The recovered USDT should be given to everyone and not just the holders whose USDT was stolen. Only refunding the USDT holders is not legal. If a bank was robbed and gold and silver were stolen, but the silver was recovered would only the holders of the silver get their money back? No. This should be changed. Otherwise the proposal looks good!
Actually, they very much will.
There is a reason why gold lingot are numbered.
If a bank get rob, with all the content of the safe which you can assume would be gold, silver, diamonds, heirloom,… and they retrieved some diamonds, they are not going to sell them to give me back my grandma’s heirloom. They will give back what can be identified to their rightful owner and use assurance & estimated value for the rest.
In our case, people made a conscious decision to use usdt over any other stable or token. Why should they now use their own fund to recover other’s?.
If they fund are returned, then they aren’t stolen anymore, it’s simple as that. People owning usdt just haven’t got affected by the hack as much as other people did.
If the token are retrieved, it is their to get back, whatever the token is.
1 Like
UPDATED PROPOSAL FOR VOTING - DEBT TOKEN FEE SHARE INCREASED TO 30%
Since we have now had 3 days of discussion, can the team please put the proposal below up for a Snapshot vote today? I have updated it to say that 30% of protocol fees will now be allotted to the debt token (up from 20%) after the discussions here and in Telegram.
Proposal for Compensation
-
All those who lost BZRX in the attack (except for the development team) be compensated in full directly from the bZx DAO with BZRX. This will involve a payment of about 20m BZRX, or less than half of the liquid BZRX in the treasury directly to victims (no selling of BZRX). To be clear, this will also include setting up a new swap contract on BSC/Polygon so that the people who did not swap their BGOV/PGOV for BZRX before the attack, are now able to do so, including those who are PGOV/BGOV LPs (since the BZRX bridged to BSC/Polygon for this purpose has now been stolen).
-
The development team’s personal losses of BZRX will also be compensated in full, but they will be paid in vBZRX (not BZRX) which will vest slowly until July 2024. This is done partly to maintain liquid BZRX funds in the treasury for the operation of the protocol and not empty the treasury, and also as a gesture to the community and other victims of the attack who are having to accept a debt token and cannot be paid back immediately.
-
All other losses resulting from the attack (in all other tokens) will be compensated by issuing a debt token at a 25% premium to be repaid over time by the protocol from 30% of protocol revenue and fees (so protocol revenue breakdown will be 50% to Ooki/BZRX holders, 30% to debt token and 20% to treasury). This approach has some similarities to what Pickle Finance and Indexed Finance did after their hacks, although there are differences.
In effect the bZx DAO is making a commitment to repay the remaining losses over time, similar to a loan with a 25% premium.
Specifically, a tradable debt token will be issued with an initial face value of $1, and it will be given to victims in a 1.25:1 ratio to their losses. So for example, someone who lost $10,000 in the attack will receive 12,500 debt tokens nominally worth $12,500 when fully repaid (although the actual market value will vary and initially be much lower than that).
The DAO commits to using 30% of protocol fees earned on all 3 current deployments (BSC, Polygon, Ethereum), as well as all future deployments (unknown at this stage, but possibly Optimism, Arbitrum, AVAX, etc) to market buy the debt tokens at least once every month (possibly more) up to a token price of $1 (the face value of the token) until all the tokens are purchased and the losses from the attack are repaid in full (with premium). The once a month and 30% figure is a minimum - the DAO may choose to buy back more of the debt token at its discretion.
All attack victims who hold the debt tokens till the buyback is completed will therefore receive 125% of their losses in compensation in return for waiting. Victims can of course choose to sell or trade their debt tokens at any time, but the initial liquidity pool will be seeded at a price far below $1 in order to discourage the first claimants of the debt token from dumping their tokens into the liquidity pool in the first minutes and hours and making a profit at the expense of those who are slower to claim their tokens. Instead, the market price of the token will rise naturally over time as the debt token is bought back by the DAO and reward long term holders.
- Any assets recovered from the attacker (unknown at this time, although there is speculation that some of the USDT may be recoverable) will be given directly back to the victims who lost that particular token. So for example if 50% of USDT is recovered, then it will be shared among all victims who lost USDT in proportion to their losses, and their allotment of the debt token accordingly reduced. However, this only applies until the debt token is issued and claimed. Once the debt token is issued, all recoveries will be used to market buy the debt token and benefit all victims equally. This is done to prevent double dipping by victims of the recovered currency - you cannot get debt tokens for all your losses AND get a share of the recovered assets.
4 Likes
For clarification…
Are BZRX holders being reimbursed their tokens at a 1:1 ratio at time of the hack, or is it based on reimbursement on the $ value at the time of the hack?
Im guessing 1:1, so on that basis, the bzrx holders, have already lost half their $ value since the time of the hack anyway, so even more unlikely to dump to market at that stage
What will be the initial price of debt token?
yea that is right. BZRX token are reimbursed with a 1:1 bzrx token. so in conclusion they lost already 40% in usd value.
2 Likes
Hackers are everywhere (as evidenced from the previous hacks). This was reckless negligence for one dev to have so much control over the private keys. If the users knew this particular security setup or lack thereof, no one would have used the platform. Full stop. It’s disingenuous to simply blame a rouge n korean hacker when it was a security exploit against a platform that had already been hacked multiple times. Had they simply used a multisig wallet we wouldn’t be here in this situation.
5 Likes
Indeed if you read the BZX official page there are some claims about the management of private keys that are false (Admin keys section). So I agree development team as a whole (not blaming directly the exposed developer) has a greater responsibility to not applying their own policies about security.
3 Likes
I think we should do something like jokerbra proposed. As simple as possible.
- Everybody is treated equal (no 3 groups).
- We take a snapshot of the $-value at the time of the hack.
- The remaining assets should be distributed proportionally to the losses.
- Everybody receives debt-tokens for remaining losses.
- A market is set up for the debt-tokens. Only supply and demand determines the price.
- Demand is created with 30% of protocol fees.
- Demand resulting from fees is distributed over time to prevent price spikes.
4 Likes
Looks like we need to organise, this continues to be disingenuous at best. Who is organising anything? Lawyers, users? Hit me please, I cannot take this incompetence any longer.