Two attackers were able to exploit a vulnerability in the governance token contract for Azuki DAO on Monday, draining 35 ETH in the process. 

“The main reason for the exploit is that the signatureClaimed variable in the contract was not properly checked, which allowed for replay attacks. Now, the contract is paused,” noted blockchain analytics firm MetaSleuth.

The exploit comes amid an ongoing community vote by members of the Azuki DAO to hire a lawyer to claw back 20,000 ETH from Zagabond, the founder of the NFT project. So far, 88% of the community was in favor of the proposal, using 29 million BEAN tokens to vote.

The community also alleged that Zagabond has rugged “multiple projects” without naming any specific one. While the group claims to be “OG Azuki holders” acting in the interests of the community, some users have questioned the DAO’s relationship to the Azuki project.

Tytan.ETH, cofounder of NFTY.Finance, said he had never heard of the group and raised suspicions about the fact that the governance token used for voting was only a few days old.

Azuki faced a considerable amount of backlash after the release of Elementals, with many NFT collectors slamming the new collection for being too similar to the Azuki collection released in February 2022. The controversy escalated when the project’s team reportedly transferred 20,000 ETH from the wallet as soon as the collection was minted.