Plea for the DAO to consider compensating a scammed user, who lost 14.9 ETH due to the security breach of ssv.network’s Discord server on August 30, 2023.
On August 31, 2023, the ssv.network Discord server was the victim of a malicious security breach, as detailed in the Post-Mortem Report. An attacker exploited a Bookmarklet type attack, compromising a privileged Discord account, SSV’s CTO Lior Rutherberg. In the ensuing chaos, key roles were deleted, many channels and bots were manipulated, and numerous users were banned.
The malicious actors further created a fraudulent website (DO NOT OPEN:
ssv.community/claim/), scamming users into parting with their funds.
Our community members, unfortunately, fell victim to this scam and lost a substantial amount: 20.104 ETH. Given the magnitude of the loss and the circumstances under which it occurred, we are seeking the community’s support in refunding the scammed amount.
It is important to realize that SSV holds different secure assets where it is expected for users to deposit their assets. A hack on SSV’s Staking APP (instead of Discord) could render a similar loss outcome for users. Users funds would be misdirected when staking if there is a web-app hack that changes contract addresses. Making the outcome of this proposal all more important for the future.
Details of the Loss:
Date of Loss: August 30, 2023 Circumstances: During the ssv.network Discord server breach, the user was misled by the fraudulent website propagated by the attackers as legit ssv.network admins. Hacker Account: 0x00000f312c54d0dd25888ee9CDC3DEE988700000 Account: 0xD50D5C19aD6d57b9f3a5490b5d9769e90B521E3b Acc Signature: https://etherscan.io/verifySig/24635 Amount: 14.9 ETH Transaction: 0xd39694af121f794b36d9461bc6adba6684afbb7e395345c97d8116686893089b Timestamp: Aug-30-2023 11:45:35 PM +UTC Account: 0x644cebcb9e7ee0f753369caebdcde2b12eaff476 Acc Signature: https://etherscan.io/verifySig/24693 Amount: 5.204 ETH ETH Price at DoT: $1,705.54 ETH Transaction1: 0xb08bb51b4de468f4ae9a88eb227aa09f436cb402e62ca3146766ed467ab8c065 398.6 UNI - $1,855.81 / $1,705.54 = 1.08 ETH ETH Transaction2: 0xa428b9678673830d7f212b8eaeb37fc07b99c98be5e918dc189ffc22893c02b7 170.8 UNI - $795.35 / $1,705.54 = 0.466 ETH Arb Transaction3: 0xf228c781e8bd813fa2b849ad1406f99da71b825839e59041033c2bed636d533b 215.1 UNI - $1,036.87 / $1,705.54 = 0.607 ETH Arb Transaction4: 0xd7407486cab6108db3a1a5492f160952fa8dbcc60bfb1b094c51fcfac2c45a83 502.0 UNI - $2,158.62 / $1,705.54 = 1.265 ETH Arb Transaction5: 0x3a42ee852e3de3b969a2d61861c2f0999ad1a9713e3f3b6c7e637968417650d3 1224.7 USDC - $1224.7 / $1,705.54 = 0.718 ETH Arb Transaction6: 0x8ddb7672aa88c854371b4cc7ecb20acfdf5f128ec37e60eed72f61c6b9f4f134 2857.8 USDC - $2857.8 / $1,705.54 = 1.675 ETH
Reasons For Compensation:
Responsibility: While individual users bear responsibility for their actions, the hack exploited a vulnerability within our community space, and it is paramount to acknowledge that the scam was a direct consequence of a vulnerability within SSV's domain. As such, SSV holds a shared responsibility to ensure its community members do not suffer undue losses due to security shortcomings. Community Integrity: Upholding the trust and faith of our community members is crucial. By considering compensation, we reinforce our commitment to them, showing that their security and well-being are of utmost importance to SSV. Future Precautions: Compensating the victim reaffirms that the DAO will stand by SSV’s decisions and actions, even during unfortunate events like hacks. It showcases the DAO’s unwavering support, emphasizing that they will collectively uphold the safety and security of community members now and in any future incidents. Restorative Justice: It's not merely about returning lost funds; it's about mending the trust and faith of our community. Compensation is an act of bridging the gap that the incident might have created between SSV and its community members, emphasizing that together, we rise above adversities.
Reasons Against Compensation:
While the primary sentiment leans toward compensation, it’s essential to consider potential reasons against such action:
Personal Responsibility: Every individual must bear the consequences of their actions, even in unfortunate circumstances or in securely operated community spaces.
Upon a successful vote in favor:
The DAO treasury should facilitate the transfer of 14.9 ETH to the scammed user's address. 0xD50D5C19aD6d57b9f3a5490b5d9769e90B521E3b
Your understanding, empathy, and support in this matter are highly valued. Together, as a community, we can stand united and resilient, making decisions that reflect our collective spirit and ethos.