User steals $120 000 from PeopleDAO using Google Sheets
The criminal managed to secretly add his address to the payout form
13.03.2023 - 16:15
590
1 min
0
PeopleDAO, a group formed to buy a copy of the U.S. Constitution, has lost 76.5 ETH ($120,000) to a social engineering hack on March 6 that targeted the project’s monthly contributor payout form on Google Sheets.
A combination of errors led to the theft, according to the project team. First, the accounting lead mistakenly shared a link to the payout form with edit access to a public channel on the project’s Discord Server. The hacker was able to use this edit access on the form to insert their address and a 76.5 ETH payment. The hacker then made this row invisible on the form.
This hidden row on the form escaped the team’s notice during rechecks. It also was not picked up by the multi-signature signers who executed the transfers after data from the form had been sent to the airdrop tool on Safe. As such, the attacker’s wallet received the 76.5 ETH payment. The hacker subsequently transferred the ether to two centralized exchanges — HitBTC and Binance — with 69.2 ETH ($110,000) going to the former and 7.3 ETH to the latter.
PeopleDAO says it is working with blockchain security experts like ZachXBT and SlowMist to track the hacker. The team says it also reported the matter to U.S. law enforcement agencies as well as the exchanges used by the hacker. PeopleDAO offered a 10% white hat bounty to the hacker should they return the funds. The hacker has not responded to this offer as of the time of reporting.
This material is taken from the website https://www.theblock.co.
Useful material?
Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Telegram
Twitter