One of our wallet address was recently compromised.
I am proposing that the Lido DAO freezes the vesting on this address: 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2
Freezing the vesting will allow us to figure out a long-term solution to securing these funds and prevent the hacker from stealing and market-selling Lido for ETH or USD as it vests.
Hey, tech team here. We thought a bit on that and find out that the DAO can’t change the vesting parameters (these are fixed) but can burn the tokens on this address and mint it on the other address. This is pretty drastic.
I think it’s prudent to
a) sign a message that will be a bit more clearly related to the situation, not just “Defiance Capital” (e.g. “This is DeFiance Capital. One of our wallet addresses was recently compromised. I am proposing that the Lido DAO freezes the vesting on this address: 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2, Defiance Capital, 22 march of 2022”).
b) signal that this is indeed a thread from a Defiance Capital from well-known accounts of DC (e.g. Twitter, doxxed Ethereum addresses etc) - I personally know that this is not a hacker but it’s absolutely not clear from the outside.
c) the address was not held by Defiance at the moment of genesis (Defiance was not among the initial investors at all). I’m not sure the voters will need to know the provenance of the current ownership situation before committing to the vote here (I understand it’s a quite sensitive topic) but if it’s not a blocker to you, wouldn’t hurt.
Burn most of unvested LDOs on 0x48acf41d10a063f9a6b718b9aad2e2ff5b319ca2 and mint the exact same amount on address 0x… with the same vesting parameters as the original one.
Burn most of unvested LDOs on 0x48acf41d10a063f9a6b718b9aad2e2ff5b319ca2 and do not mint, with implication that minting would be done not in a hurry with a good due process.
Burn most of unvested LDOs on 0x48acf41d10a063f9a6b718b9aad2e2ff5b319ca2 and mint at address 0x… with vesting set to a year’s lock, with implication that changing the vesting terms to original ones would be done not in a hurry with a good due process.
How do you think the vote should be shaped? Time’s of the essence so we’ll go with rough consensus here.
All three options are feasible technically (though it would not be exact amount of tokens - we can only burn and mint slightly less tokens than there are on the address)
I am for 2. Let’s do burn first, and decide about mint later. To check the address properly on which to mint LDO, we need to spend more time. And now it is important for us to block the tokens ASAP.
I agree with Eugene here and prefer option 2. The goal is to prevent loss of funds on the compromised address. A new vesting address can be selected later with proper care.
We are preparing to start a vote to burn 3691500 LDO from 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2 address. This number is the number of tokens that are guaranteed to be locked by vesting at the end of voting (Wed Mar 23 2022 12:00:00 GMT+0000).