Consolidated Compensation Proposal for Victims of 5 Nov 2021 BZX Attack

I am very sorry for your loss. That’s the hacker’s fault though, not mine. I tried to write a compensation proposal that was as fair as possible to everyone involved, and repaid everyone in full (over time), while still maintaining the protocol as a functioning dApp, and with enough in it for BZRX holders to vote yes on it.

It is not possible to give everyone everything they want, so I had to make some compromises. If you have any ideas on how the proposal can be modified, please let me know, but remember that every choice has consequences and doing better for one group means doing worse for another.

BadriNat, do you plan to take the 20% of fees from the users share or from the treasury share? I feel like we could get to 35-40% by taking a part from both

It’s absurd that half of the users will get compensated right away and the other half will have to wait potentially years (might not get compensated at all if things go south with the project).
I understand that you had to make compromises and I agree that no matter what happens there will be people that are unhappy, but there has to be a better way.

To make sure that people don’t get completely screwed over I would suggest editing the 20% fee to something more reasonable (I can see that quite a few users in telegram share this view). And I would also suggest using a bigger chunk of the treasury. If half of the treasury will be used to compensate the first group of affected users, I believe that it is only fair that some (not all of course) of the remaining funds should be sold and used to buy the debt token. This way the price of the token would get a little bump in the beginning, giving everyone the opportunity to take some funds out if they really need to.

Your current proposal is not fair at all. It’s biased to bzx holders and actually just bailing out only bzx holders.

Future users of the rebranded project will see that historically there was an exploit, and stakers/lenders were compensated unfairly. Do you think that this will bring success to your project and you will start generating more revenue?

Also there is a still huge risk of litigation, because the man who lost everything will try to bring everyone to the bottom with himself. Personally I don’t want to end up with debt token which is equal to zero if that happens.

To make it fair:

1. You have to allocate more revenue to debt token buy back. 20% is not enough. I still don’t understand how you came up to this figure. There should be justification for that, not just “i made up ballance”.
2. If you are refunding all bzx holders at once, half of the treasury should be slowly distributed amongst other victims.
3. If #2 is not achievable, bzx holders should be in the same boat as others and get vested vbzrx. Treasury should be used for aggressive marketing, this will bring more benefit to all than just distributing it.

3. Perhaps the biggest criticism about this proposal might be that BZRX holders are essentially voting to repay themselves in full from the treasury (except for the dev team who only get vBZRX) while the rest of the victims only get a debt token that may not be paid off for a long time. Leaving aside the fact that most BZRX holders (especially the large ones who are holding from the ICO in 2018) are the most loyal, long term supporters of the project, they are also some of the biggest users of the platform and have also lost money in other tokens.

It seems to me the stronger argument could be made that BZRX holders believe in the platform and therefore could have a debt token that keeps them vested in the projects success. Stakers/Lenders were using the platform for the returns and now under this proposal they are tied to the success of the platform in order to recover their funds.

But as you said, BZRX holders are the only ones voting and its unlikely they will vote for anything that doesn’t put their interest at top.
To quote jokerbra

First: I deeply disagree with the idea of dividing victims of the recent “event” to 3 groups and let group 1 vote about if group 1 gets refunded first and 1:1. This is abuse of power in it’s purest.

Its worse than a tyranny of the majority. At least in that scenario the minority get to vote! It will be a good test for the DAO to see if it overcomes or fails like traditional governance.

jokerbra’s proposal is the only fair one to date on this forum.

That is actually a pretty good point and it never crossed my mind. If the BZRX holders are all so invested in the project and are going to hold their tokens for the rest of their lives…why don’t they get the delayed compensation indeed?

That’s what i was suggesting as well. BadriNat saying they are the strongest supporters of the project and going to stay till the end. So they should be ok to have vested tokens for a long period.

I support Jokerbra’s proposal as well. It suits all parties.

To keep the DAO functioning properly we need all the BZRX in the hands of the holders so they can actually vote.

I replied to this on Telegram. Honestly, I hadn’t considered it at all when writing the proposal. I’m not sure BZRX holders will accept diverting funds meant for the treasury (since that indirectly benefits them), but it’s definitely worth considering.

I need to think about it a bit more.

I posted yesterday that I was fine with changing 20% to 25%. And I’ve just seen the new points raised about diverting funds from the insurance fund etc to possibly raise that some more, which are worth thinking about.

