Build Finance DAO Suffers Governance Takeover Attack
Approximately $470,000 was lost in the attack.
- Build Finance DAO was targeted by a governance attack this week that allowed the perpetrator to mint and sell tokens.
- The attacker likely gained the equivalent of 160 ETH or $470,000 from the various tokens that were stolen.
- Build Finance's BUILD token has been compromised but it claims its METRIC token and Metric exchange remain secure.
Share this article
Build Finance DAO was the target of a governance takeover this week, according to a Twitter announcement from the project.
Build Finance DAO Attacked
Decentralized protocol Build Finance suffered a governance attack this week, losing custody of its treasury funds in the process.
As a decentralized autonomous organization (DAO), Build Finance allows token holders to have input on spending decisions around its cryptocurrency-based venture building platform. However, that ability ultimately allowed the attacker to take control of Build Finance’s token contract.
The attacker put forward a proposal that granted themselves control and had enough tokens to vote for the proposal to be passed. “There were not enough countervotes to prevent the takeover,” Build Finance says.
Next, the perpetrator minted and sold various tokens by leveraging smart contracts and by draining funds from liquidity pools on DeFi platforms such as Balancer and Uniswap.
Though various tokens were stolen and minted, The Block estimates that the attacker gained the equivalent of 160 ETH ($470,000) overall.
Build Finance says that the attacker now has “full control of the governance, contract, minting keys, and treasury” and warned users not to buy BUILD tokens on any platform. It adds that the attacker is not cooperating with the project, nor are they returning funds.
Project Survives Despite Attack
Despite issues with the BUILD token, Build Finance says that its METRIC tokens are secure. However, the token underwent a supply shock and some METRIC tokens could still be under the control of malicious actors.
The attacker cannot control the project’s METRIC token or its Metric exchange, Build Finance says. The project expects to continue operating and will discuss future plans with the community.
METRIC’s value is up 73% over the past 24 hours, while BUILD’s value is up 18% over the past 24 hours.
Build Finance is one of many DeFi projects that have been attacked in recent months. Notably, two Binance Smart Chain and Ethereum projects were attacked for $14.4 million last week.
A recent report from Elliptic estimates that at least $12 billion was stolen from DeFi projects between 2020 and 2021.
Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies.