I should mention this is only what was taken from pool 6, and only 3 days ago. Several hundred thousand dolars were withdrawn on top of that over the past year, and millions more were taken from other pools in the past days alone.

Great feedback here. This sounds like the most fair route.

As a TRIBE and FEI investor from the launch, I’m hoping the leadership rewards early and long standing hodlers and continues to be as transparent as possible.

Good post.

Is there a clean accounting anywhere of hack victims by address + assets lost in each coin?

Would be nice if the team could provide a model for the numbers they proposed just as a starting point?

Fuse accrues fees from interest earned by lenders. The fees can be withdrawn at any time by any address so long as there is available liquidity. Only then can they be moved by the Fuse admin. At no point does claiming fees take any users’ deposits. This is revenue accrued to the protocol.

Tribe holders can elect to use these fees however they like. In a previous post I suggested they be used to reimburse hack victims.

Ok, nice. I was concerned because many stable pools unaffected by the hack are sitting at 0 liquidity, I guess that is just due to a bank run on collateral. I do suggest that if the protocol is retired/wound down, all open positions should be liquidated, since there’s no telling if anyone will continue running arb bots into the future.

Thanks for supporting the repayment. As for considering cTokens holders as “creditors”, since it was mentioned a few times, their situation is similar to depositors in a brick-and-mortar bank. They deposit, get an interest, while the bank makes loans. If the bank goes bust, then the depositors have a right in the liquidation procedure.

Rari wasn’t 100% decentralized and governance-less (there’s an admin, they stopped borrowing and pulled fees/liquidity…), it follows thus the “bank” model. Rari’s part of Tribe, Thus, it has to repay its creditors.

“Best web3 drama”, nice to see you’re finding a silver lining in all of this! Surely will look great on resume

Yes, its a joke, and the Fei team and the way they acted will go down as one of those disasters ppl will point to as a prime example of why DAOs and DeFi are not to be taken seriously. Much damage has been done and I don’t believe that to be an exaggeration.

Hi all

Clearly been a lot of discussion above

I think its in everyones best interest to find circulating supply to burn / not have claim - this increases backing per TRIBE in every case

Can we get:

1. A clear answer from every VC on if they want to keep their supply and claim the underlying or not. If they do not want to claim assets then that supply can be burnt, its far better than them doing nothing and leaving funds sitting around in a contract for nobody, or to maybe be donated.

2. Is it unreasonable for the LP portion of the Fei Labs vest to be completely burnt? The regular team vest would still be claimable

3. A full rundown of how much USD of assets rari has and how much supply their DAO is controlling

4. A real discussion (doesnt have to be public) between fei labs and the wealthier victims who wouldn’t get a full repayment from the 57M TRIBE. Perhaps there is a middle ground that makes everyone happy?

5. Teams take on this idea: https://twitter.com/dcfgod/status/1561097997907136512

6. Some way to easily know the USD value of exploit in todays coin value vs at exploit time (this might already exist somewhere)

I also shared some more opinions on twitter if anyone’s interested (remove the spaces):

• twi tter. com/dcfgod/status/1561145808296169473
• twi tter. com/dcfgod/status/1561130298959466496
• twi tter. com/dcfgod/status/1561104844181499904

Since TIP-120 has been published on a weekend, without any warning or delay, it may not reach a quorum. Delegations/Buys could not happen beforehand, and some actors may be just enjoying the weekend with their families. There may not be enough Tribe tokens available to reach a quorum without delegations from Fei Labs (decentralization at its best, again).

I don’t know if it’s another manipulation of Fei Labs (after last NopeDAO backstabbing, everything is on the table I guess), but if it doesn’t reach quorum, the vote will need to happen again given the very unusual conditions the vote has been submitted.

In the meanwhile, if you own Tribe tokens, please vote.

DAO is shutting down. It’s the end. So there is no reason to fully reimburse hack victims in this case. It was foolish and irresponsible to lend to the rari pools after the previous hack. Users of rari pools took a risk and lost. That’s all. Also, lenders to the pools are not creditors of the TRIBE DAO and examples from the tardfi are irrelevant. But the most damaged group is the genesis participants. Now a lot of other groups and late speculators are trying to benefit from the TRIBE DAO assets that exist because of genesis participants. RGT holders already used us as exit liquidity. Enough. If rleshner, VCs, and others want to fully reimburse hack victims then they can do this from their own pocket.

