More Information on DeFiance Capital’s investment in Lido DAO
DeFiance Capital participated in the LDO Treasury Diversifcation led by Paradigm last year. As we are very bullish on LDO, we increased our LDO exposure further by purchasing more LDO tokens via an OTC deal from one of the early investors as this is the best way without creating significant market impact given the liquidity profile of LDO. Unfortunately, the LDO vesting is tied to the address and we could not transfer it to a more secure wallet until LDO is gradually vested.
Proposal to mint LDO tokens into a secured wallet
Following the proposal to freeze and burn the tokens in the compromised wallet address, the vote was executed on 23 March 2022 and 3,691,500 LDO tokens were burnt and 1,017.75 tokens were frozen. This prevented the hacker that compromised our wallet from transferring more LDO tokens out of the wallet.
We propose to mint the same amount of tokens into a secured wallet address that DeFiance Capital controls.
Process
Mint 3,692,517.75 LDO tokens on 0xe15232f912D92077bF4fAd50dd7BFB0347AeF821 with the same vesting parameters as the original one. The wallet address provided above is secured by an industry leading enterprise MPC custody solution and a similar incident will not happen again.
We are grateful and appreciate Lido DAO members’ help in resolving this situation.
The dev team is looking into the case rn. The whole situation is extraordinary, so we want to devise and propose the most proper due process for that case. Note that it could take a while, and in any case would be up to DAO decision & vote.
Take a week-long “challenge timeframe” during which the messages are public and can be challenged by a third party. The valid challenge could be the video request recorded by Defiance Capital representative and shared by known Lido DAO member confirming validity of the request. This should prevent the hacker from requesting funds minting with hijacked twitter & research forum access.
If the messages aren’t challenged, start the week-long Lido DAO snapshot vote for greenlighting the minting.
If the snapshot passes successfully, do a mint of 3,691,500 LDOs to 0xe15232f912d92077bf4fad50dd7bfb0347aef821 with the same vesting schedule as 0x48Acf41D10a063f9A6B718B9AAd2e2fF5B319Ca2 had in the nearest Lido DAO Aragon omnibus vote.
Note that the described procedure is intended to be a one-off ad-hoc action performed due to the emergency.
On point 1 - we prefer not to post the message via DeFiance Capital twitter account as not to attract unwanted attention. Can we verify the message via another method instead?
“Frozen” = “still are there but are under vesting”, am I right?
Sorry, but I’d say that the amount burnt should be minted — that way the DAO would be reversing the burn it administered. If the situation would be following the plan I’ve proposed, we may add this as an option to the snapshot vote.
The point of twitter share is to have the message posted somewhere it may be easier spotted and challenged. Again, it’s the proposal, and the actual approval is for the DAO to grant — need wider feedback here.
I’d say that, after minting tokens, the total supply of LDO should be the same as before the burn, i.e. 10^9 LDO. IMO, this is an important invariant to keep.
The reason we couldn’t burn the full non-vested (i.e. locked) amount is that we didn’t know the exact time at which the vote is executed, but the amount that could be potentially burnt depended on the vote execution time (assuming that either you or the attacker transfer all unlocked tokens out immediately). One cannot burn more tokens than the address currently possesses, that would lead to the transaction being reverted. That’s why we had to burn a little bit less than the total non-vested amount at the moment of vote execution. That said, we did our best to minimize the non-burnt amount, which required precise timing of the governance actions.
As I understand, we are stuck on the question how Defiance capital can best prove to the Lido community that they control the new address that is being minted to.
@kadmil has suggested that Defiance post their signature on Twitter, followed by a 1-week challenge period similar to how optimistic rollups or a 2FA work. If the first message was hijacked by a hacker, it would give the real owner enough time to step up and report the fraud with a second message in a secondary channel.
The use of Twitter as first channel was suggested to give the message maximum publicity. But I wonder what is the point of showing the message to more people, given that
only Defiance can successfully detect and challenge the fraud anyway
Defiance is highly motivated to detect & report the fraud, no matter what channel it is in
So if this method is to be used, there should be no reason to announce the message and one-week period on Twitter, as long as we can make sure that Defiance sees it and can challenge in time.
Given that Defiance prefers not to post it on Twitter, my straw person proposal would be to post the message here on forum and move forward. Hope others can explain if this would be a security risk.