Skip to main content
Sign in
DAO Maker1 decision on this page

Audit log

Every state-changing event for DAO Maker: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-31 06:59:12Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,324,512
    sig
    9v2TvQkkg8Bg…72fv2X6rexplorer ↗
    hash
    23yX13DfZ2Vv…cxym4iJUsha256 → base58
    verifying row…full verify ↗
    canonical bytes (18960 B) ▸
    {"actor":"system:backfill","investigation_id":"1663ca58-914e-4143-b2cc-4125f3a5dba5","kind":"publish","page_slug":"dao-maker","published_at":"2026-05-31T06:59:12.224Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"DAO Maker","sections":[{"content":"DAO Maker was founded in 2018 by Christoph Zaknun (CEO) and Giorgio Marciano (CTO). The platform operates as a launchpad for early-stage blockchain projects, offering fundraising tools including the Strong Holder Offering (SHO), Dynamic Coin Offering (DYCO), Social Mining, and Venture Bonds. The SHO model allocates token sale allocations to participants based on how long they hold the platform's native DAO governance token, aiming to reward committed holders over short-term traders. As of 2025–2026, the platform has reportedly facilitated over 109 total projects and raised more than $212 million in total funds. The DAO token is an ERC-20 governance token on Ethereum, and the platform has also expanded to the Base blockchain.","heading":"Platform Overview","severity":"low","sources":[{"credibility":2,"name":"What is DAO Maker (DAO)? – OKX","type":"news","url":"https://www.okx.com/en-us/learn/what-is-dao-maker"},{"credibility":2,"name":"DAO Maker – Golden.com Wiki","type":"news","url":"https://golden.com/wiki/DAO_Maker-W4JMA8A"},{"credibility":3,"name":"DAO Maker Review: Launchpad, DAO Token, Staking and 2026 Outlook – Crypto Adventure","type":"news","url":"https://cryptoadventure.com/dao-maker-review-launchpad-dao-token-staking-and-2026-outlook/"}]},{"content":"On August 12, 2021, at approximately 1 AM UTC, an attacker exploited a vulnerability in DAO Maker's SHO smart contract, draining 7,376,245 USDC from user wallets. The exploit affected 5,251 users with an average loss of approximately $1,250 per person. Blockchain security firm PeckShield first publicly flagged the incident. According to CEO Christoph Zaknun, the breach resulted from 'malicious use of one of our wallets with access to admin privileges.' SlowMist's post-incident analysis identified the root cause as a leaked or compromised private key belonging to the contract administrator. The attacker exploited compromised admin credentials to replace the legitimate DAO contract reference with a malicious contract, then invoked the withdrawFromUser() function to transfer USDC from user balances to the attacker's address. The stolen USDC was subsequently swapped for approximately 2,261.45 ETH to prevent blacklisting by Circle. A notable red flag identified by researchers was that the vulnerable contract had not been verified on Etherscan at the time of the attack. The DAO token dropped approximately 15% in value on news of the breach.","heading":"August 2021 SHO Contract Exploit ($7 Million)","severity":"critical","sources":[{"credibility":1,"name":"Crypto Fundraising DAO Loses Over $7M in Latest Crypto Exploit – CoinDesk","type":"news","url":"https://www.coindesk.com/markets/2021/08/12/crypto-fundraising-dao-loses-over-7m-in-latest-crypto-exploit"},{"credibility":2,"name":"DAO Maker Suffers $7 Million Exploit – Crypto Briefing","type":"news","url":"https://cryptobriefing.com/dao-maker-suffers-7-million-exploit/"},{"credibility":2,"name":"SlowMist: An Analysis of the Attack on DAO Maker","type":"news","url":"https://slowmist.medium.com/slowmist-an-analysis-of-the-attack-on-dao-maker-627fcccd8fcb"},{"credibility":2,"name":"Aug 2021 – DAO Maker Exploit Case Study – Quadriga Initiative","type":"news","url":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php"},{"credibility":2,"name":"DAO Maker becomes latest DeFi platform to suffer an attack – Invezz","type":"news","url":"https://invezz.com/news/2021/08/12/dao-maker-becomes-latest-defi-platform-to-suffer-an-attack-loses-7m/"}]},{"content":"On September 4, 2021, DAO Maker suffered a second exploit, this time targeting its token vesting contract. The attack exploited an unauthenticated init() function in the vesting contract, which allowed the attacker to reinitialize contract ownership without authentication, effectively becoming the owner. Using the new owner privileges, the attacker called the emergencyExit() function to extract tokens from four separate contracts and swapped the proceeds into DAI. Affected token contracts included DeRace Token (DERC), CoinsPaid (CPD), Capsule Coin (CAPS), and Showcase Token (SHO). The attacker extracted