DAO Money Heist: How thieves are draining DAO funds in plain sight
DeepDAO recently published a shockingly candid interview with a “professional DAO drainer.” Apparently, there are entire teams that infiltrate DAOs and over time guide the governance process to hand over treasury funds to them. How is this robbery in plain sight happening and what can be done to stop it?
Opportunity attracts opportunists
This particular money grabber is a marketer. Seeing how DAOs raise large amounts of funds (often in the millions of dollars), he was tempted to get a piece of that pie. Being a marketer, this person understood the importance of selling himself and his ideas in a way that would appear legit to the more gullible of the DAO’s members.
This is generally true because:
- Most people don’t read proposals carefully.
Be honest: when did you last read the fine print of an agreement? Or the details of some legislative proposal in your country that everyone is alarmed about? People tend to trust the experts to summarize key points for them. Professional money grabbers can exploit that.
Countermeasure: DeXe’s DAO constructor will fight this by giving the DAO an option of secondary validator-only voting, to make sure each proposal is double-checked by trusted members of the community. Additionally, with people being rewarded for useful proposals, a system can be created for penalizing those with harmful ones.
Another possible solution is to make funding proposals reversible if fraud is detected. One author of an article in Hackernoon even suggests making funding retroactive — rewarding documented achievements rather than proposed promises to do something in the future.
2. Many will vote for anything just to show activity in hope of some future reward (like an airdrop).
If the scammers know that a significant number of votes will support any proposal at all, all they have to do is get enough extra votes to get the proposal approved. If a DAO is dominated by airdrop hunters that automatically and actively vote yes, it looks to money grabbers as if the DAO’s members are begging to be robbed.
Countermeasure: DeXe’s DAO builder will encourage voting that is actually useful, but this may still not deter all of the “autovoters” from fueling the scammers’ schemes. What will help is the flexible system of quorums and vote duration that DAOs built on DeXe can implement. If a vote releases treasury funds, the DAO’s creator or community can decide to have a high enough quorum to make autovoting irrelevant.
3. There is little vetting of DAO contractors.
DAO members propose the funding of various initiatives and can nominate the contractor to execute them in the same proposal. But who actually knows if the contractor will deliver on the promised result or is just pocketing the money with no accountability? Same with distributing rewards to team members and others. If the majority of DAO members are not actively engaged, they are likely to take the proposal at face value and trust that the people nominated for the receipt of funds merit those funds and will do (or have done) solid work to earn them.
What these money grabbers end up doing is creating tools and content that look legit enough to merit funding. Sometimes they can even show results that look convincing (but are not actually achieving anything near what was promised, instead lining the pockets of the scammers).
Countermeasure: The ability to appoint/add/remove validators in DAOs built on DeXe will add a layer of trust that would make it harder for scammers to penetrate the governance structure. But money grabbers are smart and use all sorts of schemes to appear trustworthy. Having full transparency of contractor wallets and activity in both the specific DAO and across the blockchain space could help separate true contributors from frauds. This is also connected to the previous issue: when DAO members are actively engaged for the betterment of the DAO — not for free airdrops — the awareness of who is actually contributing to the DAO rather than posing as a contributor is generally higher.
Social engineering of trust
Perhaps the most shocking part of the interview was how the money grabbers infiltrated the DAOs so deeply as to become trusted moderators and community leaders. Whom can you trust if not the most helpful, knowledgeable, and active members of the community whom even the team trusts?
Money grabbers bribe admins, delegates, and other influential DAO members. They pay some key members to open the way for them: “We even pay a salary for one dude to constantly tweet about our activities in a positive way, and to straight-up ignore other similar requests. This strategy also helps us big time with elections.”
In essence, these scammers find the human and technical weak spots in a DAO and exploit it, much in the same spirit as MEV extraction bots do. This gives them the moral cover story of “we’re just exploiting inefficiencies.” But what they are actually doing is sabotage and discreditation of the entire DAO concept.
Fighting back
A lesson can be learned from sniping bots, which plagued AMM launches until 111PG came in and made the game not worth it (largely by trapping the bot runners’ funds so they both didn’t get the tokens they wanted and couldn’t use their funds for new attacks).
Maybe, similarly, DAO, DAO builders, or 3rd party applications will find ways to make draining DAO treasuries not worth the effort. Some measures are already discussed in the DAO Times article if you read carefully what the interviewee exploited: low authentication, inactive membership, low quorum, etc.
Trust shield
When scammers manipulate trust structures, one of the best ways to fight back is to build the kind of trust that is hard to penetrate. For example, DeXe’s DAO builder will have a DAO of Experts, where those who have proven (and been screened) in the fields of marketing, development, community management, etc. will have a special voting power benefitting themselves and those delegating to them. Community members who delegate to experts will receive more rewards and their delegated votes will have more power when the proposal deals with the area of expertise of the delegate. Thus, marketing proposals will have more voting weight for those recognized as marketing experts. They will be able to use their expertise to vet shady proposals and weed out scams.
In one way, the scammer is certainly correct: as long as there are vulnerabilities, they will be exploited. That’s why it’s so important to build better DAOs where the community engagement and the DAO’s very structure leaves as few exploits as possible.
Stay tuned!
Website | Telegram channel | Telegram chat | Facebook | Medium| LinkedIn | Twitter | Reddit| Discord
