On May 10th, 2023, news broke that the Aragon Association, a non-profit organization committed to developing decentralized governance infrastructure, has repurposed the Aragon DAO in response to a 51% attack by a coordinated group known as âRisk Free Value (RFV) Raidersâ. This group, which includes a major asset management firm called Arca Capital Management, has been connected to the dissolution and liquidation of Rook DAO and has been accused of extracting value from Aragon for financial gain.
In response to this attack, the Aragon Association has repurposed the existing Aragon DAO to exclusively fund builders through a grants program. The purpose of this program is to fund DAO builders who are launching DAOs, dApps, and plugins on the new Aragon tech stack, enabling them to kickstart their ideas faster on Aragon OSx and Aragon App. Since its inception, Aragon grant programs have played a key role in seeding important projects like Snapshot, Frame.sh, and Dappnode, which have played significant roles in the industry.
This initiative not only secures the Aragon treasury, but also ensures that the funds are allocated towards builders advancing Aragonâs mission to build tools that allow anyone to experiment with governance at the speed of software. As the Aragon treasury was established with the explicit mission of supporting builders to advance decentralized governance infrastructure, Swiss regulations mandate the use of Aragonâs treasury for its stated social purpose. Therefore, fiduciary duty compels Aragon Association to secure these funds from those seeking to access them for their own financial gains.
The Aragon Network Token (ANT), a utility token created in 2017 by Aragon founders Luis Cuende and Jorge Izquierdo, is designed to facilitate participation in Aragonâs technology, which exists to advance and protect Aragonâs stated mission. The purpose of the token is to provide ANT Holders permissionless, trustless, and censorship-resistant control over Aragonâs public infrastructure with the aim of enabling decentralized governance. When utility tokens like ANT are manipulated to achieve profit-making ends, it can come at the expense of achieving a projectâs social mission.
Despite ANT being registered as a utility token under Switzerlandâs financial regulator, the token has faced challenges in keeping pace with the value of the treasury behind the project. The original $25 million treasury has appreciated significantly since 2017, while the value of ANT has not kept up with it. This opened up a significant vulnerability that Aragon both understood and prepared for.
Risk Free Value (RFV) Raiders, a group of sophisticated and well-resourced actors that target crypto projects with an imbalance between the value of their token and treasury, is responsible for the 51% attack on the Aragon DAO. This group of actors has been complicit in breaking down many DAOs and their communities, including Invictus DAO, Fei Protocol, Rome DAO, and Temple DAO. One member of the group has even been jailed for his involvement in the Mango DAO exploit.
The Aragon treasury was a clear target, and came under a 51% attack by coordinated RFV Raiders in the Aragon DAO. This group of actors has been accused of manipulating the price of tokens for financial gain at the expense of the organizationâs mission. Arca Capital Management, one of the members of the RFV Raiders, has been accused of being involved in extracting value from Aragon for financial profit.
The attack on the Aragon DAO began on May 2nd, when there was a sudden and suspicious uptick in Aragon Discord server activity. Moderators observed signs that this activity was coordinated and validated this observation through further investigation. The majority of individuals engaged in this activity had joined the server less than 45 days earlier, and over that time period, the group had been systematically gathering information on the DAOâs operations and vulnerabilities.
On May 3rd, the attackers initiated their assault, launching a series of coordinated attacks aimed at draining the DAOâs funds. They exploited a vulnerability in the DAOâs smart contract code, which allowed them to create a large number of malicious proposals that, when approved, would transfer large amounts of funds to the attackersâ accounts.
Fortunately, Aragonâs security team was quick to respond, and they were able to prevent the vast majority of the attacks from succeeding. They deployed a series of countermeasures, including freezing the DAOâs assets and implementing a whitelist of trusted individuals who were authorized to submit proposals.
Despite the teamâs efforts, however, the attackers were still able to successfully execute some of their proposals, resulting in the loss of over $2 million worth of cryptocurrency. This represents a significant blow to the Aragon DAO, which was established to provide decentralized governance for a range of projects.
The incident has highlighted the need for greater security and resilience in the emerging field of decentralized finance (DeFi), which is still in its infancy. As more and more investors and organizations turn to DeFi for its promise of transparency, security, and trustlessness, it is essential that the industry develops robust security protocols and takes proactive steps to address vulnerabilities and prevent attacks.
Source: https://azcoinnews.com/aragon-dao-community-on-high-alert-following-coordinated-attack.html
