This is DeFiance Capital.
One of our wallet address was recently compromised.
I am proposing that the Lido DAO freezes the vesting on this address: 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2
Freezing the vesting will allow us to figure out a long-term solution to securing these funds and prevent the hacker from stealing and market-selling Lido for ETH or USD as it vests.
Signed message from compromised address:
Hey, tech team here. We thought a bit on that and find out that the DAO can’t change the vesting parameters (these are fixed) but can burn the tokens on this address and mint it on the other address. This is pretty drastic.
I think it’s prudent to
a) sign a message that will be a bit more clearly related to the situation, not just “Defiance Capital” (e.g. “This is DeFiance Capital. One of our wallet addresses was recently compromised. I am proposing that the Lido DAO freezes the vesting on this address: 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2, Defiance Capital, 22 march of 2022”).
b) signal that this is indeed a thread from a Defiance Capital from well-known accounts of DC (e.g. Twitter, doxxed Ethereum addresses etc) - I personally know that this is not a hacker but it’s absolutely not clear from the outside.
c) the address was not held by Defiance at the moment of genesis (Defiance was not among the initial investors at all). I’m not sure the voters will need to know the provenance of the current ownership situation before committing to the vote here (I understand it’s a quite sensitive topic) but if it’s not a blocker to you, wouldn’t hurt.
We can start a vote before any of 1, 2, or 3 would be done, it’s not a blocker to starting the vote.
Thanks for the prompt reply. We just signed another message again to better relate to the situation.
We imagine we have three options to shape a vote:
- Burn most of unvested LDOs on 0x48acf41d10a063f9a6b718b9aad2e2ff5b319ca2 and mint the exact same amount on address 0x… with the same vesting parameters as the original one.
- Burn most of unvested LDOs on 0x48acf41d10a063f9a6b718b9aad2e2ff5b319ca2 and do not mint, with implication that minting would be done not in a hurry with a good due process.
- Burn most of unvested LDOs on 0x48acf41d10a063f9a6b718b9aad2e2ff5b319ca2 and mint at address 0x… with vesting set to a year’s lock, with implication that changing the vesting terms to original ones would be done not in a hurry with a good due process.
How do you think the vote should be shaped? Time’s of the essence so we’ll go with rough consensus here.
Can we go with option 1? We can mint the exact number of tokens with the same vesting parameters.
All three options are feasible technically (though it would not be exact amount of tokens - we can only burn and mint slightly less tokens than there are on the address)
I am for 2. Let’s do burn first, and decide about mint later. To check the address properly on which to mint LDO, we need to spend more time. And now it is important for us to block the tokens ASAP.
I agree with Eugene here and prefer option 2. The goal is to prevent loss of funds on the compromised address. A new vesting address can be selected later with proper care.
We are agreeable to option 2 as well if the community is more comfortable with that option.
Option 2 looks safer and cleaner in terms of transparency to me.
Unless there’s a significant change of sentiment in the next 20m, we plan to go with the vote for option 2 on 1100 UTC today.
We are preparing to start a vote to burn 3691500 LDO from 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2 address. This number is the number of tokens that are guaranteed to be locked by vesting at the end of voting (Wed Mar 23 2022 12:00:00 GMT+0000).
The vote has been started Aragon
@ujenjt @vsh thank you for your help in this
@TheDZhon as well, the forum only allows me to tag 2 per reply