Logo

安全行动——一次真实的黑客攻击,以及DAO如何夺回失窃资产

June 9, 2026
安全行动——一次真实的黑客攻击,以及DAO如何夺回失窃资产

昨天,DAO就一件比测试更严肃的事情进行了投票。

我们的一位用户遭到了黑客攻击。他们的整个业务——NFT和合伙人结构——被盗。而昨天,经过社区投票,这一切被归还给了合法所有者。

很多人想知道完整的故事。这里是公开的陈述:发生了什么、如何解决、这证明了协议的构建方式,以及我们因此新增的安全层。

事件经过

我们的一位参与者的钱包遭到入侵。攻击者获取了钱包的助记词——这是钱包内所有资产的主密钥。

有一点需要明确:这不是平台或智能合约的漏洞。协议本身从未被攻破。攻击者用的是最老套的方式入侵用户钱包——直接盗取密钥。

当时,业务出售功能临时处于启用状态。我们此前作为DAO治理测试的一部分激活了该功能,并公开宣布。攻击者利用了这个开放窗口。控制了被入侵的钱包后,他们触发了业务转移,将受害者的整个账户——NFT和完整的合伙人树结构——转移到了自己的地址。

一个历经数月建立的业务,一笔交易就消失了。

在讲其他任何事之前——最重要的一点

要理解这件事是如何解决的,你首先需要明白什么是不可能发生的。

团队无法访问你的业务。完全不行。

我们无法移动你的NFT。我们无法触碰你的结构。我们无法冻结、没收或转移你账户中的任何东西。这不是我们明天可以悄悄修改的政策——这是智能合约的构建方式,经CertiK审计确认,并由区块链本身强制执行。

这才是去中心化的真正含义。如果我们能随意进入账户自行

So when the hack happened, there was no admin button to press. There couldn't be. And that is by design.

How it was actually resolved

What there is, is the DAO.

The victim contacted support. Their upline leader - the person who originally brought them into the ecosystem - stood with them and confirmed the situation. The team verified the owner's identity and their exclusive control of a new, secure wallet. And then the only mechanism with the authority to act was set in motion: a community vote.

Two proposals went on-chain:

1. Disable Business Sale. The governance test phase was complete anyway, and the open transfer path was the exact surface the attacker used. The DAO voted to switch the function off protocol-wide. It stays off until a future vote decides otherwise.

2. Recover the stolen account. The DAO authorized migrating the stolen position - the NFT, the structure, everything attached to it - from the attacker's address to a new wallet controlled solely by the verified owner. Not back to the original wallet: that one is still compromised, and returning the business there would hand it straight back to the same attacker.

Both proposals passed. Both executed on-chain. The full proposal texts are public on the DAO page for anyone who wants every detail.

The result: the owner is back in business from a secure wallet. The attacker's address is left with nothing.

For the record, the DAO also holds the power to freeze a malicious account entirely. In this case it wasn't even needed - the migration itself stripped the attacker of every position they held.

What this proves

We planned a governance test to validate proposals, voting, and execution. What we got instead was a live incident that put the entire security model under real pressure.

The model held:

  • The team alone could do nothing - by design.

  • The community, through the DAO, could do everything needed - close the attack surface, strip the attacker, restore the owner.

That combination is the whole point. No single party - not the team, not any individual - can touch your assets. But the community, acting together through an open on-chain vote, can restore justice when something goes wrong.

Centralized platforms give you the second without the first. Most DeFi gives you the first without the second. This protocol has both.

What you should do right now

The protocol's defenses worked. But this incident started where most incidents start: with a compromised wallet. The strongest security layer is the one you set up yourself.

Three things, today:

1. Set your financial password. A separate password required for moving funds, independent from your login. If a scammer gets into your account without it, they hit a wall.

2. Enable every security layer the platform gives you. TAN codes for transactions, 2FA, and the official Telegram bot for action verification. Each layer is one more thing an attacker has to break.

3. Protect your seed phrase like it is the business itself. Because it is. Never type it into any website, never share it with anyone, never store it in cloud notes or screenshots.

If these layers are not set up, an attacker who gets inside can move fast. Every layer you enable slows them down or stops them completely.

New: the Secret Code

This case showed us where one more layer makes sense. So we're adding it.

Within the next week, we are rolling out the Secret Code - a new element of the account security system.

How it works:

  • When you generate your financial password, the system creates a Secret Code - one random word, shown to you once.

  • If you already have a financial password, your code will be shown to you as well.

  • Write it down and store it offline. Treat it the way you treat a seed phrase.

  • From then on, any security-sensitive request to support - resetting a financial password, recovery actions, anything in that category - will require you to name your Secret Code.

No code, no changes. Even if an attacker takes over your email or messages, they cannot impersonate you to support without that word.

Yesterday's vote did more than fix one account. It demonstrated - in production, with real stakes - that this protocol can protect its users without anyone holding centralized power over them.

The user who was attacked has their business back. The attacker walked away with nothing. The community made it happen - openly, on-chain, by vote.

Justice prevailed. That's the system working exactly as designed.