Introduction/Summary
On 5 Nov 2021, a developer’s personal wallet was compromised in a targeted phishing attack, and since he controlled the admin private keys to the BSC and Polygon deployments of Fulcrum, those deployments were compromised as well. The Ethereum deployment is controlled by the bZx DAO, and was not compromised and is not directly affected.
This attack stole admin private keys and did not exploit the actual protocol code in any way, and the protocol remains safe. To put it in other words, the best lock in the world cannot help you if someone steals the key from your pocket.
As a result of this attack, approximately $55 million worth of cryptocurrency (prices at the time of the attack) was stolen by the attacker, from both the protocol smart contracts on BSC and Polygon and from individual user wallets which had given token spending approval to the Fulcrum smart contracts on BSC/Polygon and not revoked it.
The stolen assets include a number of tokens, and by far the largest part of the stolen assets are in the bZx native token, BZRX (approximately 42m BZRX, worth around $19m at the time of the attack, or more than 1/3 of the total attack value). I understand from the Telegram discussions that more than half of the BZRX stolen was the personal assets of the development team - approximately 22m BZRX, as well as a significant but unknown portion of the other stolen assets.
More details and a full accounting of the losses are to be found in the official Post Mortem of the incident posted on the bZx blog.
Disclosure: I am not a member of the development team and I am not paid by the DAO. However, I am a long-time community member and holder of BZRX since the 2018 ICO. All my personal BZRX was on Ethereum at the time of the hack and none of it was taken. However, I have lost a significant amount because I hold PGOV/BGOV and hadn’t swapped them to BZRX, and the BZRX for the swap was stolen by the attacker.
The purpose of this post is to consolidate the discussions about compensation by the bZx DAO to the victims of this attack and make a comprehensive proposal about the way forward. There have been active discussions about the amount and nature of compensation and the constraints faced by the protocol on this Forum and Telegram groups and elsewhere since the attack.
This proposal builds on the various different proposals and combines them into a whole.
Comments on all aspects of this proposal are invited and I hope that after 2-3 days discussion, this proposal (with modifications if any) can be progressed to a Snapshot vote, followed by an on chain DAO vote of BZRX holders perhaps around 22 Nov to approve it. The hope is that the compensation plan can be finalised and approved before the end of November.
It is important to note that the bZx DAO treasury currently holds approximately 43.4m BZRX (about $15.2m at today’s prices) and about 350m vBZRX (which is a form of tokenised vested BZRX which slowly converts into BZRX until July 2024). The treasury’s 350m vBZRX converts into BZRX at a rate of approximately 7m BZRX per month. I have not given a price for vBZRX because although it is technically tradable on Balancer, the market is highly illiquid and valuation is complex and it is not practical to sell it in large amounts - only to sell BZRX (if needed).
Proposal
Keeping the above points in mind, I propose the following (keep in mind that many people will be in more than one category below):
-
All those who lost BZRX in the attack (except for the development team) be compensated in full directly from the bZx DAO with BZRX. This will involve a payment of about 20m BZRX, or less than half of the liquid BZRX in the treasury directly to victims (no selling of BZRX). To be clear, this will also include setting up a new swap contract on BSC/Polygon so that the people who did not swap their BGOV/PGOV for BZRX before the attack, are now able to do so, including those who are PGOV/BGOV LPs (since the BZRX bridged to BSC/Polygon for this purpose has now been stolen).
-
The development team’s personal losses of BZRX will also be compensated in full, but they will be paid in vBZRX (not BZRX) which will vest slowly until July 2024. This is done partly to maintain liquid BZRX funds in the treasury for the operation of the protocol and not empty the treasury, and also as a gesture to the community and other victims of the attack who are having to accept a debt token and cannot be paid back immediately.
-
All other losses resulting from the attack (in all other tokens) will be compensated by issuing a debt token at a 25% premium to be repaid over time by the protocol from 20% of protocol revenue and fees. This approach has some similarities to what Pickle Finance and Indexed Finance did after their hacks, although there are differences.
In effect the bZx DAO is making a commitment to repay the remaining losses over time, similar to a loan with a 25% premium.
Specifically, a tradable debt token will be issued with an initial face value of $1, and it will be given to victims in a 1.25:1 ratio to their losses. So for example, someone who lost $10,000 in the attack will receive 12,500 debt tokens nominally worth $12,500 when fully repaid (although the actual market value will vary and initially be much lower than that).
The DAO commits to using 20% of protocol fees earned on all 3 current deployments (BSC, Polygon, Ethereum), as well as all future deployments (unknown at this stage, but possibly Optimism, Arbitrum, AVAX, etc) to market buy the debt tokens at least once every month (possibly more) up to a token price of $1 (the face value of the token) until all the tokens are purchased and the losses from the attack are repaid in full (with premium).
All attack victims who hold the debt tokens till the buyback is completed will therefore receive 125% of their losses in compensation in return for waiting. Victims can of course choose to sell or trade their debt tokens at any time, but the initial liquidity pool will be seeded at a price far below $1 in order to discourage the first claimants of the debt token from dumping their tokens into the liquidity pool in the first minutes and hours and making a profit at the expense of those who are slower to claim their tokens. Instead, the market price of the token will rise naturally over time as the debt token is bought back by the DAO and reward long term holders.
- Any assets recovered from the attacker (unknown at this time, although there is speculation that some of the USDT may be recoverable) will be given directly back to the victims who lost that particular token. So for example if 50% of USDT is recovered, then it will be shared among all victims who lost USDT in proportion to their losses, and their allotment of the debt token accordingly reduced. However, this only applies until the debt token is issued and claimed. Once the debt token is issued, all recoveries will be used to market buy the debt token and benefit all victims equally. This is done to prevent double dipping by victims of the recovered currency - you cannot get debt tokens for all your losses AND get a share of the recovered assets.
