Proposal to mint LDO tokens into secured wallet

More Information on DeFiance Capital’s investment in Lido DAO

DeFiance Capital participated in the LDO Treasury Diversifcation led by Paradigm last year. As we are very bullish on LDO, we increased our LDO exposure further by purchasing more LDO tokens via an OTC deal from one of the early investors as this is the best way without creating significant market impact given the liquidity profile of LDO. Unfortunately, the LDO vesting is tied to the address and we could not transfer it to a more secure wallet until LDO is gradually vested.

Proposal to mint LDO tokens into a secured wallet

Following the proposal to freeze and burn the tokens in the compromised wallet address, the vote was executed on 23 March 2022 and 3,691,500 LDO tokens were burnt and 1,017.75 tokens were frozen. This prevented the hacker that compromised our wallet from transferring more LDO tokens out of the wallet.

We propose to mint the same amount of tokens into a secured wallet address that DeFiance Capital controls.

Process

Mint 3,692,517.75 LDO tokens on 0xe15232f912D92077bF4fAd50dd7BFB0347AeF821 with the same vesting parameters as the original one. The wallet address provided above is secured by an industry leading enterprise MPC custody solution and a similar incident will not happen again.

We are grateful and appreciate Lido DAO members’ help in resolving this situation.

Signed Message from Wallet:

{
“address”: “0xe15232f912d92077bf4fad50dd7bfb0347aef821”,
“msg”: “0x546869732057616c6c657420697320636f6e74726f6c6c65642062792044654669616e6365204361706974616c”,
“sig”: “fb38c87205bf483734cb56c0b83dbb78bb1a20f9d61e54080d0e100d71fcb497075759013596716e30ca0c577f0651bf9ca73bfa0a40f6d0136023b31de4d61f1c”,
“version”: “3”,
“signer”: “MEW”
}

4 Likes

The dev team is looking into the case rn. The whole situation is extraordinary, so we want to devise and propose the most proper due process for that case. Note that it could take a while, and in any case would be up to DAO decision & vote.

3 Likes

Hi Kadmil, is there any update on this?

After consideration & given the emergency nature of the case, dev team proposes the due process for the minting request below.

Please, share the feedback of the proposed procedure. If none would be received, we propose to start the process on Wed, Apr 6.
Also note that Defiance Capital or any other party can propose its own preferred course of action & ultimately start the Aragon vote. For instance, the vote can use the minting vote script draft from Feat: add voting scripts to issue & assign vested LDOs by TheDZhon · Pull Request #44 · lidofinance/scripts · GitHub

  1. Post the message signature from research forum post Proposal to mint LDO tokens into secured wallet to Defiance Capital twitter (“Verifying DeFiance Capital’s LDO minting request. Signature: 0x546869732057616c6c657420697320636f6e74726f6c6c65642062792044654669616e6365204361706974616c, details: Proposal to mint LDO tokens into secured wallet”)
  2. Take a week-long “challenge timeframe” during which the messages are public and can be challenged by a third party. The valid challenge could be the video request recorded by Defiance Capital representative and shared by known Lido DAO member confirming validity of the request. This should prevent the hacker from requesting funds minting with hijacked twitter & research forum access.
  3. If the messages aren’t challenged, start the week-long Lido DAO snapshot vote for greenlighting the minting.
  4. If the snapshot passes successfully, do a mint of 3,691,500 LDOs to 0xe15232f912d92077bf4fad50dd7bfb0347aef821 with the same vesting schedule as 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2 had in the nearest Lido DAO Aragon omnibus vote.

Note that the described procedure is intended to be a one-off ad-hoc action performed due to the emergency.

On point 4 - there were 3,691,500 LDO tokens that were burnt and 1,017.75 tokens frozen. As such, 3,692,517.75 LDO tokens should be minted instead.

On point 1 - we prefer not to post the message via DeFiance Capital twitter account as not to attract unwanted attention. Can we verify the message via another method instead?

“Frozen” = “still are there but are under vesting”, am I right?
Sorry, but I’d say that the amount burnt should be minted — that way the DAO would be reversing the burn it administered. If the situation would be following the plan I’ve proposed, we may add this as an option to the snapshot vote.

There are 1,017.75 tokens that we cannot transfer out. We hope to include these 1,107.75 tokens in the proposal so that it is cleaner that way.

The point of twitter share is to have the message posted somewhere it may be easier spotted and challenged. Again, it’s the proposal, and the actual approval is for the DAO to grant — need wider feedback here.

I’d say that, after minting tokens, the total supply of LDO should be the same as before the burn, i.e. 10^9 LDO. IMO, this is an important invariant to keep.

5 Likes

What alternative method do you propose?

These are not frozen but vested. Minting extra 1k LDO doesn’t sound reasonable.

1 Like

The reason we couldn’t burn the full non-vested (i.e. locked) amount is that we didn’t know the exact time at which the vote is executed, but the amount that could be potentially burnt depended on the vote execution time (assuming that either you or the attacker transfer all unlocked tokens out immediately). One cannot burn more tokens than the address currently possesses, that would lead to the transaction being reverted. That’s why we had to burn a little bit less than the total non-vested amount at the moment of vote execution. That said, we did our best to minimize the non-burnt amount, which required precise timing of the governance actions.

3 Likes

can verify it via Telegram since we have a group with jbeezy?

You can prove yourself to Jacob, but it’s not Jacob who would be voting for this proposal.

2 Likes

we can post a message signature using the wallet that we used to transfer the recovered LDO tokens. would that help?

0x109403Ab5C5896711699Dd3De01C1d520F79801A

I believe we should ask wider DAO community here.

As I understand, we are stuck on the question how Defiance capital can best prove to the Lido community that they control the new address that is being minted to.

@kadmil has suggested that Defiance post their signature on Twitter, followed by a 1-week challenge period similar to how optimistic rollups or a 2FA work. If the first message was hijacked by a hacker, it would give the real owner enough time to step up and report the fraud with a second message in a secondary channel.

The use of Twitter as first channel was suggested to give the message maximum publicity. But I wonder what is the point of showing the message to more people, given that

  1. only Defiance can successfully detect and challenge the fraud anyway
  2. Defiance is highly motivated to detect & report the fraud, no matter what channel it is in

So if this method is to be used, there should be no reason to announce the message and one-week period on Twitter, as long as we can make sure that Defiance sees it and can challenge in time.

Given that Defiance prefers not to post it on Twitter, my straw person proposal would be to post the message here on forum and move forward. Hope others can explain if this would be a security risk.

8 Likes

Thank you @Hasu for your inputs. We have signed a message from the wallet that we used to recover the LDO tokens following the exploit.

{
“address”: “0x109403ab5c5896711699dd3de01c1d520f79801a”,
“msg”: “0x546869732069732044654669616e6365204361706974616c2c20776520617265207369676e696e672061206d6573736167652066726f6d20746865207468652077616c6c65742074686174207765207573656420746f207265636f76657220746865204c444f20746f6b656e7320666f6c6c6f77696e6720746865206578706c6f69742e205468697320697320746f2070726f76652074686174207765206f776e207468652077616c6c65742061646472657373203078653135323332663931324439323037376246346641643530646437424642303334374165463832312c20313120417072696c20323032322e”,
“sig”: “076a0a8713a13f2cae3bc5560a7b233c3c9348c79e534ff7c9916f7c1b42cb5715c0f390697896082a621fd5e03597548ee3730d0230a3737fbf3cc2dd41ad611b”,
“version”: “3”,
“signer”: “MEW”
}

1 Like

hi @kadmil can I check if there are updates on the snapshot vote?