The Analysis of the DAOMaker Attack

Code Auditing

August 12, 2021

Attack Analysis

The attack transaction:

0x26aa86261c834e837f6be93b2d589724ed5ae644bc8f4b8af2207e6bd70828f9

The attack smart contract is an open source one.

Step 1: 0x054e sends a transaction to grant the admin role to 0x0eba of the wallet (0x41b8).

Then 0x0eba grants the “DAO contracts” role to 0x1c93.

At last, the 0x1c93 (XXX) invoke the function withdrawFromUser to transfer the money to the XXX contract.

Interesting, the victim 0x41b8 is created by 0x054e.

Summary

In summary, 0x054e creates the victim 0x41b8 wallet. Then 0x054e grants the admin role to 0x0eba, who further grants the “DAO Contracts” role to 0x1c93. At last 0x1c93 withdraws the money from the victim.

Mar 27 2026Knowledge

FATF’s New Stablecoin Report Signals a Shift to Secondary-Market Compliance

BlockSec interprets FATF’s March 2026 report on stablecoins and unhosted wallets, explains why supervision is shifting toward secondary-market P2P activity, breaks down the report’s main recommendations and red flags, and shows how on-chain monitoring, screening, and cross-chain tracing can help issuers and VASPs respond with stronger, more effective compliance controls.

Mar 25 2026Security Insights

Weekly Web3 Security Incident Roundup | Mar 16 – Mar 22, 2026

This BlockSec weekly security report covers seven DeFi attack incidents detected between March 16 and March 22, 2026, across Ethereum, BNB Chain, Polygon, and Polygon zkEVM, with total estimated losses of approximately $82.7M. The most significant event was the Resolv stablecoin protocol's infrastructure-key compromise, which led to over $80M in unauthorized USR minting and cross-protocol contagion across lending markets. Other incidents include a $2.15M donation attack combined with market manipulation on Venus Protocol, a $257K empty-market exploit on dTRINITY (Aave V3 fork), access control vulnerabilities in Fun.xyz and ShiMama, a weak-randomness exploit in BlindBox, and a redemption accounting flaw in Keom.

Mar 18 2026Security Insights

Weekly Web3 Security Incident Roundup | Mar 9 – Mar 15, 2026

This BlockSec weekly security report covers eight DeFi attack incidents detected between March 9 and March 15, 2026, across Ethereum and BNB Chain, with total estimated losses of approximately $1.66M. Incidents include a $1.01M AAVE incorrect liquidation caused by oracle misconfiguration, a $242K exploit on the deflationary token MT due to flawed trading restrictions, a $149K exploit on the burn-to-earn protocol DBXen from `_msgSender()` and `msg.sender` inconsistency, and a $131K attack on AM Token exploiting a flawed delayed-burn mechanism. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Best Security Auditor for Web3

Validate design, code, and business logic before launch. Aligned with the highest industry security standards.