Damage control - How to salvage the name, the userbase and treasury

Hello everyone,

I hope you’re all doing ok considering the circumstances and you’re not isolating yourselves in grief. Being a victim of fraud is never a beautiful experience, but somehow always inflicts enough damage for a permanent lesson to be learned. Being a victim is not always a result of your own mistakes, and encountering loss is not always in your power. I am here to speak as a victim of this attack but also as person who has taken part in both successful and mediocre projects in the past.

The BZX protocol has the following damage inflicted upon itself:

• A reputation of repeated security breaches
• A big percentage of the userbase having no intention of continuing to use it
• Potential legal class actions from victims who lost their savings
• A treasury who may or may not survive compensation waves

If the protocol has any plans of continuing business all 4 of the above issues must be dealt with very responsibly. This is PR nightmare for any company, but I saw their announcement about accepting responsibility and admitting the fault, which indicates good ethics.

The following moves have to happen for BZX to avoid stigma and maintain a healthy evolution through the cryptoworld:

• Rebranding is important because the name brings up the worst google searches already. But building a constant rebranding strategy looks bad to everyone. The name and history have to be separated from the new brand. What needs to be maintained is the reputation of an ever-evolving protocol, that offered thousands of people opportunities to create wealth, and even in the worst episodes of its history, it took care of the community and learned from their mistakes. Not repeating the same mistake a second time is IMPERATIVE. If that happens, it indicates a professional ceiling being reached and the end of growth.

• The userbase must part ways with this incident with a smile. There is no other way to put it. In any industry when you wrong your customer, you make up for it. Either it is crypto, or brewing coffee, when a customer suffers because of an employee’s mistake, an apology is due first and foremost. Second step is to make sure that the customer does not leave the door with the intention of badmouthing you. And third step is to use this “opportunity” to showcase your unique customer care and ethics. Compensating the funds? Reinstating the positions? Promising stellar security in the future? It’s all irrelevant when a customer is afraid of using your protocol anymore.
  All of the victims lost their capital (compensation is the solution), all of the victims lost their sleep (there will never be a solution), and all of the victims are losing their capital in the most key moment of the bull market (reinstating positions could be the solution). Reparation of damage is not always possible, but when you can’t fix a mistake you make up for it.

• The amount of users who are willing to fight for their hard earned capital legally would not be low, and that needs to be paid with treasury funds. I am not a legal expert (and if you are please throw your two cents), but in this situation there would not be much to argue about, and any company would hate to fight their own userbase legally, because it’s both bad pr, and also projects outwards the idea that the company would rather part their userbase than their treasury. Avoiding legal action in general would be the best outcome for the protocol and I believe I speak for all of us when I say for us too. Getting compensated a fracture of the damage is going to inevitable lead us to that surely.

• Whether the treasure is or not capable of compensating for the incident’s damage is irrelevant. The problem is that funding will be needed regardless in a period of time that investing in BZX seems like a bad idea. The protocol needs to find big investors who will believe that amends can be made and that the protocol is not only capable of constant growth, but also carries a good head start in the DEFI world that would cost tenfold or hundredfold in a decade. Maintaining the lead as a dApp and as crew funding wise and user wise can be translated to profits. So in a sense it would cost more to lose the userbase rather than the treasury. Investors will know that this is a time of need for the protocol and can chase the opportunity to buy in cheaper (because of the scarcity of big funds willing to do business, and the variety of better options).

I do not know you, but I feel like I know your struggles. The dev team needs to repair the ship and the passengers are afraid of drowning. Repairing the ship is in everyone’s interest and panic never saved anyone, but taking our sweet time inflicts damage too. Thank you for reading this all they way through. Personally, I even feel ashamed to tell my own people of what happened. I urge you to find relief in sharing the story with your close friends, and find company with the rest of us. Refreshing the twitter page every 10 minutes is not doing good to any of us.

Dev team, I can only imagine the amount of panic you might feel right now. Constant updates (even with little to no news) will ease the mind of the people who get stressed over this.

Take care everyone,
Alex

This is more or less what I wanted to say but couldn’t find the correct words. Thanks for sharing your thoughts. Hopefully this will be a learing experience for everybody afected and we can pull out something good out of this unpleasent situation.

Thank you for your detailed thoughts. I agree with the general thrust of a lot of what you posted, although not necessarily with all of the details.

Here are some additional thoughts about each of your points:

1. Rebrand importance: completely agree

2. I agree, but remember compensation is limited by what the DAO has in the treasury and what it can afford, and there are also needs to be enough retained in the treasury to make the protocol viable going forward (eg, to pay dev team salaries and website hosting and all that).

3. If there is a legal case, then certainly the lawyers would need to be paid from treasury funds (in fact there is already a lawyer being paid from treasury funds even before the hack). There is a lot of uncertainty about whether a case would be bought and whether it is successful, plus most importantly even if the people seeking compensation win the case, there’s no point in having a court order saying “pay $55 million” if the DAO does not have it to pay. Especially since there IS going to be compensation from the DAO, and BZX has a history of completely 100% compensating everyone who suffered loss in a hack including to trading positions (last year). So the court case could only be about the details of the compensation plan (the existence of which is itself fairly unusual since the vast majority of hacked DeFi projects don’t pay compensation, including the “big” blue chips). However, I completely agree with you that it’s a bad look for a protocol to fight in court with its own users and to be avoided if at all possible.

4. Why do we need investors? This is a serious question. There is enough funding already for the dev team. Ultimately all we can do for an investor is sell some of the treasury, or mint new tokens (inflation) and sell that. We could sell do exactly that and sell on the open market if we needed funds - I’m not sure I understand what you think big investors will add?

Thank you for your message Alex - it’s appreciated, and even if lots of people don’t reply, lots of people will read it and appreciate it. Hacks happen almost every day in DeFi and you read about them, but it’s always a shock and feels horrible when it happens to your money in a dApp that you used (we used)…

Hello BadriNat,

This entire process is going to drain a good amount of the treasury so having new investors inspires confidence both with the dev team and with smaller investors who observe whales still supporting the project.

I agree with what you said. This should be a strong supportive community, standing together during the hars times so we can enjoy the good ones.

As a further disappointment, I would add the unwillingness of some of the community members to support one another. I’m speaking about the short migration window that was available to migrate from V1 tokens to V2. The window was too short considering there is a pandemic going on and lot of external disruptions in people’s lives. Like me, there are many people who missed this window because of Covid and seeing that the community basically quit on us made me lose faith in this whole project. It is the people who make a project strong, and if they are unwilling to show support, the whole project will go down the drain, because every time there will be a major issue, they will just selfishly turn their backs on it.

There are exceptions of course, many showed their support and were willing to find a solution. My point is that if you compare this project to e.g. Cardano, you can clearly see the difference. If I had seen that this community is strong, I would have no problem pouring more investment into it, but seeing as it is now, I am hugely disappointed. Bear in mind, that I was there from the very beginning, investing and supporting this project since its inception.

Please do not drag another topic into a site feedback topic.

I agree with alot of your feedbacks, especially the part with investors. There are more and more projects, having Private B and C investors even if they are big already, increasing their valuation.

But alot of it depends on restoring reputation and much of it will be done via the hello.ooki.com rebrand. Hope you check it out. Phase II of this process is going to happen today.