Welcome to the first edition of DAO Digest, a monthly recap of notable events, missteps, and milestones across the decentralized governance landscape.

This newsletter is part of Lokapal Action, and aims to document the evolution of DAOs through real-world incidents and decisions — not just by tracking trends, but by observing what happens when theory meets practice.

In this inaugural issue, we spotlight three very different stories:

• A preventable $2M smart contract exploit,

• A successful containment of an oracle compromise,

• And a decentralized Layer 2 project attracting elite leadership without centralized backing.

Each case offers a glimpse into what makes (or breaks) resilient, self-governing systems.

Mobius DAO suffered a catastrophic exploit just days after launching, losing over $2.1 million due to a fatal error in a closed-source smart contract deployed on BSC.

The contract, responsible for pricing a BNB/USDT pair, included a misapplied 1e18 multiplier—after already normalizing reserve values. This single oversight allowed an attacker to mint quadrillions of MBU tokens for a mere 0.001 BNB, which were then used to drain a CakeSwap liquidity pool.

The exploit didn’t even require advanced tactics. The absence of liquidity checks, reliance on volatile spot prices, and potential mishandling of token decimals (like USDT’s 6 vs. 18 decimals) all compounded the issue—but the root cause was simpler: no proper testing and lack of transparency.

Lido, the leading Ethereum staking protocol, remained fully operational and secure despite a targeted compromise of one of its reporting oracles, which led to the loss of 1.46 ETH (~$3,800).

The incident triggered an emergency DAO vote to rotate the compromised oracle address. According to Chorus One, the operator of the affected oracle, this appears to be an isolated attack, not part of a broader breach. Their full audit found no further compromise.

Importantly, Lido’s multi-oracle design (5-of-9 consensus) ensured the core protocol was never at risk. As Lido’s head of validators noted, even in the worst case, the impact would be limited to delays in stETH rebase updates, with minimal effect on most holders.

DAO note: Oracles are a governance edge case — critical infrastructure, yet often overlooked until they’re breached. Lido’s design shows how decentralization can contain damage before it spreads.

Modulus, the Layer 2 zkEVM solution developed by Cult DAO, just announced three high-profile leadership appointments — all without venture capital, private funding, or a traditional founding team.

New appointees include:

• Dr. Murdoch Gabbay (Chief Technology Officer)

• Dr. Tirath Virdee (Advisor for AI & Quantum Computing)

• Mauro Grandinetti (Financial Ecosystem Strategist)

This marks a major milestone for decentralized, community-led infrastructure, proving that strong signaling and technical vision can draw world-class contributors even in the absence of centralized leadership or token-driven incentives.

Modulus is currently in testnet and features opt-in privacy, a custom bridge, and a fully decentralized zkEVM, with mainnet expected later this year.

DAO note: When community-driven protocols demonstrate strong vision, clarity of purpose, and sustained engagement, they don’t just match traditional orgs — they challenge their relevance.

DAO Digest is not an endorsement or condemnation of any project. It’s a record of what happened — a mirror for the ecosystem to see itself.

We’ll be back next month with more signals from the frontier of decentralized governance.

Until then, stay observant — and stay decentralized.