Saturday , November 28 2020

Dev says MakerDAO attackers could turn $20M in Ethereum into $340M almost instantly

TNW uses cookies to personalize content and ads to
make our site easier for you to use.
We do also share that information with third parties for
advertising & analytics.

Powered by

Blockchain, cryptocurrencies, and insider stories by TNW.

A software developer claims to have found a way in which to make an “incredibly profitable” but “expensive” attack to steal all the Ethereum available in MakerDAO.

Micah Zoltu described the potential attack in a blog post published on Monday, noting a successful attack could see the hacker “ride off into the sunset with $340 million worth of Ethereum.”

“The problem is, Maker Foundation has decided that the appropriate value for this governance delay is 0 seconds. That is right, defenders have 0 seconds to defend against an attack launched by a wealthy but malicious party,” he adds in the post.

The issue, Zoltu notes, lies in the way in which MakerDao is governed. “Some groups of plutocrats can control how the system behaves.”

In order to carry out the attack, the hacker would have to deploy approximately $20 million (40,000 MKR), which wouldn’t necessarily be straightforward. CoinDesk reports that the person would need to buy MKR without affecting the price, which is, of course, unlikely.

Zoltu claims Maker has been aware of the issue since before Maker v2 launched.

“Despite this, they are choosing not to plug the hole (the plug is easy). Because of that, I do not believe that it would be responsible for me to keep my mouth shut and hope that no attacker figures out what should be obvious to anyone who understands Maker’s governance model,” he notes.

Back in October, MakerDAO disclosed another dangerous security flaw that could have potentially allowed an attacker to steal Ethereum ETH powering its then-unreleased multi-collateral Dai with a single transaction. This could’ve done untold damage to the credibility of the MakerDAO system.

At the time, a HackerOne disclosure report revealed the attack was made possible due to the complete lack of access control in a MakerDAO smart contract, which allows the system to auction collateral in exchange for DAI cryptocurrency once loans are liquidated.

Published December 9, 2019 — 16:20 UTC

Thank you!

Copyright © 2006—2019.
All rights reserved.
Made with in Amsterdam.

This Article was first published on thenextweb.com

About IT News Ug

Check Also

Elon who? Tesla’s Chinese rival NIO is up 1,200% this year

TNW uses cookies to personalize content and ads to make our site easier for you …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

//zuphaims.com/afu.php?zoneid=2572107