Two attackers were able to exploit a vulnerability in the governance token contract for Azuki DAO on Monday, draining 35 ETH in the process.
AzukiDao's governance token contract (bean) @_AzukiDAO has been exploited due to a contract vulnerability. So far, two attackers were able to exploit the vulnerability and made a profit of 35 ETH.
Thanks to a community member for providing a source of information— MetaSleuth (@MetaSleuth) July 3, 2023
“The main reason for the exploit is that the signatureClaimed variable in the contract was not properly checked, which allowed for replay attacks. Now, the contract is paused,” noted blockchain analytics firm MetaSleuth.
The exploit comes amid an ongoing community vote by members of the Azuki DAO to hire a lawyer to claw back 20,000 ETH from Zagabond, the founder of the NFT project. So far, 88% of the community was in favor of the proposal, using 29 million BEAN tokens to vote.
Zagabond makes $40M
Azuki DAO wants to sue 💀 pic.twitter.com/7fwIzeLQaU
— HashBastards (@HashBastardsNFT) July 2, 2023
The community also alleged that Zagabond has rugged “multiple projects” without naming any specific one. While the group claims to be “OG Azuki holders” acting in the interests of the community, some users have questioned the DAO’s relationship to the Azuki project.
Here’s more info on where the original tweet about the AzukiDAO came from. Most Azuki holders have never heard of this group and assume it’s either fake or a group with malicious intent.
The token for voting was minted two days ago sooo there’s that: https://t.co/pF37xr0fQE https://t.co/0SbJLKcnNT
— Tytan.eth (@Tytaninc) July 2, 2023
Tytan.ETH, cofounder of NFTY.Finance, said he had never heard of the group and raised suspicions about the fact that the governance token used for voting was only a few days old.
Azuki faced a considerable amount of backlash after the release of Elementals, with many NFT collectors slamming the new collection for being too similar to the Azuki collection released in February 2022. The controversy escalated when the project’s team reportedly transferred 20,000 ETH from the wallet as soon as the collection was minted.