How grassroots community effort saved $100,000 from being stolen from a DAO — and where we go next

Vyryn
12 min readFeb 20, 2023

--

This is the story of how a community collaboration saved a DAO $100,000.

If you are already familiar with the context, skip the primers.

A significant spike in staked tokens leading up to Feb 19th 2023 indicates a battle for control of a DAO.

A DAO Primer

DAO stands for Decentralized Autonomous Organization. DAOs are organizations that do not have a traditional business structure (and have varying recognition as legal entities depending on jurisdiction). Instead, a smart contract — a piece of code running on a blockchain — defines rules that govern how the organization runs. Typically, DAOs are owned by a large number of people through partial ownership (tokens that are similar to traditional shares) and make decisions by voting directly on-chain with their ownership tokens. However, how a given DAO runs varies widely between DAOs. Effective DAO governance is an active subject of both academic research and community experimentation. Decentralized Autonomous Community (DAC), is a type of DAO and is the term Alienworlds uses for their planetary DAOs. There is no generally accepted difference between the definitions, but DAC is more commonly used for organizations that are less focused on investing.

An Alienworlds DAO Primer

Alienworlds is a popular Web3 game on the WAX blockchain that has released a cryptocurrency called TLM and a wide array of NFTs. It includes mining elements, land ownership, missions, a way to upgrade NFTs, an incomplete combat system, and, most recently, DAOs. There are six planets each with their own DAO and corresponding weekly budgets based on historical activity on that planet:

Each planet’s budget is distributed to a multi-signature account (multisig) controlled by five custodians. There is a voting procedure that players engage in by staking their TLM for a certain amount of time, ranging from 2 days to 90 days. Staking for a longer duration locks up your funds for longer but also amplifies your “vote power”, up to x5 at 90 days. Players vote for exactly two candidates of their choice. For each planet, the five candidates with the highest vote power at election time each week become the custodians for the next week.

Each planet has an endowment or treasury, mostly determined by the amount of mining over time on the planet. Some planets have larger budgets than others due to past activity. For example, the cryptomonKeys monKeymining initiative has grown Neri’s treasury larger than the other planets over the years by incentivizing mining activity on certain Neri lands. Treasuries are quite substantial, with the combined treasury of all planets currently at ~91 million TLM ($2.2 million at current price).

Planetary budgets are currently 2% of the planet’s treasury per week. The largest weekly distribution is therefore only 550,000 TLM (~$13,000 at current price) even though the planets in theory control a total combined treasury of 91,147,595 TLM ($2,187,542 at current price). This gradual, 2% per week release of funds reduces the incentives for a bad actor to take over by reducing the potential reward at any one time. This was a thoughtful and effective design measure.

Setting the Stage

When a weekly budget is not fully spent it rolls over to the next week. As a result, significant funds may build up — and did; the two planets with the largest weekly incomes failed to find enough productive projects to direct funds to, and built up liquid fund pools of 4.4m TLM for Kavian and 5.3m TLM for Neri. These $100,000+ pools of funds begun to represent tempting targets for malicious actors. The only thing necessary to steal these funds would be to win at least 3/5 of the custodial seats in the weekly elections.

The First Heist

On February 11th, the day before the weekly custodian re-election, the custodians of the previous week across the planets looked secure; they were set to renew their seats with only a few minor changes. The community wasn’t on alert. Why should this week be any different from the quiet week before?

However, on February 11th, a malicious actor — we’ll call them qrlqu for now — was busy preparing to seize control of Kavian and its purse of 4.4 million TLM. They put in their votes mere hours before the elections were set to close, pouring staked TLM into three new, previously unknown candidates: mouoa.c, jsuoa.c, and rbt3u.c. These three accounts created low effort bios, naming themselves: Afhe, Jose, and Biff and also putting bios on-chain that were somewhat sub-par. Within hours, these three accounts received enough votes to put them on top of Kavian (with 3/5 seats they would have complete complete control to pass any proposal they want). The funds for these votes were primarily sourced from the account qrlqu.wam (hence the name of the malicious actor).

rbt3u.c’s bio on Kavian
A more typical Kavian candidate’s bio

Once elected on the 12th, mouoa.c, jsuoa.c, and rbt3u.c quickly approved two proposals that didn’t even pretend to be legitimate, funneling Kavian’s entire purse to two new accounts created and controlled by qrlqu via jsuoa.c and rbt3u.c.

