Hello everyone!
I’ll try to put it short and straight to the point.
I was running my 25 validators at a major staking platform for roughly 18 months, not Lido though. Then my withdrawal address got compromised as a result of “Mysterious MetaMask hack” - MetaMask Security Monthly May 2023
YouTube 5aorTaCD5vI
For the last 9 months it was a struggle to rescue my rewards and validators as well. Basically every attempt to rescue 32 ETH from a validator was a challenge and a mental torture for me. Some were lost and some were successfully rescued. For all these time attacker(s) run different versions of sweeper scripts and it left some space to outsmart them.
Anyway when I got left less than 20 validators still running I asked MEVRefunder aka Flashbots Whitehat for help. It has been decided to exit all remaining validators at once in order not to provoke hackers to raise txn fees for every new batch. At this time it has been clear that the gas war would be necessary (…and it’s the only way basically) to rescue my assets. I couldn’t wait indefinitely long as with the new update the attackers could have used withdrawal address PK to exit the validators on their own.
As a result of gas war MEV bot was able to rescue less than 18% of my stake…
Some portion of the transaction fees that were burnt in order to win the transaction has been paid to Lido validators:
I know there were cases when community voted positively for the similar proposals to recover stolen or lost funds: proposal-re-recovering-10-eth-help-support-please (4784)
The losses have been devastating for me. I was an early Ethereum miner with ~550 GPUs and it was extremely challenging to run and maintain that farm mostly by myself.
I am also a validator and there were occasions when I received around 1.55 ETH one time as a result of a completed block (I would gladly refuse from such rewards if they were obtained at the expense of somebody like in my case).
I will provide more comments/explanations/proofs shall it be needed.
I have a full empathy to the situation you faced, but it opens a Pandora box for a bunch of cases with exploits, MEV, wrong tx, etc. and put Lido in risk of constant compensations, although it should not. Hasu summarised this perfectly earlier:
Hi there,
The proposal I was initially referring in the description is the following (should be able to google for it using the keywords as I cannot paste links yet):