[BIP-455] Assisting DNS hack victims

Payload with PR

Intro

Following the developments after the DNS hack reported here, and given the current framework proposition on BIP-443, this proposal seeks to compensate users affected by the frontend attack by refunding 75% of their lost funds, taking BIP-443 as precedent.

Motivation

As of the time of writing, only 5 (five) users have reported loss of funds to the Balancer Maxis or other community contributors, to a total amount equivalent of $319,228,08 USD at the time of the attack.

From that amount, a portion of $157,075 USD belonging to auramaxi.eth was taken care of immediately after the approval of BIP-443. The four other users manifested their will to claim for a refund of the remaining $162.153,08, taking the 25% cut under the same precedent set on that proposal, for a total of $121.614,81 USDC on mainnet.

Given that the original proposal needed further developments (volunteer committee, Google form and public announcement), this BIP must be treated as an exception in case BIP-443 sees any traction in the future. However, it’s only appropriate to take from the 350k previously approved by governance as max budget for compensations.

The addresses below are verified, known and damaged wallets, who will be providing on-chain signatures for wallet verification referencing this BIP in the comments below, along with a statement forgoing all further claims to restitution. The amount to be sent is 75% of the total lost by these wallets during the attack period (including amounts stolen and angel drainer contract fee), which can be verified on-chain and cross ref with @gosuto spreadsheet here.

User #1 wallet:
0x1511e7Fe2e06BBc75Eb4CeeE7c7dC5f9af6bb781
$144,137.10 USD total (Avalanche)
108.102,83 USDC Refund

User #2 wallet:
0x5d119666CD68dDD9b3b3b5Ee7552EEdeD6843918 (oxecrypto.eth)
$3,542.26 USD total (Ethereum)
$907.42 (Polygon)
2.656,70 USDC Refund

User #3 wallet:
0x3056b7039deb4347ca9ab2abd7b5785fcdcc0ebf
$651,62 USD total (Arbitrum)
488,72 USDC Refund

User #4 wallet:
0xa7A13659692239c143daE313a0116D5b5C18d26C
$13,822.10 USD Total (Ethereum)
10.366,58 USDC Refund

Specification

Upon approval of this BIP, the DAO Treasury will perform multi send:

• 108,102.83 USDC to 0x1511e7Fe2e06BBc75Eb4CeeE7c7dC5f9af6bb781
• 2,656.70 USDC to 0xf1Ca67191b4b0FD07d8ab924E6244127E3bdeCC4
• 488.72 USDC to 0x3056b7039deb4347ca9ab2abd7b5785fcdcc0ebf
• 10,366.58 USDC to 0xa7A13659692239c143daE313a0116D5b5C18d26C

Hey guys/girls.

Here is my digital signature:

I hereby give up claims to any further compensation related to this situation.

Thanks everyone for the assistance on this, especially Danko for taking lead.

Gm.

Here is my signature for verification and to acknowledge the forfeit of any further claims as outlined in BIP-443.

Thank you so much to @Danko8383 for following up and getting things in motion.

Hey guys/girls.
Here is my digital signature:

Nova Wallet para recuperação: 0xf1Ca67191b4b0FD07d8ab924E6244127E3bdeCC4

OK. I updated the spec to transfer funds to this new wallet.
@ZenDragon if you could please edit the payload…

It is updated to include this address now. Thanks!

Bom dia Amigos. Qnd será feito o ressarcimento para que eu possa acompanhar?

Hey everyone, here is my digital signature:

+1 to Danko8383 for all your assistance

Seems like this is getting ready to go to a vote tomorrow. Passing a vote on Monday (23rd), payments will follow next. You should see funds on your Ethereum wallet in USDC when the tx is executed on the multisig.

https://snapshot.org/#/balancer.eth/proposal/0x9270e1c5f183207bfca68456415ea1e82a027da329983f44a9c6c12671276f14

Would like to know what’s the latest on this topic. I would like to report i was affected by this as well

Please reach me on Discord and I can assist you. We can work on a second batch of payments, but so far, we haven’t heard of any more users affected.

I’ll DM you here my discord user.

Done! Ethereum Verified Signed Message
Thank you @Danko8383 and the Balancer team.