The Build Finance project, a venture capital DAO group, suffered a governance attack

It is reported that Build Finance is a self-described “decentralized risk builder” whose goal is to incentivize new projects by rewarding tokens. The idea is to fund projects with their native BUILD tokens, and in return, these projects will adopt BUILD tokens to increase demand for them. Additionally, the DAO maintains the project, which is governed by a decentralized organization.

The project suffered a malicious governance takeover by attackers. The hackers successfully controlled the Build token contract by getting enough votes, minted more than 1 billion BUILD tokens in three transactions, and ran out the balancer and Uniswap liquidity pools. most funds. After the incident, the project team advised users on Twitter “Do not to buy BUILD tokens on any platform”. The project team members tried to have a direct conversation with the attacker, but the other party did not seem interested in dialogue.

In the end, DAO contract should set an appropriate voting threshold to achieve truly decentralized governance, so as to avoid the proposal being passed and successfully executed with a small number of votes. It is recommended to refer to the implementation of the governance contract officially provided by openzeppelin.