In what seemed to be a hostile takeover of the governance of the Build Finance DAO, the attacker was able to drain the funds of the DAO. But calling this incident an attack is a matter of definition; the attacker, while obviously not playing along the intents and purposes of the DAO, did not break any rules. The DAO was, after all, abiding by the principle of “code is law”.
The Build Finance DAO is a decentralized autonomous venture builder, owned and controlled by the community. Build Finance produces, funds, and manages community-owned DeFi products. The DAO engages in identifying business ideas, organizing teams, sourcing capital, helping govern the product entities, and providing shared services. In other words, the Build Finance DAO is a DAO providing services to other DAOs.
Total takeover of the DAO treasury
According to a tweet thread posted by the BuildFinance Twitter account, the governance of the DAO was taken over by a malicious actor who put forward and succeeded to push through a governance proposal to take control of the BUILD token contract.
“The attacker succeeded in the takeover by having a large enough vote in favor of the proposal and there were not enough countervotes to prevent the takeover from happening,” the tweet reads.