North Korean ties suspected in Indexed Finance treasury attack
On-chain sleuth ZachXBT says an alleged North Korean cybercriminal might be behind the attack against Indexed’s treasury.
A cybercriminal allegedly associated with DPRK initiated a hostile proposal on Nov. 18, targeting the remnants of Indexed Finance. This defunct decentralized protocol for passive portfolio management on Ethereum (ETH) suffered a $16 million attack in 2021.
There’s currently an ongoing hostile governance attack taking place against the remnants of the Indexed Finance treasury – 36K in DAI and approx. 48K in NDX before slippage.
I never thought I’d have to post about Indexed governance again (it’s been two years since… pic.twitter.com/mUUVMDnq4Q
— laurence (@functi0nZer0) November 18, 2023
According to an Indexed Finance team member, Laurence Day, the hacker initiated a proposal seeking to get control over the protocol’s treasury, holding $36,000 in DAI and nearly $48,000 in NDX, a governance token for Indexed Finance at the time.
“I never thought I’d have to post about Indexed governance again (it’s been two years since the attack, and about as long since either Dillon or I last did any work on it), but here we are.”
Laurence Day, Indexed Finance team member
However, after Day was was alarmed about the hostile proposal, those community members still holding NDX tokens responded to the warning, using their tokens to vote against the governance attack.
As of press time, 413,000 voted against its passing, while the hacker managed to get only 402,000 votes for the proposal. Although the Indexed Finance community successfully repelled the attack, NDX price plunged almost 14% amid the news down to $0.01, according to CoinGecko.
You might also like: Lazarus Group: hackers from country with no internet threaten defi
North Korea strikes back
As noted by on-chain sleuth ZachXBT, the hacker behind the governance incident, also attempted one on Relevant, a news-sharing and discussion platform.
On-chain is where things get interesting.
The person behind the Indexed Finance governance attack also attempted one on @relevantfeed via 0x9b9 earlier this month.
0x9b9 was funded by Alex Chon an alleged DPRK IT worker who has been fired from at least 2 roles for suspicious… https://t.co/vXYAmzPxnn pic.twitter.com/nXoVDaWYvZ
— ZachXBT (@zachxbt) November 18, 2023
In an X post on Nov. 19, ZachXBT added that the hacker allegedly has ties to North Korea as the hacker’s wallet was once funded by Alex Chon, an alleged North Korean IT worker who “has been fired from at least two roles for suspicious behavior.” As of press time, there is no public statement on the incident, which makes it unclear if the hacker succeeded in their efforts.
Indexed Finance suffered a flash loan attack in 2021, resulting in a loss of $16 million worth of crypto. Later, Andean Medjedovic, a graduate of the University of Waterloo, was charged with stealing crypto from Indexed Finance in a civil lawsuit. He was subject to an arrest warrant for over a year. However, authorities failed to locate him.
Read more: Hacker exploits defi protocol TheStandard.io for $264k