approximately $4 million in net profit from this second exploit. Blockchain security firm SlowMist provided a detailed post-mortem, describing the vulnerability as 'unauthenticated Init initialization.' The occurrence of a second significant exploit within weeks of the first raised material concerns about DAO Maker's security review and contract deployment practices.","heading":"September 2021 Vesting Contract Exploit (~$4 Million)","severity":"critical","sources":[{"credibility":2,"name":"SlowMist: DAO Maker's vesting system was hacked","type":"news","url":"https://slowmist.medium.com/intelligence-of-slowmist-zone-dao-makers-vesting-system-was-hacked-5825e4828969"},{"credibility":2,"name":"Hacked: Blockchain Security Firm SlowMist Shares Analysis of Recent DAO Maker Exploit – Crowdfund Insider","type":"news","url":"https://www.crowdfundinsider.com/2021/09/179967-hacked-blockchain-security-firm-slowmist-shares-analysis-of-recent-dao-maker-exploit/"},{"credibility":2,"name":"Sep 2021 – DAO Maker Insufficient Authentication Case Study – Quadriga Initiative","type":"news","url":"https://www.quadrigainitiative.com/casestudy/daomakerinsufficientauthentication.php"},{"credibility":2,"name":"DAO Maker Hack: A $4 Million Lesson in Smart Contract Security – Vidma","type":"news","url":"https://www.vidma.io/blog/dao-maker-hack-a-4-million-lesson-in-smart-contract-security"}]},{"content":"Following the August 2021 exploit, DAO Maker announced a two-phase compensation plan. Phase 1 promised an immediate airdrop of $500 USDC per affected user, with a further 30–50% of total losses refunded in USDC by August 19, 2021. Phase 2 introduced an IOU token called USDR, airdropped on September 8, 2021, which represented the remaining unpaid losses and was to be redeemable for DAO tokens at 110% face value within one year, with an expiration date of September 8, 2022. An additional 0.2 DAO Power per USDR held was promised. As of late 2022, approximately 3,500 wallet addresses held roughly $3.5 million in unredeemed USDR tokens. In October 2022, a governance proposal surfaced on DAO Maker's Discord — posted by a user identified as @Dante.eth — to suspend or reduce the USDR redemption obligation. Critics alleged that the proposal was framed misleadingly as 'Prevent Major $DAO DUMP' rather than as a reimbursement cancellation, obscuring the impact on hack victims. The proposal passed with 61.72% of voting tokens in favor. Community investigators reported that these votes were concentrated in only six wallet addresses, and alleged that the DAO Maker team funded new wallets with DAO tokens to ensure the outcome. The option that passed reportedly allowed redemption at only 50% of par value. Following the vote, USDR redemptions were reportedly made unavailable, and the tokens were rendered redeemable only for DAO Power (a non-liquid, in-platform utility), effectively reducing them to zero monetary value. The governance proposal was subsequently deleted from DAO Maker's Snapshot page. Victims told CoinTelegraph in 2024 that they had still received no further compensation. The rekt.news investigation also documented that some victims discovered a short-lived secondary market liquidity pool for USDR, where tokens traded at approximately 80 cents on the dollar prior to the pool being removed.","heading":"Compensation Plan and Alleged Failure to Reimburse Victims","severity":"critical","sources":[{"credibility":1,"name":"DAO Maker hack victims still await reimbursement 3 years later – CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack"},{"credibility":2,"name":"DAO Maker – Community Investigates – Rekt News","type":"news","url":"https://rekt.news/dao-maker-community-investigates"},{"credibility":2,"name":"Aug 2021 – DAO Maker Exploit Case Study – Quadriga Initiative","type":"news","url":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php"}]},{"content":"The October 2022 governance vote to cancel USDR redemptions has been the subject of substantial community criticism. According to on-chain data documented by community investigators, the 61.72% majority in favor of suspending full redemption was cast by only six wallet addresses. The majority of individual token holders voted for Option 1, which would have honored the original compensation terms, but these holders did not possess sufficient token weight to override the large concentrated positions. Critics alleged that the DAO Maker team may have used its own treasury or team token allocations — distributed across newly created wallets — to ensure the vote's passage, constituting a structural misuse of governance mechanisms to avoid fulfilling financial obligations to exploit victims. The governance proposal was later deleted from the public Snapshot record. These allegations