We are looking to get community feedback on a few topics. Please vote on the poll below and leave your comments! These are to serve as a community check - this is not an official governance proposal!
A small number of DAO members have had their accounts compromised. The hacker will be able to claim the tokens from this account. We could allow the compromised DAO member to submit a signature verification to change their address on the airdrop list. The member will sign a message proving they own the initial address and listing the new address for claiming the tokens.
Do not allow any editing of the airdrop snapshot list - look to include these members another way.
Allow the signature verification process for DAO members to change their claim address.
Correct me if I’m wrong, but if your private key is compromised (giving bad actors access to your account), can’t the hacker sign the message and pass in their other address? How would you know that the other address given by the signed message was owned by the original owner of the compromised account, and not the hacker?
Yep! The thought is that we would likely be able to avoid bad actors going through this process given how they usually act (using bots, automation, large scale, etc - not in forums/discord to read about things like this). That said we would allow for a dispute period where someone could dispute a change by also signing a message and the address would stay as the snapshot one. The bad actor could also do this, but unlikely given reasons above.
This is a great idea but I would want to understand more of the process of how it works. What stops anyone from claiming my account was hacked, even though it wasn’t? How would we resolve it?
Hm, (a) were all of the compromised users in the Discord before they were compromised? And (b) if so, are NFTs linked to Discord accounts somewhere? (I can’t remember exactly how we verified for Discord access, I assume we had to sign a message)
If yes to both, perhaps their Discord accounts could be used for verification (provided that Discord account was not also compromised).
This likely wouldn’t apply though to any users who were compromised after the snapshot / minting completion (depending on how (b) is implemented)
I think the signing could work. If both the attacker and the victim sign the message, to distinguish the two, you can ask the victim to send a null amount from the address that initially funded the compromised address. It may have come from an exchange or other address that the victim still controls.
The victim will perform this sequence:
Send 0 Eth to the compromised address from the initial funding address.
Send 0 Eth to the new address from the initial funding address.
Simply, the hacker didn’t get access to the discord
Have these members post the new address for the token Airdrop in a new channel in the discord, and change the old addresses
We don’t want any interactions with hackers, so no message singing
Use flashbot can pay gas fee + claim the tokens + transfer in one block. As a developer can use the tool to get their token.
I would like to issue tokens as soon as possible and not deal with small-scale cases.
If a change is disputed, you have to blacklist the address from the airdrop and try to reach out to the address owner. Either through sending a message to the address on chain and/or public messaging channels (discord, newsletter).
If the hacker disputes the legitimate change, the rightful owner will still be vulnerable to the hacker claiming the airdrop.
If the rightful owner disputes the hacker’s illegitimate change, they are still stuck at square one.
Disputes have to be resolved offchain through coordination with the core team, otherwise you aren’t solving anything.
@PeterPan Why can we assume the hacker didn’t get access to the discord?
The most widespread use case is exactly how you’ve described here (also happened to one of my wallets) - the use of bots. I HIGHLY doubt someone who has taken control of a compromised wallet is actually paying attention to any of this discussion (ie. would know about the signing workaround). What they are looking for is anything in the wallet that now has high value, if true, move it out.
Allowing members to provide a different wallet at signing will work, simply put. It doesn’t have to be more complicated than that.
I am one of the people that got hacked and reported so far…if the resolution is not to alter anything and the tokens get sent to the original address, I would prefer the tokens sent to the treasury or scholarship fund instead of the hacker getting them…I know someone mentioned using flashbots; I am not too familiar with it and also wonder if the hacker has a work around it somehow. Interested to see what the resolution will be for this edge case.
This is not a reliable solution. Finding the original funding address could be troublesome if the user has thousands of transactions. Matching the address will also be problematic for users.
The easiest way to go about solving this issue would be using Discord auth to swap compromised addresses with new ones as PeterPan has suggested.
A small number of DAO members have had their accounts compromised.
Unfortunately, I am one of these folks. Thanks, @willblackburn for surfacing this to the community
While I was able to move my D4R to a new wallet in time for the $CODE snapshot, my compromised wallet address was what I used for some early proposals/town halls that qualify me for the “early participant” bonus.
Maybe we should break out the question into two decisions:
Do we want to do this? (Personally, I’d say yes.)
How do we want to do it? (Open a larger discussion assuming #1 is agreed upon)
Might make things easier to tranche our decision making
I’d personally be in favour of providing people within the server a way to report situations such as @ryanharris’ that can be reviewed for authenticity by either a) core team, b) a committee, and then those addresses confirmed as compromised are blacklisted from the airdrop and any corresponding funds are allocated to them separately (potentially after the airdrop) so as not to slow down the process.
to me this feels like the right balance of maintaining maximum purity of the snapshot whilst ensuring we’re not rewarding hackers/punishing those who were hacked. i’d be happy to do the heavy lifting to make his happen if we go this off-chain route which i think would be a better approach.
picturing a google/airtable form that is only available to members in the discord that ask for details of addresses with explanations of how they were compromised and when.
