The Analysis of the DAOMaker Attack

Code Auditing

August 12, 2021

Attack Analysis

The attack transaction:

0x26aa86261c834e837f6be93b2d589724ed5ae644bc8f4b8af2207e6bd70828f9

The attack smart contract is an open source one.

Step 1: 0x054e sends a transaction to grant the admin role to 0x0eba of the wallet (0x41b8).

Then 0x0eba grants the “DAO contracts” role to 0x1c93.

At last, the 0x1c93 (XXX) invoke the function withdrawFromUser to transfer the money to the XXX contract.

Interesting, the victim 0x41b8 is created by 0x054e.

Summary

In summary, 0x054e creates the victim 0x41b8 wallet. Then 0x054e grants the admin role to 0x0eba, who further grants the “DAO Contracts” role to 0x1c93. At last 0x1c93 withdraws the money from the victim.

Apr 15 2026Security Insights

Weekly Web3 Security Incident Roundup | Apr 6 – Apr 12, 2026

This BlockSec weekly security report covers four DeFi attack incidents detected between April 6 and April 12, 2026, across Linea, BNB Chain, Arbitrum, Optimism, Avalanche, and Base, with total estimated losses of approximately $928.6K. Notable incidents include a $517K approval-related exploit where a user mistakenly approved a permissionless SquidMulticall contract enabling arbitrary external calls, a $193K business logic flaw in the HB token's reward-settlement logic that allowed direct AMM reserve manipulation, a $165.6K exploit in Denaria's perpetual DEX caused by a rounding asymmetry compounded with an unsafe cast, and a $53K access control issue in XBITVault caused by an initialization-dependent check that failed open. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Apr 8 2026Security Insights

Weekly Web3 Security Incident Roundup | Mar 30 – Apr 5, 2026

This BlockSec weekly security report covers nine DeFi attack incidents detected between March 30 and April 5, 2026, across Solana, BNB Chain, Arbitrum, and Polygon, with total estimated losses of approximately $287M. The week was dominated by the $285.3M Drift Protocol exploit on Solana, where attackers combined multisig signer social engineering with Solana's durable nonce mechanism to bypass a zero-timelock 2-of-5 Security Council, alongside notable incidents including a $950K flash loan TWAP manipulation against the LML staking protocol, a $359K Silo Finance vault inflation via an external `wstUSR` market donation exploiting a depegged-asset oracle and `totalAssets()` accounting flaw, and an EIP-7702 delegated-code access control failure. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident, covering flawed business logic, access control, price manipulation, phishing, and misconfiguration attack types.

Apr 8 2026Case Studies

Tracing $1.6B in TRON USDT: Inside the VerilyHK Ponzi Infrastructure

An on-chain investigation into VerilyHK, a fraudulent platform that moved $1.6B in TRON USDT through a multi-layered fund-routing infrastructure of rotating wallets, paired payout channels, and exchange exit funnels, with traced connections to the FinCEN-sanctioned Huione Group.

Best Security Auditor for Web3

Validate design, code, and business logic before launch. Aligned with the highest industry security standards.