Cryptocurrency hacker stole more than $ 120,000 by hacking Google Docs

A cryptocurrency hacker has stolen 76.5 ETH ($ 127,831 at the time of writing) by hacking into Google Docs. The funds belonged to the PeopleDAO cryptocommunity created to buy a copy of the US Constitution.

According to representatives of the project team, the attackers targeted the form of monthly payments to project participants, which were recorded in Google Docs. The hack was caused by a series of errors in the PeopleDAO security system.

On a public Discord channel, accountants mistakenly shared a link to the payment form, giving all users editing rights. Thus, the attacker managed to edit the Google Doc and insert his address to transfer 76.5 ETH. The hacker then made this line invisible in the form.

As a result, the project team did not notice the hidden line during repeated checks. After that, the form data was sent to the Safe distribution tool. Thus, the hacker received a payment of 76.5 ETH and then transferred the funds to two exchanges — HitBTC and Binance — 69.2 ETH and 7.3 ETH, respectively.

The project team is currently working together with blockchain security experts such as ZachXBT and SlowMist to find traces of the hacker. The hack has already been reported by US law enforcement agencies and exchanges used by the attacker to transfer funds. PeopleDAO even offered the hacker a reward of 10% of the stolen amount if he returns the funds.

The project representatives have already planned to hold demonstration sessions with team members on how to use the services and tools to avoid repeating mistakes.

As a reminder, the hacker who stole more than $ 20 million in bitcoin last fall will be imprisoned for 20 years. The hacker used ransomware to steal information from Windows-based systems and demanded payment from the victims in bitcoin using encryption. The fraudster’s victims included government agencies, law enforcement agencies, colleges, schools, and universities.