The only chapter heading in DeFi textbooks this ‘historic’ event will ever have a legitimate claim to will file under “Malicious practices in the early days of DAOs”, or similar. It will in any case serve as a great case study of how not to run a community and what not to do in DeFi governance

Please explain the ‘courage’ in skimming customers, early backers and retail investors for personal gain. There is no “chapter 7”-equivalent liquidation in the world worth its salt that has the means to fully reimburse its stakeholders (customers, debtors & shareholders) that is not legally, ethically and/or morally compelled to do so. Not a single court ruling

But where everyone else sees fraud, I’m curious to hear how you see courage

Use as many bullet points, bolded letters and ‘thank you’ notes as you like

Show me the courage @rleshner. Oh and thank you

Now that TIP-120 has executed, the numbers for the proposal can be more easily estimated.

• First we provide additional reasoning and explanation for the proposal itself, and address a number of comments.
• Second, we will provide some data to help illustrate the proposal in more detail across different potential final outcomes.
• Lastly, we suggest next steps on the consolidation step of the proposal.

NOTE: All of this data is changing in real time which is why we have provided the etherscan links so people can research and do their own calculations. All numbers will continue to move and PCV is still fluctuating based on the value of PCV assets. People should do their own calculations and not rely on any statements made below.

TLDR: This proposal could pay all retail hack victims the full amount lost, reimburse FEI holders, and allow TRIBE holders to redeem for remaining PCV

The Tribe DAO relationship to the Fuse hack

We believe that an effort to ensure retail victims of the Fuse hack are made whole, is in the best interests of the Tribe DAO community and is a positive outcome for the DeFi community. As shown below we believe this proposal will likely be able to achieve between $500k-$1m per Fuse hack victim assuming TRIBE IV between $0.23 and $0.30. This is far better than some other estimates previously circulated by other comments.

With the above goal in mind, we do not believe the Fuse Hack is a liability of the Tribe DAO for reasons we have expressed in the past and will reiterate below.

The Tribe DAO did not deploy Fuse. Nor is the Tribe DAO an insurer for Fuse or its users. In fact, the Tribe DAO was the largest loser of the Fuse Hack at roughly $30M. Tribe DAO does not have nor has it ever had control of the Fuse protocol. The Fuse multisig is used for some limited protocol control, software development, change implementations, operations, and revenue collection, and is not under control of TRIBE voting in any form. The Tribe DAO has never collected any Fuse revenues. Ultimately, we believe that all Fuse hack victims including the Tribe DAO are all victims of a criminal hack in a permissionless DeFi protocol.

With the intent of making sure retail is whole from the hack, we believe the proposal should use Rari related funds for any compensation to Fuse victims. The proposal allocates the TRIBE from the RGT peg exchanger to pay back the Fuse hack victims. By using the TRIBE from the peg exchanger, the proposal is allocating to victims of the Fuse hack funds previously allocated towards Rari. Jack Longarzo has also suggested including the ~$1.7M Fuse revenues to the payment which we think is a great addition.

Using Rari related assets means TRIBE holders would not be losing any more of the treasury than it already has on Rari.

As mentioned by @rleshner above, this proposal supersedes the past discussions. To be perfectly clear, Fei Labs fully supports TRIBE holder’s decision with respect to the Fuse hack whether it is a full payment, no payment, or something in between (as we have suggested by using the ~57M TRIBE from the RGT peg exchanger in this proposal).

Clarifications and Comments:

Confusion about FIP-106 snapshot/DAO vote:

A number of community members have expressed confusion about the governance process for FIP-106: Moving Forward from the Fuse Exploit. Snapshot votes in the Tribe DAO are non-binding. The only binding vote is the on chain vote which has the actual code needed to implement the change (if it passes).

In this instance, the snapshot passed but the on-chain vote did not, after significantly larger turnout. Having a snapshot before a binding on chain vote is typical of nearly every DAO including larger DAOs such as Uniswap and Aave.

Passing an on-chain vote is a technical requirement to move protocol assets as mentioned in the original post about the hack payment.

In the signaling snapshot vote, it was also stated that the Tribal Council will handle the logistics of repaying the amount stolen by the hacker subject to the community’s veto, which is exactly what happened when the on-chain code was submitted through Tribal Council.

The governance enhancements allowing for the Tribal Council for Tribe DAO were discussed and implemented starting in February, long before the Fuse hack.

Pooled Smart Contract Amounts in Fuse:

We believe all contracts and EOAs should be treated equally for purposes of calculating any distribution values.

Insured Amounts in Fuse

We don’t believe users who have purchased Nexus insurance should be included in a Fuse Hack payment. We encourage those who were affected and had coverage to seek reimbursement directly with them. It appears that many have done so already.

Data

Now that TIP-120 has executed, it is easier to calculate some of the numbers involved.

With that said, all of this data is changing in real time. We have provided the etherscan links so people can research and do their own calculations. All numbers will continue to move and PCV is still fluctuating based on the value of PCV assets. People should do their own calculations and not rely solely on any statements made below.

