IMPORTANT!!!! Do not trust ANYTHING from VestaDAO that involves a link or a wallet connection of any sort. We have ZERO imminent plans of releasing anything like this. When we have regained full control of Cobi’s accounts we will find a way of reassuring you that that is the case. !!!!!IMPORTANT!!!!!!!!
So as many will have noticed and some are yet to; we have been hacked. We thought it was iimportant to release a statement as soon as we could, so please let us know if we’ve missed anything out.
Before we start; it’s Kehmor writing this. I am quite a pragmatic person; I’ve been told I can come across as abrupt or unsympathetic. The truth is I am mostly just very solution oriented and have a short fuse when it comes to bullshit. So whilst most of this may be presented in a, neutral, solution focused way I want to start by saying this:
We fucked up, and we’re sorry. Cobi broke a cardinal rule of crypto; he trusted someone. More than that, even though we believe strongly in decentralization, we broke a cardinal rule of that; we had one point of failure. We could write all kinds of things about how we’re a team of two part time volunteers, but: you trusted us, we let you down.
We will do what we can to fix this, and for what it’s worth, we’re still bullish on VestaDAO.
What happened:
We are going to keep this section brief, as whilst I am sure many will be interested in this and it presents a good learning opportunity, I believe more will want to know what we’re going to do about it.
The What:
- Yesterday (August 15th 2024) the liquidity pool for VestaDAO was drained.
- The funds (approximately $3,300 of Metis and its VDAO pair) were sent to this wallet: 0xA5b079114ac5ca6679Bc3A6df6f093bd8C0D29C4
- Today (August 16th, 2024) Cobi.Bean lost access to his email, twitter, and telegram accounts; these are all now controlled by the hacker.
The How:
- Cobi began interacting with the hacker after meeting him on a twitterspace two months ago.
- They shared regular DMs (in retrospect the hacker was sizing up his target).
- Over the past week Cobi has had regular voice calls with this individual; three of approximately an hour long; the topic was a trading bot and potential partnership with VDAO.
- The guy had a legitimate looking site (since wiped) and was incredibly convincing with everything from his sales pitch to his depth of knowledge.
- During the last call the hacker asked if Cobi wished to try the bot out and Cobi did the stupid; the download of course gave the hacker full access to Cobi’s machine and private keys.
- The hacker moved incredibly quickly; not just for the funds, but also changing all of the backup security information for all of Cobi’s accounts; hence the difficulty in recovering anything.
The Who:
We assume that most of this information is fake; Cobi did not examine the likeness in these photos carefully before, but did say this does resemble the individual he spoke to. But just in case this saves a single individual from losing funds, here’s the guy’s twitter profile.
Twitter handle: johnson.eth
Twitter account name: @zhijianzhou1235
What are you going to do about it?
So obviously it’s been a frantic 24 hours, we’d be lying if we told you we had a fully fleshed out plan; especially as we’ve spent most of it locking down this website as best we can. That said we have had some meaningful discussions with each other and with third parties about how this situation can be rectified. Some of those ideas are listed below.
We believe there are two parts to this equation; the value of the project, and the liquidity of the project. Obviously from an investor standpoint these have a strong link, but in terms of how we tackle them they’re quite different.
Some Perspective:
Please know we are not trying to play down this loss or our culpability; any concern you have about the illiquidity of your tokens and our suitability as project leaders is completely justified. That said, we view this loss as an obstacle that can be overcome. We lost $3,300(ish) of Metis as a project; which is a rounding error to many. We believe that what we’ve been building over the last few months is what gives Vesta its value; and what we have planned moving forward will continue to do so.
What has been done already:
So there are a couple things we’ve done so far or things in motion as we speak; these are mostly about damage control (and so quite dull) so I’ll just give you the bullet points:
- Reached out to Hercules to cease listing our pair.
- Secured the accounts we do still have access to; the hacker is obviously incredibly good at what we do so we’d still say err on the side of not trusting this site or the twitter; for our part we won’t post stuff that is remotely suss.
- Started a new telegram channel (the one link you’ll find here) : https://t.me/+hYEzFt_uYrVmNTlk (Be rightfully dubious of the link; if you prefer you can ask Kehmor, Lozi, Driezzman, Irina, or La1lme to add you.)
- Started the process of messaging every person from the old channel in addition to making announcements in major Metis channels.
- Had conversations with a few potential partners (see below).
What’s Happening Imminently:
These things we expect to happen in the next week or so.
