HectorDAO Shocks Investors with $2.7M Hack Silence
2 min readInvestors in the Hector decentralized autonomous organization (DAO) on the Fantom network are demanding control of the remaining funds after the team allegedly halted communications following a hack that resulted in $2.7 million in losses. According to an anonymous HectorDAO investor, the team stopped communicating with the community on January 19, and all social channels were muted in September 2023. The hacker exploited a vulnerability in the protocol’s smart contract that had previously been identified, but the recommended changes were not implemented by the team. The hack occurred just as the protocol was planning to dissolve itself and return assets to investors.
The origins of HectorDAO’s troubles began in 2021 when its token, HEC, experienced a significant price collapse. By May 2023, the price had declined by nearly 99%, and the value of the DAO’s treasury also declined. In July 2023, HectorDAO suffered further losses of $8 million due to the Multichain bridge hack. Despite a vote to liquidate the DAO and return funds to users, most of the $16 million held in the treasury at the time had not been distributed to investors by January 2024.
On January 15, the HectorDAO team attempted to distribute the remaining funds, but a malicious account immediately transferred $2.7 million worth of assets to itself after depositing a small amount of HEC. The team shut down the redemption platform and moved all remaining assets back to the treasury contract. It later announced that there had been a security breach and the redemption process was postponed.
Investors have expressed their distrust in the development team, believing that the hack was either the work of a rogue developer or a compromised private key. A detailed post-mortem report on the attack revealed that preparations began in December 2023, and the attacker exploited vulnerabilities in the Treasury Multisig Wallet and Token Vault contracts to carry out the attack.
As of now, there is no clear plan for moving forward. The HectorDAO website’s most recent update states that the redemption process is postponed, and the team is working to address the situation. Investors are considering legal action as they have been unable to contact the developers. An investigation into the hack is ongoing.
Cybersecurity should be a top priority in the blockchain space. This incident reinforces the need for rigorous testing and vetting of smart contracts.
Let’s not forget that there are many successful decentralized autonomous organizations out there. This incident shouldn’t discourage us from exploring the potential of DAOs.
Let’s use this incident as an opportunity to educate ourselves and others about the importance of security and due diligence in the crypto space.
The postponed redemption process adds further distress to the investors. They’ve been left in the dark for too long.
I’ve lost faith in the developers. It’s either a rogue developer or a compromised private key, and either way, they should have prevented it!