remain unverified by any independent on-chain audit or legal authority and should be treated as community-sourced claims; however, they have been widely documented in reputable crypto media.","heading":"Governance Manipulation Allegations","severity":"high","sources":[{"credibility":2,"name":"DAO Maker – Community Investigates – Rekt News","type":"news","url":"https://rekt.news/dao-maker-community-investigates"},{"credibility":1,"name":"DAO Maker hack victims still await reimbursement 3 years later – CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack"}]},{"content":"Following the 2021 exploits, DAO Maker stated it had migrated funds to secure wallets, ceased use of pre-funding contracts, implemented non-custodial staking systems, and closed all vault contracts holding user funds. The platform engaged CipherBlade for blockchain forensics following the August 2021 incident. DAO Maker smart contracts have since undergone audits by CertiK and Hacken. CertiK's Skynet platform assigned DAO Maker a security score of 85.84 (Grade A) as of its last published evaluation, based on five audits with the most recent completed on February 17, 2022. CertiK identified one major centralization/privilege concern (acknowledged but not resolved), one minor logical issue (resolved), and two informational findings. Code audit coverage was noted at 17% — a relatively low proportion. DAO Maker has not established a public bug bounty program through CertiK. The team identity is verified as named/public. Despite these post-hack measures, the recurrence of a second exploit within weeks of the first and the noted unverified contract state at the time of the August 2021 breach indicate historical deficiencies in security practice.","heading":"Security Posture and Post-Incident Measures","severity":"medium","sources":[{"credibility":2,"name":"DAO Maker audits – Hacken","type":"news","url":"https://hacken.io/audits/dao-maker/"},{"credibility":2,"name":"DAO Maker – CertiK Skynet Project Insight","type":"news","url":"https://skynet.certik.com/projects/daomaker"},{"credibility":2,"name":"Aug 2021 – DAO Maker Exploit Case Study – Quadriga Initiative","type":"news","url":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php"}]},{"content":"As of 2025–2026, DAO Maker remains an active launchpad platform accessible at app.daomaker.com. The platform has reportedly facilitated over 109 projects and expanded its blockchain integrations, including a launch of the DAO token on Base. The platform's X (Twitter) account (@daomaker) remains active. No regulatory actions by the SEC, CFTC, or other government bodies against DAO Maker have been identified in publicly available records as of the date of this investigation. The DAO governance token continues to trade on major exchanges. However, the unresolved compensation dispute and the alleged governance manipulation represent ongoing reputational and trust concerns for prospective users of the platform.","heading":"Current Operational Status","severity":"medium","sources":[{"credibility":2,"name":"DAO Maker (@daomaker) – X","type":"official","url":"https://x.com/daomaker"},{"credibility":3,"name":"DAO Maker Launchpad – CryptoTotem","type":"news","url":"https://cryptototem.com/launchpads/daomaker-launchpad/"},{"credibility":3,"name":"DAO Maker Review 2026 – Crypto Adventure","type":"news","url":"https://cryptoadventure.com/dao-maker-review-launchpad-dao-token-staking-and-2026-outlook/"}]}],"sources_used":[{"name":"Crypto Fundraising DAO Loses Over $7M in Latest Crypto Exploit – CoinDesk","type":"news","url":"https://www.coindesk.com/markets/2021/08/12/crypto-fundraising-dao-loses-over-7m-in-latest-crypto-exploit"},{"name":"DAO Maker hack victims still await reimbursement 3 years later – CoinTelegraph","type":"news","url":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack"},{"name":"DAO Maker – Community Investigates – Rekt News","type":"news","url":"https://rekt.news/dao-maker-community-investigates"},{"name":"DAO Maker Suffers $7 Million Exploit – Crypto Briefing","type":"news","url":"https://cryptobriefing.com/dao-maker-suffers-7-million-exploit/"},{"name":"SlowMist: An Analysis of the Attack on DAO Maker","type":"news","url":"https://slowmist.medium.com/slowmist-an-analysis-of-the-attack-on-dao-maker-627fcccd8fcb"},{"name":"SlowMist: DAO Maker's vesting system was hacked","type":"news","url":"https://slowmist.medium.com/intelligence-of-slowmist-zone-dao-makers-vesting-system-was-hacked-5825e4828969"},{"name":"Hacked: SlowMist Shares Analysis of Recent DAO Maker Exploit – Crowdfund Insider","type":"news","url":"https://www.crowdfundinsider.com/2021/09/179967-hacked-blockchain-security-firm-slowmist-shares-analysis-of-recent-dao-maker-exploit/"},{"name":"Aug 2021 – DAO Maker