QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$88 000 USD
MAY 2025
GLOBAL
DAOSQUARE
DESCRIPTION OF EVENTS
DAOSquare Incubator offers a decentralized platform for creating and investing in Venture DAOs, aiming to make venture capital more accessible and trustless. The platform provides users with easy-to-use tools that allow them to launch their own DAOs or invest in others as effortlessly as online shopping. Its core mission is to democratize investment opportunities and reduce global financial inequality by leveraging blockchain technology.
The platform is designed around several crypto-native features, including automated fund operations, escrow services, vesting schedules, and NFT receipts. These features ensure investments are executed securely and transparently using smart contracts. Investors can choose from three operational modes—Vintage, Collective, and Flex—each catering to different investment styles, levels of decision-making involvement, and fund structures, such as blind pools or deal-by-deal setups.
Vintage DAOs function similarly to traditional VC funds with designated governors managing investments, while Collective DAOs take a collaborative approach where all members decide together. Flex DAOs allow members to individually choose which deals to participate in. This versatility, combined with DAOSquare’s robust infrastructure, positions the platform as a comprehensive ecosystem for decentralized venture capital innovation.
Unfortunately, the smart contract appears to lack proper access control, which allowed some RICE tokens to be taken.
The exploit occurred because the victim contract’s `registerProtocol()` and `setMasterContractApproval()` functions lacked proper access control, allowing anyone to call these functions and authorize malicious contracts or addresses to withdraw RICE tokens without restriction.
Losses were reported as $88.1k by TenArmor.
It is unclear who is behind this token. The incident was reported on by TenArmor.
DAOSquare launched a new token, the DAOSquare Governomy Token (RICE), on both the Ethereum Mainnet and Base networks, following a previous attack on the original RICE token. Tokens have been redistributed to holders based on a snapshot taken before the attack.
There is no indication that any funds have been recovered.
Investigation and community recovery appear to be ongoing. The Gate CEX Holders and Loopring Holders still have solutions pending.
DAOSquare, a decentralized platform for launching and investing in Venture DAOs, suffered a security breach due to improper access controls in its smart contracts, allowing an attacker to withdraw RICE tokens without restriction. The exploit led to losses of approximately \$88.1k, as reported by TenArmor. In response, DAOSquare launched a new token—the DAOSquare Governomy Token (RICE)—on Ethereum Mainnet and Base, redistributing tokens to affected holders based on a pre-attack snapshot. While most distributions have been completed, recovery efforts are still ongoing, with some users on Gate CEX and Loopring awaiting resolution.
TenArmor - "Our system has detected a suspicious attack involving #RICE token and an unverified contract 0xcfe0 on #BASE, resulting in an approximately loss of $88.1K." - Twitter/X (Jul 31)
Rice Attack Transaction - BSCScan (Jul 31)
DaoSquare - "On May 25, 2025, one of DAOSquare's treasuries was attacked, resulting in 22,189,176.505973791717313474 RICE tokens being maliciously dumped into the market." - Twitter/X (Jul 31)
Typto DaoSquare - "The attacker [0x2a49c6FD18BD111d51C4ffFA6559bE1d950B8Eff] is a seasoned repeat offender. While $80,000 in illicit profits may mean little to you, you have brought devastating harm to DAOSquare. Yet we will not fall—we will emerge stronger." - Twitter/X (Jul 31)
DaoSquare - "We have deployed DAOSquare's new token—DAOSquare Governomy Token (RICE)—on Ethereum Mainnet and Base. We have also distributed these tokens to all RICE holders according to the snapshot before the RICE attack." - Twitter/X (Jul 31)
DaoSquare - "Following the attack on $RICE, we have been dedicated to reconstruction efforts. We are now pleased to announce the restart of the RICE community distribution." - Twitter/X (Jul 31)
The Victim Smart Contract - Basescan (Jul 31)
The creation of the victim smart contract. (Jul 31)
DAOSquare Homepage (Jul 31)
DaoSquare - "Big News from DAOSquare Incubator! We’ve just launched 3 innovative DAOs, each with a unique approach to onchain ventures." - Twitter/X (Jul 31)
DaoSquare Twitter/X Profile (Jul 31)
Typto (DaoSquare Founder) Twitter/X Profile (Jul 31)
Protocol Contract Graph - DaoSquare (Jul 31)
