Security Incident
Some terrible news...
Dear CureDAO community,
We hope this message finds you well. We are reaching out with crucial information about a recent security incident and its repercussions on CureDAO.
Immediate Action Required:
If you’ve ever used LastPass to store a private key, you should stop reading right now and make a new wallet (ideally a hardware one).
One might say, “I’m using 2-factor authentication and a super-secret password, I’m fine.” You are not fine. This mistake has cost hundreds of major builders in the space $35 million so far.
So, actually take the 2 minutes to physically write down your obnoxiously long recovery phrase and never store it electronically.
If you are a victim of these thefts or other credential compromises, PLEASE file an IC3 report ASAP: https://ic3.gov/Home/FileComplaint
Incident Report:
Regrettably, CureDAO has fallen victim to a security breach resulting in the loss of $3,645 from our treasury, all the money we've ever had. The unauthorized transaction was executed using a compromised MetaMask wallet private key stored in LastPass and was inadvertently approved by another signer during a Gnosis safe transaction.
Identified Missteps:
Several missteps led to this incident:
Our Response:
In light of this incident, we have:
Your patience and understanding during this challenging time are immensely appreciated.
Looking Ahead:
Despite having no employees and no funds, CureDAO remains committed to minimizing suffering through developing a decentralized, futuristic FDA aimed at reducing clinical research costs. However, progress has been hampered by limited active contribution and development involvement. We invite developers interested in contributing to explore the Decentralized FDA GitHub repo (https://github.com/curedao/decentralized-fda) and join our weekly Dev Alignment meetings (https://www.curedao.org/calendar). Your involvement can significantly impact the advancement of the project.
Involvement and Tips:
If you have any questions, suggestions, or information that might assist in rectifying the situation, please contact us at hello@curedao.org.