Circulating TRIBE (including the 57M proposed for Rari Hack Payment) as of Aug 22 is ~528.3M.

It is calculated by taking 1B total TRIBE and subtracting:

• ~426.6M TRIBE Treasury - Fei Protocol: Deployer | Address 0x8d5ED43dCa8C2F7dFB20CF7b53CC7E593635d7b9 | Etherscan

• ~88.9M TRIBE From “TIP-120: Return Unvested Tokens” - TimelockedDelegator | Address 0x38afbf8128cc54323e216acde9516d281c4f1e5f | Etherscan calling .totalToken()

• Deprecated Rari ~3.2M TRIBE Timelock - LinearTimelockedDelegator | Address 0x625cf6aa7dafb154f3eb6be87592110e30290dee | Etherscan

• To-be-clawed-back Rari ~3M TRIBE Timelock - LinearTimelockedDelegator | Address 0x20bC8FE104fadED2D0aD9634D745f1488f9991eF | Etherscan

Then adding back in the 50M TRIBE claimed from the RGT peg exchanger here: Ethereum Transaction Hash (Txhash) Details | Etherscan

[Edit] Note the last ~7.3M TRIBE in peg exchanger is excluded from the above calculations and is irretrievable. It is used to compute the 57M TRIBE used from RGT when added with the 50m referenced above: PegExchanger | Address 0xc09bb5ecf865e6f69fe62a43c27f036a426909f7 | Etherscan

To calculate the Intrinsic Value of TRIBE at any moment, take the PCV value, subtract the user circulating FEI and divide by the Effective Circulating TRIBE.

With respect to the hack payment, here are summarized payout breakdowns using the equal distribution proposed:

745×575 64.4 KB

While this number could fluctuate based on market conditions, PCV movement, TRIBE price, etc, assuming the 57 million TRIBE as the source of payment, at IV $0.235 , we calculate that all hack victims get paid up to $500K which would make whole 162/175 contracts. At IV $0.303, we calculate all hack victims get paid up to $1m which would make whole 170/175 contracts. Additional Fuse revenues and Rari assets would increase the effective coverage for victims at the same IV.

Here is spreadsheet showing the contracts involved and their amounts.

—

Process for Next Steps on the Proposal:

As mentioned in the proposal, consolidation is the first suggested piece to be voted on. We suggest that the 48h snapshot on consolidation go live Tuesday, Aug 23. We believe that moving quickly on this piece will help provide greater clarity and allow for more informed decisions about other pieces of the proposal. In order for the community to make specific decisions, we believe this vote should be multiple choice with the following options:

• Keep ~50,000 stETH

• Sell/OTC ~50,000 stETH

• Keep 21,754 ETH

• Sell ETH over Balancer LBP

• Keep 18,751,529 LUSD

• Sell 18,751,529 LUSD over Balancer LBP

• Withdraw and burn all protocol FEI

• Keep protocol FEI

• Explore OTC options for remaining gov tokens

• Distribute remaining gov tokens pro rata

gOHM could use the snapshot approved FIP-108 and the OTC unwind would be included in the first consolidation on-chain DAO vote.

All options except for remaining gov tokens would also be included in the consolidation DAO vote. If “explore OTC options for remaining gov tokens” is in favor in the snapshot, we would invite any community quotes for each position of veBAL, FOX, LQTY, INDEX, veAURA, veANGLE. We can then have a subsequent snapshot next week to decide how to treat each specifically.

Some of the address u provided in the google docs are not real hakcer victims, I would suggest use the initial data https://rari-hack-report.vercel.app/ to confirm the real hacker victims’ address. or use the snapshot data in the block when hack happened.

Since as market downfall in the past few months, some larger victims already sent their cToken to other address.

For instance:

This address is the largest USDC victims in pool 127 when hacker happened, now his cToken is transferred to multi-address.

Also this address: DeBank | Your DeFi wallet

Whoever has access to this list could you assign address:
0xf3caa27dd9926B391f50849BDFdB8A06Fb489b67 to FujiDAO

You can confirm deployer with signed message below:
{
“address”: “0xb98d4D4e205afF4d4755E9Df19BD0B8BD4e0f148”,
“msg”: “This 0xb98d4d4e205aff4d4755e9df19bd0b8bd4e0f148 is the deployer of FujiDAO contract 0xf3caa27dd9926B391f50849BDFdB8A06Fb489b67”,
“sig”: “0x6f5e420b8b95d281d4944ce9cfd742ef768f0eb5f14141ae83c82fab0d0faaeb18987c97ef1d9f1c6a56363147bfdf41521715c71bc653bf177a84281e3a5a4b1c”,
“version”: “2”
}

Unfortunately, in this case, a season behind bars would set a great precedent as to how DAO’s should unwind in the future.

