Maker dao on the weg: Hacker coins confiscated
An eagle. Image of Usfws Mountain-Prairie via Flickr.com. License: Creative Commons

Actually, the DAI dollar should be the uncensable counter-design to stable coins such as USDC or USDT. But now it came to the vault of a hacker moved in after a court issued a decision. It was that with the uncensibility? Knick maker before it even comes to fight?

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

It was to be expected that stablecoin providers such as Tether, Circle or Paxful. However, if you hoped that it would be different with decentralized stable coins like the Dai dollar, because it is not drawn up by a central entity, but a decentralized autonomous organization (DAO), you can now be taught better: Even in the Maker Dao, the editor of the DAI dollar, can be censored. And it becomes when you ask them.

Oasis, more or less the front end of maker, recently confessed this on her blog:

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

“On 21. February 2023 we received a decision by the High Court of Justice of England and Wales to initiate all the necessary steps that lead to the back of certain assets that are connected to the address that the Wormhole Exploit on 2. February 2022 is attributed.“The blog continues in accordance with the court decision, as the law requires, and multiclaws by Oasis and a third party authorized by the court.“The assets, confirmed Maker, were immediately sent to a wallet that belongs to the authorized third party.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

There is obviously a lot to explain.

First, the Maker Dao: This is a decentralized organization that is “ruled” by the MKR-TOKEN. The token owners actually only vote on how the DAO develops and keep parity to the dollar through purchases and sales. The Maker Dao is a brilliant structure of game theoretical incentives that ensure that the token keeps the dollar value. However, after the private, centralized maker foundation has been dissolved and entered the DAO itself, it grew into a fascinating but difficult to overlook and possibly corrupted structures, which appears more and more like an hermit between hedge fund and dao.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

However, the DAO should not be able to undo or censor transactions. There is no mechanism in the (publicly visible) code, even if an address obviously benefits from a criminal action, such as a hack,. Just like one of the most spectacular hacks 2022: a hacker attacked Wormhole, a bridge that connects different blockchains. A bug allowed him, on the Solana side of the bridge 120.To create 000 ether tokens, which he then over the bridge in 100.000 real ether translated. He put them in a vault of the maker dao, where, according to the idea, the idea is not censable.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

Apparently, now shows, they are this. The Oasis blog explains: “For the first time. February 2023 informed that it could be possible to attribute assets and showed by a proof of concept how.“What five days later through the maker or. Oasis team happened, “was only possible because of a previously unknown weakness in the design of the mulitis access for admins.“This access was“ only there with the intention to protect users in the event of a potential attack and would have allowed us to proceed quickly to quickly conclude any weakness that is exploited to us.”

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

In principle, it is nice that the hacker comes around his prey and that it is returned to the actual owner – somehow and in part -. Nevertheless, it was not the point that the Oasis team can simply freeze assets and pay out elsewhere.

It was only only a matter of time.

1) Court Orders Defi Project to Use Multisig to Steal Money Back From Hacker

2) Defi Project Says “OK!”And uses its multisig to exploit its own code

3) Defi users are like “Oh Crap.. what?”

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

What a Total Joke.https: // t.CO/XZ1NWQWAZW PIC.twitter.com/ilbl9lxqhw

– Chris Blec (@chrisblec) February 24, 2023

It was only a matter of time, says Chris Blec, a skeptical member of the Maker Dao: The court ordered that a defi project uses its multisig to steal money from a hacker; The Defi project says ‘OK’ and uses its multisig to access your own code; And the users are amazed: what the hell? How can that be possible at all? “An absolute joke”, someone thinks that “Bankless, Superphiz, Sassal etc. and Coinbase, Consensys reject a court notice?”

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

Of course, Chris hits a point. As long as there are points of attack, there are people who prefer to play along than risk, go to prison. But that doesn’t mean that every DAI dollar that hangs around in our wallets is attackable. This impression that can easily arise is Grundfalsch. Blocksec and block works describe exactly what happened on the technical level; If you are interested in details, you should read the articles.

