Proposal for reimbursement of stolen funds

Dear DAO, for the lack of better words: I fucked up! I fall for a fake Cowswap frontend attempting to swap my hard earned xDai. I lost almost all I had in the wallet before I noticed what was going on, the attacker took roughly $16,000 and 0.5 eth. I hope for the help of the DAO to reimburse it to a different (uncompromised) wallet and also transfer my REP as a one time courtesy.

This is what happened a bit more detailed:
I bridged xDAI to DAI on the day, the bridging of the funds went just fine. This is the transaction:

Next, I attempted to swap on Cowswap. I did not know the url off the top of my head so I googled it (first mistake). I clicked on the top link that showed up not realizing it was a google ad. The url looked legit, I even checked the url and I thought it was safe. I recognised the interface. Everything seemed trustworthy to me on the first glance.

Immediately after entering the site my wallet opened automatically without me clicking on the “Connect “wallet “ button (that should have probably already been the first warning sign). The wallet wanted me to sign a message that “would not cost me anything but was just some sort of update”. I signed, I wanted to use the interface to swap but it did not show any day in my wallet. I checked my wallet and assumed it was an error during the bridging process or some other error. After checking my wallet and trying to bridge on swapr I realised I probably did fuck up. My dai and eth were all gone.

I contacted Ross for his opinion since he consulted me on some error claiming the funds from my data on chain proposals. He went through the whole process with me and confirmed my fears: I fucked up. Someone used a fake frontend, I clicked on a google ad. The figured that the funds were transferred here: Ethereum Transaction Hash (Txhash) Details | Etherscan

I’m aware this is entirely my fault and I should have taken more precautions. The whole thing is quite embarrassing, I feel like a grandpa falling for an email scam. I never thought I would fall for a fake frontend. I know the nature of crypto is that we are all wholly responsible for our own keys and money and if we mess up, that’s on us. I take no offense if this is not approved by the DXdao.

I for sure learned my lesson to be extra careful since it happened. I informed myself about all kinds of possible scam and topped up my security as much as possible. It’s for sure an expensive lesson for me. If anybody from the community wants to know any details, specifics or additional data of the incident please dm me. I’m happy to answer questions.

Hey @international.blue, very sorry this has happened to you and I’m sure you’ll bounce back.

Bit confused why this would be a matter for DXdao to consider here? If it’s just shooting your shot fair enough, you do you. But if there’s a rationale for why the DAO would be asked to reimburse for something that seems very much unrelated to the DAO, would you mind outlining it?

Gm, happy new year and happy new everything dear community!

@0xSpicySoup thanks for your kind words! I think calling it just “shooting my shot” is a bit over simplistic and but how is this not related to the DAO?

FORMALITIES
-Before joining this organisation I was assured that the DAO would help in cases like the above
-There is a precedent: the DAO did help in a similar case in the past
-Discussing the incident with other contributors I was advised to bring this to the community and hopefully get reimbursed (disclaimer: nobody gave me any guarantees)

CONTEXT
-The DAO could not provide any alternative compensation methods at the time of the transaction
-The incident happened while I tried to process the s**t coin I got as compensation into a form I feel comfortable to hold
-Since I’m not the Etherium Foundation, I can’t undo mistakes while operating with everything blockchain
-Scams are common, contributing for a DAO is risky on many levels. The space we are working in is described as the Wild West, a new frontier full of scams and BS. This is the most accurate depiction of the space we are working in: Overwhelming and Collective Murder - YouTube

In a broader sense it comes down to the following questions:
Do you want the DAO to succeed long term?
What is a the greatest asset the DAO needs to succeed?
How can the DAO attract qualified contributors and builders in this high risk environment?
How do you create an environment members of the DAO can do their absolut best contributions?
Why should the community help one of its members?
How does the DAO profit from helping an individual contributor?

Happy to expand on any of the questions. I hope that helps!

Because the only relation to DXdao is that you are a contributor; DXdao’s responsibility for the funds ends at the point of the smart contract interaction that releases funds to you. Otherwise, where does the line get drawn? How do we verify that people have really had their funds stolen? While I’m not insinuating that this is the case here, IF this were to pass and set precedent, then in future the optimal play for a contributor becomes to wait as long as possible while working for DXdao, claim multiple months of salary at once, hack yourself immediately after, and then apply for the DAO to reimburse it pointing to this as precedent, and have a huge payout. It doesn’t encourage airtight procedures, and leaves us open to tangential claims/attacks in future.

Do you have any more details on this and who assured you? I’m struggling to understand why any member of the DAO, much less the DAO itself (which decides things based on governance proposals) has made any assurances that it would reimburse people for phishing attacks.

Do you have any further details on this? The only incident I am aware of is when somebody sent funds to the DXD token contract. In this case, these funds are recoverable by DXdao and in DXdao’s possession. In your case, they are not. However, I’m unsure if you’re referring to another incident, so I’m open to hearing if so.

Any alternative to what? The payment occurred here: Gnosis Transaction Hash (Txhash) Details | GnosisScan
successfully. This is the standard procedure for all payments from DXdao since its inception.

Are you referring to DAI as a shitcoin here? I really think you need to assess your position contributing within a DAO if you are describing a stablecoin as a shitcoin you are uncomfortable to hold, and feel like you are unable to process this safely. Notwithstanding this, other contributors manage to do this, and it has always been the procedure for DXdao to make payments. It’s a procedure that you signed up for when joining the DAO. If you were not confident with how to safely process a stablecoin payment to a form you feel comfortable with at any time, then the two options at the time of onboarding were to ask for help, or pass on the opportunity.

