Bezpečnost v akci – skutečný hack a jak ho DAO napravilo
June 9, 2026
Včera DAO hlasovalo o něčem závažnějším než o testu.
Jeden z našich uživatelů byl hacknut. Celý jeho byznys – struktura NFT a partnerů – byl ukraden. A včera, hlasováním komunity, byl vrácen právoplatnému majiteli.
Mnozí z vás žádali celý příběh. Tady je, otevřeně: co se stalo, jak to bylo vyřešeno, co to dokazuje o tom, jak je tento protokol postaven, a nová bezpečnostní vrstva, kterou kvůli tomu přidáváme.
Co se stalo
Jednomu z našich účastníků byl kompromitován peněženka. Útočník získal přístup k seed frázi peněženky – hlavnímu klíči ke všemu uvnitř.
Buďme v jedné věci přesní: nešlo o narušení platformy ani chytrých kontraktů. Samotný protokol nebyl nikdy kompromitován. Útočník se do peněženky uživatele dostal starým způsobem – krádeží klíčů.
V tu chvíli byla dočasně povolena funkce Business Sale. Aktivovali jsme ji dříve jako součást testu správy DAO a veřejně jsme to oznámili. Útočník využil toto otevřené okno. S kontrolou nad kompromitovanou peněženkou spustil převod byznysu a přesunul celý účet oběti – NFT a celou strukturu partnerského stromu – na svou vlastní adresu.
Byznys budovaný měsíce, pryč v jediné transakci.
Než cokoliv jiného – nejdůležitější věc
Abyste pochopili, jak to bylo vyřešeno, musíte nejprve pochopit, co se stát NEMOHLO.
Tým nemá přístup k vašemu byznysu. Vůbec žádný.
Nemůžeme přesunout vaše NFT. Nemůžeme se dotknout vaší struktury. Nemůžeme zmrazit, zabavit ani převést nic ve vašem účtu. To není politika, kterou bychom mohli zítra tiše změnit – takto jsou postaveny chytré kontrakty, potvrzeno auditem CertiK a vynuceno samotným blockchainem.
To je to, co decentralizace skutečně znamená. Kdybychom mohli sahat do účtů a věci „opravovat
So when the hack happened, there was no admin button to press. There couldn't be. And that is by design.
How it was actually resolved
What there is, is the DAO.
The victim contacted support. Their upline leader - the person who originally brought them into the ecosystem - stood with them and confirmed the situation. The team verified the owner's identity and their exclusive control of a new, secure wallet. And then the only mechanism with the authority to act was set in motion: a community vote.
Two proposals went on-chain:
1. Disable Business Sale. The governance test phase was complete anyway, and the open transfer path was the exact surface the attacker used. The DAO voted to switch the function off protocol-wide. It stays off until a future vote decides otherwise.
2. Recover the stolen account. The DAO authorized migrating the stolen position - the NFT, the structure, everything attached to it - from the attacker's address to a new wallet controlled solely by the verified owner. Not back to the original wallet: that one is still compromised, and returning the business there would hand it straight back to the same attacker.
Both proposals passed. Both executed on-chain. The full proposal texts are public on the DAO page for anyone who wants every detail.
The result: the owner is back in business from a secure wallet. The attacker's address is left with nothing.
For the record, the DAO also holds the power to freeze a malicious account entirely. In this case it wasn't even needed - the migration itself stripped the attacker of every position they held.
What this proves
We planned a governance test to validate proposals, voting, and execution. What we got instead was a live incident that put the entire security model under real pressure.
The model held:
The team alone could do nothing - by design.
The community, through the DAO, could do everything needed - close the attack surface, strip the attacker, restore the owner.
That combination is the whole point. No single party - not the team, not any individual - can touch your assets. But the community, acting together through an open on-chain vote, can restore justice when something goes wrong.
Centralized platforms give you the second without the first. Most DeFi gives you the first without the second. This protocol has both.
What you should do right now
The protocol's defenses worked. But this incident started where most incidents start: with a compromised wallet. The strongest security layer is the one you set up yourself.
Three things, today:
1. Set your financial password. A separate password required for moving funds, independent from your login. If a scammer gets into your account without it, they hit a wall.
2. Enable every security layer the platform gives you. TAN codes for transactions, 2FA, and the official Telegram bot for action verification. Each layer is one more thing an attacker has to break.
3. Protect your seed phrase like it is the business itself. Because it is. Never type it into any website, never share it with anyone, never store it in cloud notes or screenshots.
If these layers are not set up, an attacker who gets inside can move fast. Every layer you enable slows them down or stops them completely.
New: the Secret Code
This case showed us where one more layer makes sense. So we're adding it.
Within the next week, we are rolling out the Secret Code - a new element of the account security system.
How it works:
When you generate your financial password, the system creates a Secret Code - one random word, shown to you once.
If you already have a financial password, your code will be shown to you as well.
Write it down and store it offline. Treat it the way you treat a seed phrase.
From then on, any security-sensitive request to support - resetting a financial password, recovery actions, anything in that category - will require you to name your Secret Code.
No code, no changes. Even if an attacker takes over your email or messages, they cannot impersonate you to support without that word.
Yesterday's vote did more than fix one account. It demonstrated - in production, with real stakes - that this protocol can protect its users without anyone holding centralized power over them.
The user who was attacked has their business back. The attacker walked away with nothing. The community made it happen - openly, on-chain, by vote.
Justice prevailed. That's the system working exactly as designed.