This is What a Hostile Takeover Looks Like in Crypto

An unknown attacker took control of the Build Finance DAO. The attacker emptied the DAO's treasury and liquidated BUILD token.

Under New Management: Build Finance DAO Falls to a Hostile Takeover
Build Finance DAO taken over

Why Build Finance was a Good Target

Build Finance DAO was a "decentralized venture builder." The idea was that investors would buy BUILD tokens, then Build Finance would buy other assets to store in its treasury. In turn, the decentralized autonomous organization (DAO) would fund other projects using its BUILD tokens. MetricExchange (METRIC) is one of Build Finance's main investments.

Build Finance was not a large or active project. Before the takeover, DAO members had complained of slow progress on new development and limited communication from the core team. Despite slow product growth, Build had about $500k worth of crypto in its treasury–mostly in DAI, BUILD, and METRIC tokens.

Build Finance's DAO had an unusual governance model that allowed the owner of a single smart contract to mint BUILD tokens and control the treasury. In addition to its somewhat inactive community, this software design quirk made Build Finance a good target for a hostile takeover, because a single vector could give an attacker total control over the DAO.

“As things stand, the attacker has full control of the governance contract, minting keys and treasury. The DAO no longer has control over any part of the key infrastructure.”
- Build Finance, in the project's Discord

How Build was Taken Over

Tweet confirming hostile takeover
Tweet confirming hostile takeover

According to Build Finance, on February 9, a wallet named Suho.eth submitted a DAO proposal that would let him or her mint BUILD tokens without the DAO's approval–in effect, taking over the project. This proposal was voted down.

On February 10, Suho.eth sent tokens to another wallet and re-submitted the takeover proposal. This proposal was not picked up by Build Finance's Discord bot to alert voters, and it passed unnoticed.

After the takeover, the attacker–as Build Finance's old boss calls its new boss–disabled the project's docs and Discord bot. Build Finance's old boss believes the attacker was trying to hide his or her next steps.

Build Finance: Under New Management

Under new management
Under new management

According to Build Finance's old boss, the attacker used Build Finance DAO's permissive governance contract to empty the treasury and liquidate the BUILD token.

First, the attacker minted 1.1M BUILD tokens and used them to drain BUILD's liquidity on decentralized exchanges (DEXs) Balancer and Uniswap. Then, the attacker took 130k METRIC tokens from the Build Finance DAO's treasury and used them to drain liquidity on a couple DEXs.

Once the major liquidity was drained from BUILD, the attacker minted another 1B BUILD tokens and used them to drain all remaining liquidity in the project. The attacker then sent the funds to crypto tumbler Tornado Cash to hide their origin. Based on analysis of the attacker's transactions, it appears he or she took about 160 ETH, worth roughly $500k.

Ledger Nano Wallet
In a world of hostile takeovers, why expose yourself to hacks? 6 million customers use the Ledger hardware wallet to keep their assets safe. Don't wait to be part of a hack article.

The Damage Seems to be Permanent

Before the takeover, BUILD's market cap was around $200k, and its treasury assets were worth around $500k. Today, BUILD's market cap is just $500–a 99.7% drop–and its treasury is empty. The entire process took about three days.

Chart showing BUILD token's drop from $1.50 to $.003 during the takeover
BUILD token dropped from $1.50 to $.003 during the takeover. Source: CoinGecko

The Future of Build Finance

Tweet pointing out Build Finance is under new management
Tweet pointing out Build Finance is under new management

The attacker still controls the DAO, and it's unclear what will happen to the project. MetricExchange continues to operate, and the attacker has no control over the supply of METRIC tokens.

For now, Build Finance's old boss has just one suggestion: Do not buy BUILD tokens on any platform.