DAO Maker - Community Investigates



This is a community-led investigation by rekt.news readers.

DAO Maker, after getting rekt for $7M and then $4M last year, proposed a compensation plan to the affected users.

The plan was made up of a partial USDC airdrop alongside a refund token, USDR, redeemable for 110% of its dollar value (in the project’s native token, DAO) a year later.

Concerned DAO Maker users contacted rekt.news wishing to draw attention to what they claim is an attempt by the team to use their protocol governance to halt the refund process.

By appealing to DAO token holders who would likely see negative price action upon redemption, these users claim that DAO Maker are trying to get out of their initial commitment to the affected users.

In the year since the publication of the compensation plan, it appears the team have had a change of heart.

The plan was deleted from Medium, but the key points can be seen in this thread from CEO Chris Zaknun, (copied at the bottom of this article, in case it is also deleted). An archived (but unstable) version of the original post can be viewed at this link, with the text copied into this document.

Now, an ongoing governance vote, (even the name of which is incredibly biased - Prevent Major $DAO DUMP from USDR distributions), which ends on October 16th proposes suspending of USDR redemption, ~$3.5M of which is currently held by approximately 3500 addresses, who have waited over a year to redeem the amount they originally lost in the hacks.

Option 3, which is currently leading the vote, states that affected users have had their chance and won’t be reimbursed to the amount stated in the original plan.

Option 1 represents the original compensation amount, though via a slightly different mechanism.

The team’s reasoning for Option 3 appears to be that the redemption process would crash the price of the DAO token, and that users who wanted to forgo the reward and cash out at 1:1 have already done so, using up all the liquidity in the pool. But USDR has been off-peg for some time.

Option 3

Stop the remaining USDR redemption, as most people that wanted to sell have already sold using the USDR-USDC liquidity pool, as we can see on-chain. That pool was available to anyone starting the 1st of November 2021 all of USDC in the Liquidity Pool was fully used by swapping USDR for USDC. On top of it, 500 USDC has already been refunded to everyone affected by the hack.

This step would protect all +20,000 DAO community members that are either staking or holding DAO in their wallets

However, this is not what users were promised, and now those who helped the protocol recover are now being betrayed by the team.

Putting this vote to current DAO token holders (most of whom were not affected by the original hack) whilst drawing attention to potential negative price action, is a sneaky strategy.

The upset users claim that this an attempt to shirk responsibility for their own plan under the guise of the will of the users.

Additional info:

The whistleblowers have identified six wallets as recently funded with large quantities of DAO tokens for the purposes of voting: 1, 2, 3, 4, 5, 6, which they believe to belong to members of the team.

Not only are the team attempting to use governance to go back on the promised compensation plan, they also allegedly recommended buying USDR below the value of $1.10 as a safe arb at the time of redemption:

The remaining USDR/USDC liquidity was removed by the team on Oct 6th:

Copied text of CEO Chris Zaknun’s thread detailing original compensation plan.

The SHO Must Go On

Full: https://medium.com/daomaker/dao-maker-compensation-plan-b7a76a312c30 [deleted]

In short: 110% refund plus some extra DAO power

Keeping the business and SHOs running is essential. We established a two phase plan ensuring that our users can continue participating.

[Thread]

[1/5] A total of $2.56M USDC will be airdropped to the affected users covering around 35% of the total loss.

The remaining 65% of the refund will be given to users in form of USDR (USD Refund) tokens that will be redeemable for $DAO.

[2/5] We will establish markets so that people can sell in case they wish to exit early.

Every USDR token can be swaped for $1.1 worth of DAO priced on the 25th of aug 2022.

We assume that others will buy USDR sub $1.1 to generate risk free profit.

In a way its our 3rd DYCO.

[3/5] Wallets holding USDR will provide the users with additional 0.2 DAO Power per USDR. USDR does not need to be staked. Its sufficient if held in the wallet.

If users sell their USDR to others they also transfer the DAO Power Bonus to the buyer.

[4/5] I want apologize to our community for what has happened and hope that our compensation plan will be sufficient to retain your trust in us and the $DAO ecosystem.

I want to thank all the people that have supported us in the last 5 days.

[5/5] We have not stopped actively hunting down and investigating for the person responsible for this hack.

We are currently working the case with multiple firms in multiple countries.

Lastly we are providing a full forensics report on the compromised laptop once finalized.

A final quote from the DAO Maker users:

1) There should have not been any DAO voting at all. People believed the team to allow the redemption of USDR in ratio 1:1,1 as promised.

2) What is the point of DAO voting, as long as it’s obvious that:

a) The proposal was tendentious, allowing people not affected by the hack to vote as well

b) It is very likely that the biggest wallets belong to the team who is benefitting from option 3 as they do not have to reimburse the victims of the hack.

3) This case shows that governance votes are not always fair, even if all the facts are correct

If we let this proposal to happen - Why should people have any faith in DAO voting at all?

This case shows that governance votes are not always fair, even if all the facts are correct.

This story was brought to our attention by rekt readers in our Telegram group.

rekt.news exists for the benefit of DeFi users. This platform exists not only to document the technical aspects of DeFi exploits, but as a platform to enforce fair treatment of users across the industry.

If you feel we can help you in this regard, please reach out to us through Twitter, or on Telegram @RektHQ.


share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.