Making creditors as whole as possible must be mandatory until there is not a single penny on the table.

DAOs, should lead by example and Tribe’s DAO/founders behaved completely in the opposite way the community was expecting.

In reply to
There is so much wrong with your argumentation.

Tribe DAO did, after the Tribe-Rari merge Tribe DAO acquired everything Rari has done and Rari people continued working on behalf of the Tribe DAO.

Tribe DAO paid the previous Rari hack victims as part of the merge agreement, so there is definitely a precedent for Tribe DAO backing Fuse.

After the merge, the Fuse mutisig was executed on behalf of the Tribe DAO. Tribe DAO could have demanded a change of signers if it was unhappy with the current ones.

Nobody believes that Tribe DAO would not collect profits from Fuse after paying so much to acquire it. Where would the profits have went?

The Fuse pools are permissionless, but not trustless. Users needed to trust Tribe DAO not to introduce bugs while upgrading contracts. A trust Tribe DAO could unfortunately not live up to.

Olympus DAO and Frax DAO are mostly owned by retail as well. The current proposal clearly rugs them.

After the merge there are no Rari related funds anymore, there are only Tribe DAO funds. Rari DAO ceased to exist and did not live on after the merger as a Limited Liability DAO.

This is only reasonable if you distribute pro rata of the lost value and not in the skewed way that is in this proposal. Not treating pooled funds equally ruins the composability of DeFi and undoes the positive contribution of Tribe DAO by promoting the EIP 4626 standard.

This proposals clearly shows consciousness of guild:

• This discussion takes place on the forum of Tribe DAO, because you know Tribe DAO is responsible.
• Tribe DAO intends to pay back some victims, because you know Tribe DAO is responsible.
• Tribe DAO does not asks to be made whole for their stolen FEI, because you know Rari/Fuse and Tribe DAO are the same entity.

Tribe DAO is responsible for the hack, it happened on their watch and should do the ethical thing and pay back all victims in full.

There have been a lot of productive discussions thus far and I’d like to post a detailed overview of the Rari Capital Team’s response to this proposal and the unwinding of the DAO. I will also suggest some ways where this proposal could be adapted to provide additional support for hack victims. First, here is an overview of all assets currently associated with the Rari team.

• Funding timelock with ~2.8m Tribe vesting to the team with DAO controlled clawback.
  • LinearTimelockedDelegator | Address 0x20bC8FE104fadED2D0aD9634D745f1488f9991eF | Etherscan
• Funding timelock with ~2.8m Fei vesting to the team with DAO controlled clawback.
  • LinearTokenTimelock | Address 0x5d39721BA1c734b395C2CAdbdeeC178F688F6ec9 | Etherscan
• The liquid, already-vested reserve, including ~10m Tribe
  • GnosisSafeProxy | Address 0x5A2e3420af551a48a1dB056caC4d6Ba752bF1488 | Etherscan

These are all of the Rari team’s assets and we support a clawback on 100% of unvested assets. I will link the clawback transaction after it has been signed by Tribal Council members. Following the execution of this transaction all unvested assets will be returned to the DAO. Additionally, we will be returning 5m Tribe from the liquid reserve. The remaining assets will be used to wind down any Rari protocols or applications, aid in any Tribe governance initiatives, cover ongoing and future legal fees, and continue to work with law enforcement and cyber forensics on recovering funds from the Fuse exploit.

There have been many productive discussions surrounding using additional Rari related assets to reimburse hack victims. We continue to support the contribution of any additional assets towards a hack reimbursement if the community elects to do so. There has already been support for the 57m pegswapper Tribe and $1.7m in Fuse fees going to a reimbursement. I also will recommend the following assets are considered for a Fuse exploit reimbursement.

• The 16,928,757 Tribe Clawed back in TIP-113: End Departed Rari Founders Vesting of TRIBE.
• The 2.8m Tribe and Fei clawed back from the Rari Capital team.
• The 5m Tribe returned to the DAO from the team’s liquid reserve.

We support the will of the Tribe holders in any decision regarding the allocation of these resources or of any resources towards a reimbursement. We also continue to encourage discussion around a full reimbursement.

I have been an investor since day one, when I underwent the genesis stage hack (Rekt - Fei - REKT). My investment was 15.6 ETH all in token TRIBE (about $ 28,880), almost completely wiped out. Will there be reimbursement also for those who have suffered this loss already in the initial phase and have still continued to believe in the project?

TIP-121a (consolidation) DAO vote is now live. This proposal follows the TIP-121a consolidation snapshot and implements “Sell LUSD”, “Sell ETH” and “withdraw and burn protocol FEI” as determined by the result of the TIP-121a snapshot.