Selling off part of the treasury to buy the debt token (immediately) won’t work though - the lack of liquidity and slippage will hammer the price badly AND it will only raise a tiny amount of money - so low that it isn’t worth it.

I just checked on Sushi and selling only 1,000,000 BZRX has a 74% slippage. To put it another way, 1,000,000 BZRX is currently worth what? $290,000 or so? But selling with such low liquidity means you’ll only get $74,000 AND the price will crash.

@cants3eme I totally agree with your comment.
It’s fair distribution to all affected victims.
If Bzrx token holders are really stick with project so long and will be that important long term. They should get vested toke with related with success of project. But now the proposal put the guys as lender, borrower, leverage trader take all responsibility but Bzx token holders are getting 100% full refund instantly.

I’ll reply to this on his thread too, but basically

a) It’s a philosophical difference - I think the best approach is to put the health of the protocol first because the protocol’s success means everyone gets repaid faster. He thinks it is better to damage the protocol more now to put the balance in favour of the compensation in the short term. I disagree because I think it’s a short term measure and will harm both the protocol and the chances of full repayment over time in the long term.

b) More simply, it’s BZRX holders who need to vote for this, and his proposal is basically asking them to vote for shooting themselves in the face - he’s asking BZRX holders to vote directly against their own financial interests. Why would they do that? They are already being asked to vote on a proposal to compensate losses when they have no obligation to do that. If you don’t even give them their BZRX back, they will just vote against the proposal and no one gets anything.

The proposal needs to be something BZRX holders will pass (NOT all the people who lost money - they don’t get a vote)

Hello all,
I’ve mentioned this to the devs and I thought I would mention it here also. Everyone here voting on the DAO should at least become aware of the regulatory/legal sandbox within their country of origin. Not all countries are equal here, some are better like Singapore but not everyone has such freedoms and one should know where they stand. Greyness doesn’t mean freedom to do whatever you please.

In regards to the recovered funds not the DAO treasury, most industrial countries have rather strong consumer protection laws for online platforms and personal assets. For example, if the bzx developers are provided recovered assets that were personal assets on the platform and instead of returning them they give them to the DAO. That action might create legal liabilities for them. Then if any DAO members knowingly vote on said funds they may also be legally liable. Hopefully it doesn’t get to something like this but you should know where you stand.

Of course. Everyone should be mindful of their legal rights and obligations whenever they enter into any potential commercial or investment action. Just like you should always check with your doctor before starting any exercise program.

Keep in mind though that the laws around crypto and DeFi vary wildly from country to country and are generally in a legal grey area of limbo where no one is quite sure what the rules are.

This is exactly why the DAO pays for lawyers to advise the team in the USA at Morrison Cohen.

In practice, while there may be theoretical liability based on DAO votes (it’s basically just a legal theory at this point), even if it exists, the chances of anyone going after Random DAO Voter No.73 (or whatever) are extremely low - the benefits are unlikely to be worth the costs.

Also this doesn’t just apply to bZx - in theory anyone who participated in governance in any project is at risk (ever voted in Uniswap, Aave or COMP governance?), or even if you participated in Discord discussions and made suggestions that were accepted etc…

The people at most legal (potential) risk are the developers - the people with the most influence over the platform as well as the biggest token holding. Even with them, the rules are in a total grey area though, and courts are likely to look very favourably on their previous successes (before the DAO) in refunding users who lost money on the platform and the current efforts to do the same, as showing good faith and real efforts to help people (as opposed to the majority of projects that do nothing after hacks).

EDIT: Just to add that of course the current proposal explicitly says that recovered assets are to be given to the owners who lost them (unless the owners have already accepted compensation in the form of debt tokens, in which case they obviously can’t double up), so the point you’re making does not arise at all with the present proposal, although it is theoretically true.

The recovered USDT should be given to everyone and not just the holders whose USDT was stolen. Only refunding the USDT holders is not legal. If a bank was robbed and gold and silver were stolen, but the silver was recovered would only the holders of the silver get their money back? No. This should be changed. Otherwise the proposal looks good!

Actually, they very much will.
There is a reason why gold lingot are numbered.
If a bank get rob, with all the content of the safe which you can assume would be gold, silver, diamonds, heirloom,… and they retrieved some diamonds, they are not going to sell them to give me back my grandma’s heirloom. They will give back what can be identified to their rightful owner and use assurance & estimated value for the rest.