Analysis
There are a number of points I want to emphasise about this proposal.
The main one is that everyone has lost money and that we - as the DAO community - should do our best to make it right and compensate people to the best of the DAO’s ability.
However, it is not physically possible for the DAO to directly compensate all losses and make everyone happy. Some compromises have to be made in order to keep the protocol functional and ensure it has a future.
With that in mind, here are some more points to keep in mind:
-
The large majority of DeFi projects that have been attacked do not offer any compensation at all. While the DAO has a moral obligation to make things right to the extent possible, the legal position is extremely unclear and will vary from country to country and there is certainly no settled or well accepted legal right to compensation in DeFi. The DAO should do the right thing and compensate victims in full because it is the right thing to do and for no other reason - but there are limits to what it can accomplish.
-
Even if the entire bZx DAO treasury was emptied and given to victims (ie, the liquid 43m BZRX, currently worth about $15m), this would only cover less than 1/3 of the losses from the attack in theory. In practice, most of the BZRX given as compensation would be market sold and the price driven so low that the actual recovery would much less than 1/3 of the losses - maybe 1/10th or less (also, most of the liquidity for BZRX is on Binance, but for technical reasons, it is difficult for the DAO to sell on a CEX - and DEX liquidity is even worse, aggravating this problem).
In addition, if the treasury is emptied it would make it much more difficult for the project to continue as a viable project, which would make it even more difficult to repay 100% of losses over time. See for example what happened recently to CREAM and the token price crashing when they emptied their treasury to compensate victims of their recent hack - simply the announcement of the compensation plan drove the token price down 40% (and reduced the compensation for losses to 60%) before people even started claiming the compensation and selling it.
- Perhaps the biggest criticism about this proposal might be that BZRX holders are essentially voting to repay themselves in full from the treasury (except for the dev team who only get vBZRX) while the rest of the victims only get a debt token that may not be paid off for a long time. Leaving aside the fact that most BZRX holders (especially the large ones who are holding from the ICO in 2018) are the most loyal, long term supporters of the project, they are also some of the biggest users of the platform and have also lost money in other tokens.
But that said, I understand the criticism - it does feel unfair in a way that BZRX losses are treated differently under this proposal to other losses. But there are some very good reasons for this:
a) First, it is very simple to repay them from the DAO treasury and there is plenty of BZRX available to do it without leaving the treasury empty (especially since the dev team will only be paid in vBZRX, not BZRX), AND WITHOUT HAVING TO SELL IT AND DUMP THE TOKEN PRICE LIKE CREAM. This is really important - if the DAO had reserves in other currencies and stablecoins (something I proposed on this Forum before the hack, with the intention of trying to implement it in a couple of months), then it would be easy to do the same thing for other currencies - but at the moment the treasury only has BZRX so BZRX is the simplest to repay (also, although they theoretically could, long time BZRX holders who receive the compensation are very unlikely to sell BZRX in large quantities once they receive it, since they have faith in the project and are being given back the tokens they lost). If we tried to sell BZRX to repay people in the tokens lost (or gave BZRX to all victims, like CREAM did), then, like CREAM it is likely to result in an epic price dump which means the compensation will become worthless or near worthless, as well as putting the project’s future into question.
b) It is for this reason that I proposed that any token recoveries if they happen (USDT etc) will also be directly given back to the people who lost them instead of being shared across all losses equally - it’s simple, does not affect price, and is the right thing to do (unless those people already have the debt token in which case they cannot double dip compensation).
c) BZRX holders also need to participate in governance and it is not fair to limit BZRX governance and voting to only the token holders who were lucky enough to be holding their BZRX on the Ethereum network and exclude some of the most committed, knowledgeable token holders/voters because they had their tokens on BSC/Polygon and had it stolen - they need their tokens back to participate fully in the DAO and make decisions - especially if the attacker decides to try and vote the 30m BZRX tokens they hold, we will need enough people to outvote him (although of course this compensation proposal will only be voted on by BZRX holders who still have their tokens on the Ethereum chain - I am talking about future proposals and decisions). Keep in mind also that BZRX holders are the people voting for this compensation proposal - if you don’t give them a good deal - they won’t vote for it!
d) In fact this is exactly the reason why BZRX holders are being repaid 100%, but debt token holders will be repaid at 125% and actually make a profit on their losses - precisely to compensate for the fact that they have to wait longer.
e) More generally, if the DAO has the means to easily repay BZRX holders without damaging the DAO’s future prospects or hammering the token price, then I think that should be done - I don’t think we should artificially prevent BZRX holders from being repaid and just give them a debt token just to make sure they are being treated the same as other token holders - whether or not BZRX holders are repaid directly, or given a debt token like everyone else does not actually make much of a difference to how long it will take to repay all the debt tokens (it will be slightly faster if the BZRX intended for BZRX refunds is sold over a few months to buy the debt token, but not by much)- the biggest factor in getting the debt repaid quickly is how successful the platform becomes over time, because the more fees it generates, the more quickly it will be able to repay all the debt.
In fact, in that sense BZRX holders and debt token holders have their interests strongly aligned - they benefit most by spreading the word about the product so that it is used by many people and the fees generated benefit both the BZRX holders and the debt token holders.
The focus here is on doing our best to repay all victims in full, while still maintaining the protocol and project as a going concern.