LEO Roundtable: WLEO Hack Aftermath and Rebuilding

in LeoFinance4 years ago

▶️ Watch on 3Speak


LEO Roundtable WLEO Hack Aftermath and Rebuilding.png

The events yesterday have a profound impact on all of us right now. Shaking the momentum of LeoFinance and our resolve to the core.

What we do in the days that follow will define how our community and platform develop in the future. As much as I wish we could go back in time and change the way that things happened, we can’t. Instead, we have to learn from the successes and the failures. We have to take what is given to us and move in the only direction possible: forward.

As we move on from here, there are some questions that need answering. Some funds that need to be redistributed (to LPs who were stuck in the pool at the time of the hack) and a whole lot of rebuilding.

It’s important to keep in mind that WLEO was one aspect of our project but far from the whole thing. This hack is a setback and major speed bump in the long journey toward LeoFinance’s success as a project.

My resolve and vision for the project hasn’t changed at all. We still know what we’re trying to achieve, now we just have more experience under our belts as we move forward and create a bigger, better and more secure project.

@rollandthomas gave some great advice toward the end of the episode. To treat this as a life-teaching moment. Learn from what has happened and figure out how to move on.

Sometimes things don’t go according to plan. Bad actors get in your way and try to push you down. What I know is that this community and this project are still so early in their life. We’re just getting started and getting knocked down will only lead to us rising up stronger and better for it.

In this episode, we talk about the hack. Plans to recover from it and also our future plans to build LeoFinance into a better project moving forward including new UI releases and other features from our roadmap.


Listen & Subscribe to the LeoFinance Podcast!

 

 

LeoFinance is a blockchain-based social media community for Crypto & Finance content creators. Our tokenized blogging platform (https://leofinance.io) allows users and creators to engage and share content on the blockchain while earning LEO token rewards.

Track Hive DataNew Interface!About Us
HivestatsLeoFinance BetaLearn More
Trade Hive TokensTwitterHive Witness
LeoDex@financeleoVote

Follow @leofinance for official updates


▶️ 3Speak

Sort:  

I'm glad you guys are deferring another wrapped token, but are there any leads as to how exactly this happened? It seems like you guys are jumping the gun if you're talking about making victims whole while the exact cause has not been discovered yet.

I understand that this is still fresh. And it makes sense to discuss responses and mitigations. But if the root cause has not been discovered, what assurance do we have that another pair will not be compromised?

If the keys were compromised, this is a problem that will happen again and again, regardless of any pool configuration or coding, if the same security practices are in place. In fact, uniswap would be completely irrelevant, if that's the case.

Since LeoDex is an exchange, if the keys were compromised, uniswap is beside the point entirely, except that it just so happens to allow the attack to obtain something of value (ETH). What happened here is a $120,000 penetration test. I hope it was worth it.

What I mean is, imagine LeoDex offered its own pegged Hive Engine token, like LEO.ETH. It's not uniswap. But it's just as vulnerable to key compromises, as this "pentest" shows.

The price of this attack could have been worth it if it indeed revealed a critical flaw in your security. I am enthusiastic about Leo. I want to see success. But I would need some assurances in order to take it seriously moving forward.

Although multi-sig sounds like a good route, it doesn't fully answer the original question.

Posted Using LeoFinance Beta

Completely agree that finding the cause should be the priority. Some people I know have said that unless a plan to ensure that this type of stuff won't happen again is put in place, they don't want to use LEO products. And who can blame them? When money is involved, security is a big concern.

Posted Using LeoFinance Beta

I don't know enough about Ethereum smart contracts, so forgive me if this is a stupid question: If it turns out the keys were compromised and there's nothing wrong with the actual contract, does that mean we can just pick up where we left off on the wLEO-wETH pool, and change nothing, apart from the key involved?

Or is the compromised (public) key somehow hard-coded into the contract in some way, thereby requiring a replacement contract?

I don't know myself either. I'm not a big user of ETH. I'd wait for someone who know to come around to answer it.

Posted Using LeoFinance Beta

Very good constructive criticism. The team is working hard on how to move forward as you know. Many have shown their support and faith in the LeoFinance projects and currently the trading has reflected that.

I really don't know that this was a pen test as it was not performed by an ethical hacker. That is my understanding after reading the blogs and watching the videos concerning this event.

There are few that would offer to compensate folks for their losses.

Posted Using LeoFinance Beta

I think it's a good demonstration of what can be expected if a stable pool is ever achieved. A good dry-run, so to speak.

And as @nealmcspadden pointed out in the video, the pool's performance is entirely independent of the analytics/ad revenue goals, which is very encouraging.

Thanks to Providence this happened before a major exchange was about to list wLEO. The Crypto Gods evidently like LEO Finance.

image.png

Posted Using LeoFinance Beta

Hey, onwards and upwards, it'll be nice to get anything back!

I don't envy you sorting out the payouts - it's a mess.

I mean I Pulled out my stake at 12.00 ish, after SOME of my ETH was drained, but not all of it, then transferred 10K WLEO to the wrapped-leo but didn't get it back as LEO.

There must be a fair few like my inbetween 'getting out' and 'doing nothing'.

That's going to be a tough one! You might want to have small slush fund to compensate some inbetweeners manually, I don't even know if it's going to be possible to auto compensate everyone fairly?!?

I've got absolute faith in you guys, I just powered up all my existing LEO. Not a lot else one can do if yer a believer!

Are you going to investigate what really happened or get someone else to investigate?
I know we don't want any authorities to be prying into our affairs, but please be advised someone will file a complaint.

I am interested what went wrong, is it a wider issue? Does this threaten other tokens like wHive?

I guess, depending on Fisco vs Binance litigation outcome, someone might buy out people's claims for fraction of value and try suing you and/or Binance.

Binance as it was again used for hacks

Posted Using LeoFinance Beta

Thank you for holding spirits high and taking this setback as an opportunity to learn and making this platform a better (and more secure) place. It is crucial to handle this situation professional and fair, and as a possibility to gain trust and respect within the community. Stay on your path, focus on the goals and keep up the open, timely and honest communication with the community.

Yeah, along the way, I always know there will be bad actors and it's come at a time where we can still make ammends and it isn't too late. Leo still stands firm and in no time we're up and running again. Thanks khal

Posted Using LeoFinance

Theft assets are bad... but about the LEO price decrease:

Its one of the best thing what can happen, because everyone who fallows LeoFinance seriously knows this platform will survive for sure, because you are doing serious work. So for advanced trader dips like this means BUY MORE! 😎 hahaha

Looks very healthy to me 😏

Posted Using LeoFinance Beta

So sorry about the hacks and those back actors... They exist in every aspect of our lives and this was rightly said 'Learn from what has happened and figure out how to move on'.
Its really hard to move on sometimes, but that's is the best and only thing to do

I am glad to have learned more. I have 73.979 wLeo in my Ethereum wallet and not sure what is on Uniswap now but no worries. I accepted the risk.

Posted Using LeoFinance Beta

Cheers for sharing your thoughts as always lads.

The podcast is next up on my Spotify and ready to go while I'm driving today ;)

Posted Using LeoFinance Beta

Am quite heartened after hearing today's podcast - I know y'all have poured sweat and blood into this project and will continue to do so. All the best! ((:

Posted Using LeoFinance Beta

Congratulations @khaleelkazi! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :

You got more than 9500 replies. Your next target is to reach 9750 replies.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Do not miss the last post from @hivebuzz:

October 2020 is the World Mental Heath Month