At first the hacker did not buy the Dai dollar, but rather revealed: he paid ether into a “Vault” at Oasis and borrowed DAI. The algorithmic stable coins are very similar to Fiat money. However, while this grants the banks a partial reserve – they only have to cover the money created by lending to a fraction – the maker DAO requires considerable “over -collateralization”. The vault must be preserved in a much higher value than the drawed DAI are worth. This is how a buffer remains to stabilize parity to the dollar.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

So the hack has paid Ether into a vault via the Oasis frontend. After that, he activated the automatic purchase and sales service, a kind of trading bot that OASIS offers to manage collateral more efficiently. With this step he effectively handed over control, which nobody suspected at this point.

Only when these requirements are met-when an asset is located in an Oasis Vault and the trading bot was activated-the hack applies. He also does not affect the DAI dollar himself. These remain uncensable. It only affects the contents of the vault, which is not a DAI dollar, but assets like ether or USDC, which support the value of the DAI. With the bug, Oasis was now able to manipulate the contract so that they took control of the Vault. They wrote them well to another but now, which now took control.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

But even this account couldn’t just debits the collateral. That would endanger the stability of all DAI dollars. Instead, he had to pay back the Vault by which she had borrowed Dai dollar. Since the Vault was considerably over-collateralized, he was able to close the Vault at the price of 76 million DAI dollars and 120.Book 000 ether – around 185 million euros. Makes an era of a good 100 milllion euros.

So there is no reason to fear that all DAI dollars can be scanned and confiscated. But that’s not ideal. Christoph Jentzsch from Corpus accounts for:

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

Governance in the Hand of A FEW (MultiSig) and Upgradability are a Liability. https: // t.CO/JOESPYA2F9

– Christoph Jentzsch (@chrjenzsch) February 25, 2023

The administration in the hands of a few (multisig) and updates are a burden. Although they allow errors and to undo hacks. But they also burden owners of the key to the responsibility for everything because they have complete control over the project – and thus also liability. Many projects have such control mechanisms without making the associated risks transparent.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

What if the governments do not ask about the assets of hackers next time? But from tax debtors? By Edward Snowden? And so forth. “This is possible,” states Defiignas, “against the ethos of decentralization and Bitcoin. It is also against Makers own mission to make it an impartial world currency. The goal is that Dai is as bitcoin -like as possible. And maker is not there yet.”

1/ Makerdao IS Facing Heavy Criticism Following A ‘Counter-Exploit’ Worth $ 225m.

They Couldn’t Refuse the Order of the High Court of England and Wales Just Yet.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

But there’s a strategy in Place to Say No In The Future: 🧵

– Ignas | Defi Research (@defiignas) February 26, 2023

Defiignas recalls that it is not the Makerdao that can take control of the Vaults, but Oasis, part of the frontend. Nevertheless, the Maker Dao is vulnerable, for example when parts of the reserves are censored in USDC or USDT, as was feared after Tornado.Cash on the Blacklists of the US Ministry of finance landed. At that time, the maker Dao had discussed whether it would be willing to accept the loss of the dollar bond in order to remain censor resistant, for example when USDC freezes certain coins that are in a vault.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);

The “Endgame Plan” proposed by maker founder Rune Christensen and adopted by the DAO is intended to reduce this dependency: “The endgame plan takes on a hard attack by the regulators.“This already happens, as you can see on the Busd attack on the attack of the regulators. Each defi stable should “prepare for a restrictive regulatory environment.“The Maker’s endgame plan consists of three steps:

Whether that will come or not is still a very wide question. It will be exciting to continue to observe how the DAI dollar asserts itself as a decentralized counter-draft to the USDC and USDT Dollarkt against an increasingly stricter regulatory headwind.

a:hover imgbox-shadow:0 0 20px 5px rgba(255,0,0,0.6);