bZx Community Update

Update on recent events relating to the Compensation plan, recovery of funds, and identification of the hacker

UPDATE 11/19/2021

We have been in contact with law enforcement agencies and have the following updates for the community of bZx holders who have had funds stolen from this recent attack and have been seeking information related to the FBI case number.

The DOJ’s Victim Notification Program details here: https://www.justice.gov/criminal-vns can be contacted. A Victim Specialist can generate Victim Notification Letters which can be mailed or emailed to users who have been hacked.

The letter will contain the FBI case number. The letter states that the case is open and under investigation and to contact the FBI Victim Specialist if they want to discuss services/resources.

Separately, if you’d like to file an IC3.gov report, please ensure you use the letters “BZX” in order for the FBI to properly key on the complaints.

Tracking and Partial Recovery of Stolen Funds

The bZx team has been actively monitoring and tracking the hackers movement of funds since the theft occurred on November 5th 2021. Since then bZx has identified a number of links to major exchanges and other projects which the hacker has interacted with and stolen funds from. In a future update and when appropriate to do so we will publicize all related findings.

We are currently working with law enforcement to obtain warrants from exchanges and other platforms that the hacker has interacted with in order to obtain identifying information. All information that we have gathered is being turned over to law enforcement to assist them in their investigation. The hacker has converted a large amount of stolen assets into ETH and transmitted them through Tornado Cash. Best efforts are being made to continue tracking these assets as long as possible.

The law enforcement investigation is currently ongoing, however we cannot release further details on the status of the investigation at this time. Will provide further updates as soon as we are able to.

Community Organized Compensation Plan

The community has been working on a community driven compensation plan in the forums. The current plan has been submitted for snapshot vote here. After the vote is completed, if approved it will proceed to onchain DAO vote. Once passage of onchain vote has occurred the treasury funds will be used to compensate users who lost funds in the attack, in addition there would be issuance of a debt token to be repaid over time by the protocol from 30% of protocol revenue and fees.

Relaunching BSC and Polygon Deployment with Enhanced Security

The team is actively preparing to launch the bZx deployments on Binance Smart Chain and Polygon with enhanced security measures. These new security measures will prevent and ensure that the protocol is safe from spear phishing attacks in the future.

All deployments will ultimately be transferred to full DAO control after remaining technical issues are resolved relating to multichain DAO governance. A multisig requiring approval of multiple team members backed with hardware wallets will be used to secure these deployments as a temporary measure until full DAO control, eliminating the possibility for a similar attack to succeed. Previously the BSC and Polygon deployments were under off-chain governance. Governance was conducted via snapshot votes, and then enacted by a deployer controlled by a single key. This model has been updated to a Three-of-Five multi-sig secured by hardware wallets.

Recovery of Funds

The bZx DAO has recovered the vast majority of the BZRX Funds that were stolen by the hacker. Details on how the funds were recovered and the total amount of funds that were recovered will be released in a future post. However, the stolen BZRX which was used as collateral on the hackers loans have been liquidated thereby restoring liquidity to several loan pools. All hacker BZRX on Binance Smart Chain are currently frozen and cannot be sold or moved off the chain for the time being. The team has requested that Binance keep those funds frozen indefinitely, and the new OOKI DAO will be able to replace them with OOKI, effectively meaning those assets are recovered. Funds recovered through other means can be moved to the DAO treasury as well to assist with compensating users and restoring liquidity to the platform.

Conclusion

bZx will continue to provide updates on the compensation plan, investigation, and progress towards recovery of funds as new information becomes available. Additionally, the ongoing plans to move forward with rebrand and relaunch later this month will continue. We will have additional announcements forthcoming on the topic of upcoming dates for the rebranding and relaunch in addition to liquidity incentive programs.

About the author
Contributor
Contributor to bZx