The Analysis of the DAOMaker Attack

Code Auditing

August 12, 2021

Attack Analysis

The attack transaction:

0x26aa86261c834e837f6be93b2d589724ed5ae644bc8f4b8af2207e6bd70828f9

The attack smart contract is an open source one.

Step 1: 0x054e sends a transaction to grant the admin role to 0x0eba of the wallet (0x41b8).

Then 0x0eba grants the “DAO contracts” role to 0x1c93.

At last, the 0x1c93 (XXX) invoke the function withdrawFromUser to transfer the money to the XXX contract.

Interesting, the victim 0x41b8 is created by 0x054e.

Summary

In summary, 0x054e creates the victim 0x41b8 wallet. Then 0x054e grants the admin role to 0x0eba, who further grants the “DAO Contracts” role to 0x1c93. At last 0x1c93 withdraws the money from the victim.

May 28 2026

Crypto Compliance Tools: A Practical Guide for Web3 and TradFi Integration

Regulators levied $4.2B in penalties in 2024 alone. For Web3 and TradFi teams, choosing the right compliance stack is no longer optional.

May 28 2026

How to Choose a Blockchain Compliance Platform Suitable for Your Business

For every 10,000 USDT moving on-chain, roughly 13 USDT are tainted. The platform you choose decides whether that contamination touches your books.

May 28 2026

Crypto Compliance Software Guide: Technical Frameworks & Top Tools

FATF, MiCA, OFAC—three regulators, one question every VASP must answer: is your compliance stack built for the next audit, or the last one?

Best Security Auditor for Web3

Validate design, code, and business logic before launch. Aligned with the highest industry security standards.