treasury to German foundation

Julian AssangeJulian Assange (attribution)
AssangeDAO was a project created to fundraise for the legal defense of WikiLeaks founder Julian Assange, who has been fighting espionage and computer intrusion charges for over a decade, and who was imprisoned in the United Kingdom for several years. The DAO raised around $55 million, and when Assange reached a plea deal and was sentenced to time serve, around $10 million remained.

This $10 million was later sent to a German non-profit foundation called the Wau Holland Foundation, which has also been fundraising and managing funds relating to Assange's legal defense. However, this transfer raised serious concerns among some members of the DAO who say they've effectively been cut out of decisionmaking, that the funds were transferred without their approval, and allege the treasury was mismanaged and crashed in value as a result.

Hacktivist, bitcoin core developer, and AssangeDAO organizer Amir Taaki accused fellow AssangeDAO organizer: "Harry Halpin you should be honest and direct with the people here. You believe the money should be kept in a foundation controlled by your people with Julian. You do not respect the community or believe in the DAO."

Theme tags: Hmm, Rug pull, Shady business
Tech tags: DAO

Compound DAO passes $24 million proposal in alleged governance attack

A controversial proposal in front of the Compound Finance DAO has narrowly passed, granting 499,000 COMP (~$24 million, and amounting to 5% of the project's treasury) to an outside group. A Compound Finance whale, "Humpy", proposed the vote to allocate the tokens to a protocol created by a group called the "Golden Boys", which Humpy also leads. The vote was the third attempt to allocate tokens to the Golden Boys' group, after two unsuccessful votes in May and earlier in July.

Humpy has previously been accused of governance attacks on other protocols, including Balancer and SushiSwap.

Prior to the proposal's passage, some Compound Finance DAO members raised objections. "In my personal opinion, the actions of Humpy and the Golden Boys can be considered a governance attack if they persist in their attempts to take funds from the protocol in clear opposition to the will of all other Compound DAO delegates," stated Compound Finance security adviser Michael Lewellen, who also described the proposal as "a malicious attempt to steal funds from the protocol".

Afterwards, Lewellen wrote that "OpenZeppelin is working with all active delegates and Compound contributors to assess our options for protecting the protocol. We see serious risks to the future decentralization of the DAO as a result of Proposal 289 passing and so we are exploring options to mitigate or reverse this outcome."

Theme tags: Shady business
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

SushiSwap team votes to give themselves control of much of the "decentralized" project's treasury

The leadership team behind SushiSwap, a popular defi platform, submitted proposals for a DAO governance vote that would transfer control of around $40 million from the DAO to a small centralized organization called "Sushi Labs". That organization would also receive all future airdrops awarded to SushiSwap. According to the proposal, this was motivated by a desire for efficiency and faster development.

The "yes" votes are currently in the lead with a 63% margin. The most yes votes came from sushigov.eth, the official SushiSwap team address, which also created the proposal. It is the first time that address has ever participated in a governance proposal.

The 5.5 million yes votes from the team wallet, plus another 3.1 million delegated from other community members, were enough to push the vote to majority support. A former SushiSwap contributor has also alleged that the SushiSwap team was manipulating the vote with additional wallets.

On Twitter, Sushi's "Head Chef" claimed that he had consulted with lawyers and then authorized the voting activity out of fear of an "extortative [sic] governance attack attempt".

Theme tags: Hmm
Tech tags: DAO, DeFi

Curio RWA project suffers $16 million exploit

Curio, a crypto project that creates tokens based on "real-world assets" (RWAs) like cars, watches, wine, and other goods, has suffered an attack that saw around $16 million drained from the project's funds.

A bug in the project's Ethereum smart contract enabled an attacker to mint 1 billion of the project's CGT governance token. Although the tokens were notionally priced at around $40 million, the loss to the project was estimated at closer to $16 million.

Curio DAO announced that they intended to compensate users affected by the theft over a year-long period.