Exploit Case Study – Quadriga Initiative","type":"news","url":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php"},{"name":"Sep 2021 – DAO Maker Insufficient Authentication – Quadriga Initiative","type":"news","url":"https://www.quadrigainitiative.com/casestudy/daomakerinsufficientauthentication.php"},{"name":"DAO Maker – CertiK Skynet Project Insight","type":"other","url":"https://skynet.certik.com/projects/daomaker"},{"name":"DAO Maker audits – Hacken","type":"other","url":"https://hacken.io/audits/dao-maker/"},{"name":"DAO Maker becomes latest DeFi platform to suffer an attack – Invezz","type":"news","url":"https://invezz.com/news/2021/08/12/dao-maker-becomes-latest-defi-platform-to-suffer-an-attack-loses-7m/"},{"name":"DAO Maker Hack: A $4 Million Lesson in Smart Contract Security – Vidma","type":"news","url":"https://www.vidma.io/blog/dao-maker-hack-a-4-million-lesson-in-smart-contract-security"},{"name":"DAO Maker – Golden.com Wiki","type":"other","url":"https://golden.com/wiki/DAO_Maker-W4JMA8A"},{"name":"What is DAO Maker (DAO)? – OKX","type":"news","url":"https://www.okx.com/en-us/learn/what-is-dao-maker"},{"name":"DAO Maker (@daomaker) – X","type":"official","url":"https://x.com/daomaker"}],"summary":"DAO Maker is a crypto fundraising and launchpad platform founded in 2018 by Christoph Zaknun and Giorgio Marciano, known for its Strong Holder Offering (SHO) and Dynamic Coin Offering (DYCO) mechanisms. The platform suffered two confirmed exploits in August and September 2021 totaling approximately $11 million in losses, affecting over 5,200 users. A promised multi-phase compensation plan was subsequently undermined by an alleged governance vote manipulation, leaving a significant portion of hack victims unreimbursed as of 2024.","timeline":[{"date":"2018-01-01","event":"DAO Maker founded by Christoph Zaknun and Giorgio Marciano.","source":"Golden.com Wiki","source_url":"https://golden.com/wiki/DAO_Maker-W4JMA8A"},{"date":"2021-08-12","event":"DAO Maker SHO contract exploited via compromised admin private key; 7,376,245 USDC drained from 5,251 user wallets. Attacker converts funds to ~2,261 ETH. PeckShield first reports publicly.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2021/08/12/crypto-fundraising-dao-loses-over-7m-in-latest-crypto-exploit"},{"date":"2021-08-19","event":"DAO Maker airdrops initial USDC compensation to affected users, covering approximately 30–50% of losses.","source":"Quadriga Initiative Case Study","source_url":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php"},{"date":"2021-09-04","event":"DAO Maker vesting contract exploited via unauthenticated init() function; attacker drains ~$4 million from four token contracts (DERC, CPD, CAPS, SHO tokens) using emergencyExit().","source":"SlowMist Medium","source_url":"https://slowmist.medium.com/intelligence-of-slowmist-zone-dao-makers-vesting-system-was-hacked-5825e4828969"},{"date":"2021-09-08","event":"DAO Maker airdrops USDR IOU tokens to hack victims representing remaining unpaid compensation, redeemable for DAO tokens at 110% face value by September 8, 2022.","source":"Quadriga Initiative Case Study","source_url":"https://www.quadrigainitiative.com/casestudy/daomakerexploit.php"},{"date":"2022-02-17","event":"CertiK completes most recent security audit of DAO Maker contracts, assigning a score of 85.84; identifies one major centralization/privilege concern.","source":"CertiK Skynet","source_url":"https://skynet.certik.com/projects/daomaker"},{"date":"2022-09-08","event":"USDR token redemption deadline passes; ~3,500 addresses still hold approximately $3.5 million in unredeemed USDR tokens.","source":"Rekt News","source_url":"https://rekt.news/dao-maker-community-investigates"},{"date":"2022-10-03","event":"Governance proposal surfaces on DAO Maker Discord proposing suspension of USDR redemptions, framed as 'Prevent Major $DAO DUMP.' Proposal attributed to user @Dante.eth.","source":"Rekt News","source_url":"https://rekt.news/dao-maker-community-investigates"},{"date":"2022-10-16","event":"Governance vote closes; option to redeem USDR at 50% of par value passes with 61.72% of voting tokens, allegedly concentrated in six wallet addresses. Proposal subsequently deleted from Snapshot.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack"},{"date":"2024-01-01","event":"CoinTelegraph reports that hack victims still have not received remaining reimbursement three years after the exploit; USDR tokens rendered non-redeemable for monetary value.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/dao-maker-victims-still-await-reimbursement-3-years-after-hack"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision ef5bb837-118e-4622-b29d-e24ab88b95fa
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.