QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$490 000 USD
FEBRUARY 2022
GLOBAL
BUILD FINANCE
DESCRIPTION OF EVENTS
"There are so many ideas in DeFi that desperately need to get built, yet nobody is working on them. Why isn’t there a DAO which actively incentivizes the development of new projects by rewarding builders with tokens? This is our attempt to start it. BUILD Finance is a decentralized venture builder."
"According to Google, venture builders are organizations dedicated to systematically producing new companies, which they help grow and succeed. There are five core activities in which venture builders engage: identifying business ideas, building teams, finding capital, helping govern or manage the ventures and providing shared services."
"BUILD Finance is a decentralised autonomous venture builder, owned and controlled by the community. BUILD Finance produces, funds, and manages community-owned DeFi products." "BUILD produces, funds, and manages decentralised solutions on Ethereum."
"BUILD operates a shared capabilities model, where the DAO provides the backbone support and ensures inter-entity synergies so that the product entities can focus on their own outcomes. Each product accrues value for the DAO and $BUILD holders."
"BUILD takes care of all organisational, hiring, back/mid office functions, and the product companies focus on what they can do best, until such time where any individual product outgrows the DAO and becomes fully self-sustainable. At that point, the chick is strong enough to leave the nest and live its own life. The survival of the fittest. No product entity is held within DAO by force."
"$BUILD token is used as a governance token for the DAO. It also represents a pro-rata claim of ownership on all DAO’s assets and liabilities (e.g. BUILD Treasury and $bCRED debt token)."
"Only provide liquidity on $BUILD if you believe in the project. As of today, the token has literally zero monetary value. The only way $BUILD can gain value is if we, as a community, start building projects around it."
"The token was distributed via liquidity mining with no pre-sale and zero founder/private allocation. The farming event lasted for 7 days around mid-Sep 2020. At the time, BUILD didn't have any products and held no value. Arguably, $BUILD has still zero value as it is not a legal instrument and does not guarantee or promise any returns to anyone."
"The Build Finance DAO has been the target of a hostile governance takeover in which a malicious actor has put forward and succeeded with a proposal to take control of the Build token contract." "Unfortunately @finance_build has been subject to a hostile governance takeover. A malicious actor has minted 1.1M $BUILD tokens and has drained the project liquidity pools."
"The venture capital DAO organization Build Finance tweeted that the project suffered a malicious governance takeover."
"The attacker succeeded in the takeover by having a large enough vote in favour of the proposal and there were not enough countervotes to prevent the takeover from happening." "The malicious actors successfully controlled the Build token contract by getting enough votes, minting 1,107,600 BUILD tokens in three transactions." "The proposal passed because no alert was issued on Discord that a new proposal had been made, The Block reported." "Thanks to their move to disable bots that would have alerted the community to the new proposal, it eventually passed."
"Suho.eth transferred tokens to 0x…2c28 and attempted a malicious takeover which succeeded at block height 14175830." "0x…2c28 minted 1,107,600 BUILD in three transactions (14182042, 48, and 54) and drained the majority of the funds in the liquidity pools on Balancer and Uniswap." "0x…2c28 then took control of the balancer pools via the governance contract and drained the remaining funds including 130k METRIC tokens."
"With most of the funds in Balancer and Uniswap liquidity pools exhausted, attackers continue to take control of the balancer pools via governance contracts and drain the remaining funds including 130,000 METRIC tokens, METRIC liquidity on Uniswap and Fantom Both pools subsequently came under intense selling pressure."
"Both METRIC liquidity pools on Uniswap and Fantom were then subject to intenses sell pressure as the attacker sold all 130k METRIC tokens into the available liquidity." "0x…2c28 then minted 1,000,000,000 BUILD at block height 14188763." "The attacker proceeded to sell BUILD tokens into whatever available liquidity was present; this situation is ongoing although activity appears to have abated as per 14:00h on 13th February 2022." "The wallet where the drained funds went appears to have gone silent two days ago after sending 163 ETH to Tornado Cash, a service that lets users obscure Ethereum transactions."
"As a byproduct of the DAO structure the attacker was able to gain access to 130,000 METRIC tokens that were contained within the BUILD DAO treasury, all of these tokens were sold into the market using whatever liquidity was available." "This extreme supply shock has caused a large fall in the spot price of the METRIC token. However, the attacker does not have control of any parts of the METRIC token or the http://metric.exchange infrastructure."
"The team does not believe the attacker has the ability to cause any further disruption to METRIC, and it should be safe to trade METRIC tokens again with the following caveat: the supply shock has still caused a large change in the distribution of METRIC token and it is" "still possible that a percentage of these tokens may be under control of heretofore unidentified bad actors. However we do not believe there is any outstanding systemic risk to METRIC token or http://metric.exchange."
"The attacker was able to access funds in this way due to the structure of the Build DAO governance model. It is believed that the attacker took extra steps to stop evidence of their activities by way of disabling the gitbooks and the proposal bot."
"It is with deep regret that we have to inform the community of this total and irrecoverable loss of BUILD DAO treasury assets through the deeds of one malicious actor." "Team members have made direct contact with the attacker but there seems to be no appetite for a dialogue, much less any reparations."
"As it stands, attackers have full control over governance contracts, minting keys, and treasuries, and the DAO no longer controls any part of critical infrastructure." "As things stand, the attacker has full control of the governance contract, minting keys and treasury. The DAO no longer has control over any part of the key infrastructure. Do not buy BUILD tokens on any platform."
"We would welcome a discussion in the discord with community members about the way to move forward from this but it is difficult to see a future for BUILD with only its brand recognition and IP assets, and no liquid treasury." "However we do believe that due to the lack of severe impact on the core infrastructure of http://metric.exchange, the Metric protocol and METRIC token can continue to operate and develop independent of the BUILD DAO."
Build finance operated a decentralized autonomous venture builder, launching new projects using funds in a treasury overseen by a decentralized governance model. Unfortunately, a malicious actor took over the protocol and drained the funds once they gained enough BUILD tokens, managed to disable bots that notify users of new proposals, and used a successful proposal to mint themselves more tokens. All tokens were then exchanged through any available liquidity pairs. The project was unable to regain control over the smart contract. The website is presently offline as the domain expired.
SlowMist Hacked - SlowMist Zone (Jun 26)
BUILD Finance (Mar 11)
https://web.archive.org/web/20210217011742/https://docs.build.finance/build-knowledge-base/ (Mar 11)
Announcing Build Finance (Mar 11)
Morioh (Mar 11)
BUILD Finance price, BUILD chart, and market cap | CoinGecko (Mar 11)
@finance_build Twitter (Mar 11)
Ethereum Price History and Historical Data (Dec 21)
@finance_build Twitter (Mar 11)
Democratic DAO Suffers Coup, New Leader Steals Everything (Mar 11)
Build Finance DAO suffers 'hostile governance takeover,' loses $470,000 (Mar 11)