Theme tags: Bug, Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

Crypto tumbler Tornado Cash suffers code exploit, putting funds at risk

A community member of the Tornado Cash cryptocurrency tumbler project has reported that malicious code was added to the Tornado Cash project on January 1, which has put at risk funds deposited into the service. According to the community member, a successful governance proposal two months ago resulted in a code change, but malicious JavaScript included in the change went unnoticed.

The code leaks private notes associated with deposits to a "private malicious server" owned by the person who initiated the code change. Private notes on Tornado Cash are the keys that allow a person to later withdraw the funds they have deposited into the mixing service.

This is not the first time DAO governance has gone wrong for Tornado — in May 2023, the project underwent a hostile takeover via malicious code that went unnoticed.

Theme tags: Hack or scam
Tech tags: DAO, DeFi

$2.7 million disappears from funds meant to compensate Hector Network investors

In July 2023, angry investors in the Hector Network project opted to "rage quit" — an option reserved by some defi projects that allows investors to vote to liquidate a project's remaining treasury and distribute it to token holders. The successful rage-quit vote in Hector's case came after the protocol lost $8 million in the Multichain disaster, although investors say that was only the final straw in a series of poor management choices and inflated salaries that saw the project treasury dwindle from over $100 million to around $16 million.

Now, another $2.7 million is gone after an apparent thief was able to exploit a smart contract that was intended to distribute payouts to Hector's token holders. They then swapped the tokens from the USDC stablecoin to ETH.

Investors in the project are furious, especially because various parties had warned Hector Network about apparently insecure practices. Hector Network's team, meanwhile, have not acknowledged the theft, although a law firm involved in the project liquidation promised a statement would be forthcoming.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Fantom
Tech tags: DAO, DeFi

Defunct BarnBridge reaches $1.7 million settlement with SEC

About six months after the SEC filed a complaint against the BarnBridge DAO, the group has agreed to disgorge almost $1.5 million in proceeds from their "SMART Yield bonds" — which the SEC also says attracted more than $509 million in investments. The two co-founders will also pay $125,000 each in civil penalties.

The SEC charged that the group had not registered their sale of the bonds as was required under US securities laws. BarnBridge shut down very shortly after the complaint was filed, without any input from its community, despite ostensibly being community governed.

Theme tags: Law
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

Aragon DAO votes to sue its founding team

Aragon is a prominent project that creates DAO infrastructure. Ironically, its own DAO-based governance has been fraught, with the group facing a governance crisis in May over conflicts between the DAO and the Aragon Association (a small group of "stewards" for the project).

Now, after the Aragon Association decided without consulting the DAO to dissolve itself and wind down the project's governance tokens (while keeping some of the funds), the DAO has voted to sue the group. The DAO has accused the group of improperly taking investors' money to put it "into their new secretive company". They've allocated $300,000 to legal efforts.

Theme tags: Hmm, Law
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

Samudai treasury drained

The treasury of the Samudai DAO was apparently drained as an attacker compromised the project's multisignature wallets and the wallet belonging to the project's founder, Kushagra Agarwal. Altogether, around $1.25 million in ETH was stolen.

Agarwal sent a message to the thief shortly afterwards, offering a 10% "bounty" in exchange for the return of the rest of the funds. The attacker didn't seem to be interested, and in mid-January began tumbling the assets through the Tornado Cash cryptocurrency mixer.

Samudai didn't seem to publicly acknowledge the theft, even though they've posted on Twitter a few times since then. The organization had raised $2.5 million in pre-seed capital in June 2022.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: DAO

Superdao to shut down

Superdao, a project aiming to assist communities in forming DAOs, has announced it will be closing its doors. It was blunt in its announcement: "it became clear that the crypto industry itself becomes much smaller than its initial ambition ('the new internet') and specialized tools for crypto companies are unlikely to produce venture-scale outcomes."

The project had raised $10.5 million in a 2021 seed funding round, and has said they intend to return remaining funds to its investors.

Theme tags: Collapse
Tech tags: DAO

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.