The Token:
First of all the token is now compromised as the largest holder is a hacker. We will be creating a new token which we will manually airdrop on a 1-1 basis. This is:
A) so that the hacker can’t try and spread his and claim,
and
B) so that there is no room for people being fooled into the wrong link.
This token will have the same distribution and tokenomics as the previous one.
WE WILL NOT BE HONORING THIS FOR BUYS AFTER THE LIQUIDITY WAS DRAINED
Continue Building Value:
Before this we had building momentum and a rising market cap. We hate talking about price action, but we internally thought the 50k mark was kinda low (I added to my personal bag of VDAO mere days before: 0x1340325D76eC4791f1F6Bd3661F2EFf89d7f7a77).
This value did not come from $3,300 of Metis; it came from what we’ve been building. Contributing in a meaningful way to the Metis ecosystem; it’s no coincidence that every top performing in Metis Champs came from our telegram.
The value also came from all of you; which has been illustrated perfectly by the amount of outright support we’ve had since this has happened. We are so grateful to all of you.
Special thanks go out to Driezmann and Lozi_45; these two have stepped up in a big way; total top V’s.
With this in mind we have agreed that whilst the liquidity problem might not be fixed instantly, it is incredibly important for us to continue building on this.
We believe that our learning centre will be released next week, and that the thought, effort, and passion that has gone into it will be immediately evident.
After that we will be diving straight back into our project reviews and making our collective voices heard within the ecosystem.
Refund those who got dumped on:
We will be looking to refund the Metis portion at least of those who got dumped on in the liquidity pool; if this was you please reach out to Kehmor on telegram. Obviously we will be verifying on chain; so if you’re looking to kick us while we’re down, please don’t waste both our times.
We appreciate this is not much; merely a gesture that we can afford right now to start rebuilding trust, and help those most badly impacted.
What about the liquidity?
So, unfortunately neither Cobi nor I are rich men; I wish I could afford to just replace it myself; but sadly I cannot. As you all know, Cobi and I haven’t earned a penny from the work we’ve done with Vesta; we do it because we believe in its potential.
That said; there are many people and organisations for whom a few thousand dollars is not a big deal. We have some plans on how to make the project liquid again; hopefully more so than before.
These ideas, by their nature, are not promises; as we do not control them. We have included them in order of desirability, which is coincidentally also their order of probability.
EDF Funding:
Metis have recently announced a new funding program and their partnership with Gitcoin. We aren’t going to link because you shouldn’t be trusting any links from us right now.
Their $10,000 new project tier is basically perfect for us; we had already started typing up a proposal ready to go after our CEG vote.
In this proposal we marked $4,000 to be paired with $4,000 of $VDAO; the idea being to increase our liquidity, reduce project token %, and generally make the token less volatile. Obviously if we were to receive this, this would exceed the amount lost in the hack.
Within this funding proposal we also budgeted a modest salary for each of us; to demonstrate our commitment to the project we will be cutting this down to add a further $1,000 to the figure.
Pros: No compromise on vision.
Cons: None.
Project Partnerships:
In the aftermath of the hack we were contacted by some people who will for the time being remain nameless. These discussions were about potential partnerships; which have the potential to replace the lost liquidity.
We know this sounds super vague; but whilst very far from a done deal – we would describe these talks as “promising”.
We have further talks being scheduled as we speak.
Pros: Potential for faster growth and faster moving.
Cons: Might need to shift our direction slightly in the name of getting a deal done.
An investor:
The final option we discussed was finding an investor to replace the lost liquidity. This would obviously involve an OTC sale of some of the project’s tokens when we create the new one. The project owned a large share of the project funds as we’ve discussed elsewhere; the idea being we would place it in a vesting contract and distribute it back to the project over time.
Obviously doing this would reduce that share of funds.
Pros: Means we get our liquidity back
Cons: See above
Your say:
As we mentioned at the beginning this plan was developed in a 24 hour period whilst simultaneously doing active damage control. We imagine other ideas will come to us in the coming days; they might also come to you. We have created a new telegram channel which you can find here: https://t.me/+hYEzFt_uYrVmNTlk
Be rightfully dubious of the link; if you prefer you can ask Kehmor, Lozi, Driezzman, Irina, or La1lme to add you.
Additionally we will likely be looking to hold some kind of vote if we end up going down the partnership or investor route.
Conclusion:
Sorry we fucked up. Be suspicious of everything you see from us in the near future.