This is the nature of blockchain, and is surely not a surprise to anyone working for a DAO. Also, FWIW, The Ethereum Foundation can’t do this either.

Yes, and therefore its contributors being on high alert to scams through a heightened sense of personal responsibility should be encouraged. ‘The DAO will reimburse me for any mistakes I make with my personal funds’ isn’t a healthy baseline. I also don’t think the decision to reimburse you for your mistake is a pivotal decision in DXdao’s long term success.

Here we go: Alchemy | DAOstack

There are people referring even to Ethereum as a shitcoin. Also 2022 left me deeply traumatised without much trust for anything stable. Thanks for your advise thou, currently I’m very happy contributing to this DAO!

I was referring to the early eth fork to regain stolen funds, 2016 I believe

Think the comment on that previous issue sums up exactly where I fall on this.

Sorry it happened, but no company in crypto or traditional corporate world would refund you funds you lost in this manner. My own employer wouldn’t, nor would it be reasonable of me to expect them to. If you are stuck for funds until your next worker proposal pays out, you could maybe request an advance. In my opinion, anything beyond that is taking advantage of the DAO.

The previous payment you’ve linked should never have been approved. It speaks volumes about how little diligence and accountability there was at the time. Thankfully things have improved.

I’ll be voting against this proposal if it goes on-chain and expect others will too.

I strongly believe the DAO profits from providing a certain amount of safety for it’s contributors.

I am going to sound harsh but this is gross negligence from yourself, and unless you bought insurance from the DAO, there is absolutely no ground to reimburse any amount.

This is the base example of how to waste energy and valuable time from DAO contributors on a topic that has no place in any result-oriented environment.

Contributing to a DAO is challenging, this is something that we all know. Contributor challenges arise daily and the space can be difficult to navigate. Because of this, the ContributorX was formed at DXdao to offer support and guidance to contributors to help mitigate any issues that should arise.

The majority of the current contributors at DXdao had previous experience in web3 or DeFi. However, this is not the case for everyone, nor will we be able to onboard the next million users into web3 unless we can bring new contributors into the space who are from the traditional labor force.

Before onboarding @international.blue, we identified that we needed a contributor to support DXdao and its products with branding and design. Additionally, we acknowledged that this contributor might not have both web3 experience and the caliber of design experience we required. This was the case with @international.blue. After @international.blue ’s trial period, he was approved unanimously by the DAO because of his skillset, despite his lack of web3 experience. Additionally, we agreed to support him with any help he needed to contribute to the DXdao ecosystem. After all, as a DAO, as a community, this is what we should do.

Many could argue there were missteps in this process. It can be argued that we should have provided more education to @international.blue or maybe we shouldn’t have even onboarded him due to his lack of web3 experience. Things to take into account and learn from moving forward. Regardless, we are still in this difficult situation where a contributor has lost funds. I value @international.blue and his contributions, and from my knowledge, the community does too.

It is clear there is opposition towards DXdao reimbursing the funds to @international.blue, however, I do not think that this should be the end. One thing DXdao has that will enable it to succeed long-term is a sense of community and I believe we should help its members when they are in need.

This is an unfortunate situation. Some people above have expressed that this is not the responsibility of DXdao, which seems fair.

At the same time, I’m more of a fan of figuring out a solution when someone is asking for help.

My proposed solution is to leverage the strong DXdao community and have an optional crowd funding opportunity to help ease some of the pain. Maybe the full amount can be reached, or maybe something less.

Via the DXdao Voice Multisig, we open an opportunity for community members to send in any amount they are comfortable providing to support the goal.

Obviously, we would only want to initiate this if @international.blue is comfortable with the idea.

I would be willing to put 500 DAI towards it (as long as @international.blue takes back his statement about that token).

Maybe other community members, REP holders, contributors and DXD holders would be willing to participate as well.

There’s a much larger issue here, that it’s very difficult for those who don’t have lots of experience with crypto to contribute to the DAO.

Even for crypto natives, DXDao’s proposal process is difficult and time-consuming. Archaic even. DXVote takes so long to load that it wastes time and makes no sense for anyone to vote or propose unless they have a vested interest in doing so, such as being an active contributor.

To help solve the underlying problem, I propose that ContributorX create proposals when anyone makes a legitimate request (legitimate meaning the proposal text accurately describes what it’s proposing, ContributorX can make additional guidelines for what it will/won’t propose so this isn’t abused). Proposal creation is a time consuming skill that requires special knowledge in and of itself, so just like any other specialized task, people within the org. should have it as their job to perform it for those who lack such expertise.

This will go a long way to retaining and onboarding talent, and fulfill a crucial function nearly every other organization in existence has which DXDao lacks.

@international.blue FYI, next time you can request payment in USDC or any stable coin the DAO holds if you see DAI as a “s**t coin”

This is a good idea. With the processes moving more and more into autonomous guilds, there should be standardized ways to get paid, get rep, and do other routine managerial tasks. Much of this exists but can change with the new guild governance. When thinking about how to do it, a consideration of how a non crypto native hire might have to deal with bridging and cashing out is important. What processes can we put in place to make it easier for green contributors?

In terms of remedying this solution, this is a great start. It is also an opportunity for the guilds to come together and help a fellow DAO member and contributor. Guilds could coordinate donating from their recently received treasury funds and spread the cost over the next 3 months of pay for all who contribute that way. Maybe after individual donations are made?