In our case, people made a conscious decision to use usdt over any other stable or token. Why should they now use their own fund to recover other’s?.

If they fund are returned, then they aren’t stolen anymore, it’s simple as that. People owning usdt just haven’t got affected by the hack as much as other people did.

If the token are retrieved, it is their to get back, whatever the token is.

UPDATED PROPOSAL FOR VOTING - DEBT TOKEN FEE SHARE INCREASED TO 30%

Since we have now had 3 days of discussion, can the team please put the proposal below up for a Snapshot vote today? I have updated it to say that 30% of protocol fees will now be allotted to the debt token (up from 20%) after the discussions here and in Telegram.

Proposal for Compensation

1. All those who lost BZRX in the attack (except for the development team) be compensated in full directly from the bZx DAO with BZRX. This will involve a payment of about 20m BZRX, or less than half of the liquid BZRX in the treasury directly to victims (no selling of BZRX). To be clear, this will also include setting up a new swap contract on BSC/Polygon so that the people who did not swap their BGOV/PGOV for BZRX before the attack, are now able to do so, including those who are PGOV/BGOV LPs (since the BZRX bridged to BSC/Polygon for this purpose has now been stolen).

2. The development team’s personal losses of BZRX will also be compensated in full, but they will be paid in vBZRX (not BZRX) which will vest slowly until July 2024. This is done partly to maintain liquid BZRX funds in the treasury for the operation of the protocol and not empty the treasury, and also as a gesture to the community and other victims of the attack who are having to accept a debt token and cannot be paid back immediately.

3. All other losses resulting from the attack (in all other tokens) will be compensated by issuing a debt token at a 25% premium to be repaid over time by the protocol from 30% of protocol revenue and fees (so protocol revenue breakdown will be 50% to Ooki/BZRX holders, 30% to debt token and 20% to treasury). This approach has some similarities to what Pickle Finance and Indexed Finance did after their hacks, although there are differences.

In effect the bZx DAO is making a commitment to repay the remaining losses over time, similar to a loan with a 25% premium.

Specifically, a tradable debt token will be issued with an initial face value of $1, and it will be given to victims in a 1.25:1 ratio to their losses. So for example, someone who lost $10,000 in the attack will receive 12,500 debt tokens nominally worth $12,500 when fully repaid (although the actual market value will vary and initially be much lower than that).

The DAO commits to using 30% of protocol fees earned on all 3 current deployments (BSC, Polygon, Ethereum), as well as all future deployments (unknown at this stage, but possibly Optimism, Arbitrum, AVAX, etc) to market buy the debt tokens at least once every month (possibly more) up to a token price of $1 (the face value of the token) until all the tokens are purchased and the losses from the attack are repaid in full (with premium). The once a month and 30% figure is a minimum - the DAO may choose to buy back more of the debt token at its discretion.

All attack victims who hold the debt tokens till the buyback is completed will therefore receive 125% of their losses in compensation in return for waiting. Victims can of course choose to sell or trade their debt tokens at any time, but the initial liquidity pool will be seeded at a price far below $1 in order to discourage the first claimants of the debt token from dumping their tokens into the liquidity pool in the first minutes and hours and making a profit at the expense of those who are slower to claim their tokens. Instead, the market price of the token will rise naturally over time as the debt token is bought back by the DAO and reward long term holders.

4. Any assets recovered from the attacker (unknown at this time, although there is speculation that some of the USDT may be recoverable) will be given directly back to the victims who lost that particular token. So for example if 50% of USDT is recovered, then it will be shared among all victims who lost USDT in proportion to their losses, and their allotment of the debt token accordingly reduced. However, this only applies until the debt token is issued and claimed. Once the debt token is issued, all recoveries will be used to market buy the debt token and benefit all victims equally. This is done to prevent double dipping by victims of the recovered currency - you cannot get debt tokens for all your losses AND get a share of the recovered assets.

For clarification…

Are BZRX holders being reimbursed their tokens at a 1:1 ratio at time of the hack, or is it based on reimbursement on the $ value at the time of the hack?

Im guessing 1:1, so on that basis, the bzrx holders, have already lost half their $ value since the time of the hack anyway, so even more unlikely to dump to market at that stage

What will be the initial price of debt token?