The Kavian Heist

Over the following week, the community reaction was muted in public. There was backlash and some concern, but several community leaders appeared unconcerned, casually avoiding the topic at an Alienworlds Q&A session with “Interesting things have been happening. We’ll see how it goes. I am unconcerned.” and similar statements. A few more peripheral community members became concerned and investigated the issue, but it appeared that prominent community leaders and Alienworlds staff viewed this as acceptable activities. There was some loose speculation that those same community leaders may have been involved in some way, but no one could prove anything.

It appeared likely that qrlqu would aim their crosshairs at Neri next, and take that purse as well — and with the added funds from robbing Kavian, stopping them looked unlikely.

It seemed the Kavian heist was successful, and qrlqu would go on to take control of Neri as well during the next election on the 19th.

Here’s some final context; to understand why things were done quietly, it’s important to note the Neri councillors for the week of February 12th-19th. These were the top 6 accounts by vote power on Neri as of February 12th:

  • 51mqs.wam (Duane)
  • hweaq.wam (Max)
  • a.d3u.c.wam (Adam)
  • a52qw.wam (DrYunani)
  • b52qw.wam (Vyryn)
  • anyo.cabal (Anyobservation)

For the past several months, 5/6 of these accounts were the Neri custodians each week, with the sixth account varying from week to week.

Defending Neri

In the background, several community members and groups reached out to one another more quietly. cryptomonKeys (non-profit NFTS distributed in part via Alienworlds mining) and members of the Cabal (Kavian landowners association) were contacted by the Miners Union (an association of miners, mainly on Naron) with the outline of a plan to attempt to safeguard Neri’s funds.

cryptomonKeys’ detective team began an analysis of the on-chain and off-chain activities of the wallets and people involved or potentially involved in what happened on Kavian. It quickly became evident that:

  • a.d3u.c had voted for the Kavian heist, was supported by the Kavian heist accounts, and was strongly suspected to be (due to a variety of on-chain indicators; follow the money) the malicious actor qrlqu.
  • 51mqs and hweaq were also indirectly connected to the heist accounts through past transfers, votes, account creation indicators, and off-chain entities.

The possibility that a.d3u.c, 51mqs, and hweaq (representing a controlling 3/5 majority of the Neri council for the week of February 12th) were involved in the Kavian heist could not be ruled out. If they were involved, it was still expected that they were waiting for the Biff, Jose and Afhe accounts to come in the next week so that a Neri heist could be conducted without directly implicating them. But if they thought they would lose control of Neri for the week of the 19th, it was possible, even plausible, that they would choose to act immediately in order to make $100k even if it implicated them a little more directly. Furthermore, if the full amount of funds stolen from Kavian were used to take over Neri, there would be no chance of stopping it. If qrlqu assumed that they’d only need to beat the current stake amounts, their conclusion would be that they would only need to lock a small portion of their funds into voting on Neri; obviously desirable to keep most of their funds liquid.

Therefore, discretion was strongly advisable. The Miners Union, cryptomonKeys, members of the Cabal, and several large community stakeholders acted quietly, preparing to vote for DrYunani, Vyryn, and Anyobservation with a large stake at the last minute.

The day before the election, community members watched as, as expected, qrlqu’s sock puppet accounts came into the Neri race with a rapidly growing stake. At T-15 hours, they held the top three spots for vote power on Neri. It seemed that they would be executing their heist on Neri and no one would be able to stop them.

Over the next eight hours, existing Neri custodians created several proposals. Proposals to “Kickstart Alien Worlds Community TV”, “PIXTALGIA”, and “Manage, workshop and design branding solutions for Neri” were quickly passed by 51mqs, a.d3u.c, and hweaq without much discussion. Two last minute proposals to “Move Resources to Save Neri” and “Save Neri” were also created. The second proposal would have moved funds to a multisig controlled by DrYunani, two other custodians, and the federation account, only received a signature from DrYunani. The first one is more interesting; it was created by 51mqs, who used “the first two custodians to sign will be added as multisigners” to attempt to pressure other custodians into panic/greed signing. It would have transferred funds to a multisig controlled by dphillippi33 (Duane) and hotmeltedwax (Max) and was very nearly passed. Interestingly, this proposal received a third signature from mouoa.c 28 minutes after the election. mouoa.c likely attempted to execute this transaction immediately. However, the proposal requires three signatures from current custodians and since Duane was no longer a current custodian the proposal could not be executed… but it very nearly was.

A few hours before the election closed, Anyobservation’s car broke down. As a result, he was not able to get back home in time to vote. However, a desperation cry for help to the community met with a last minute wellspring of support from representatives across the other planets. This community support edged DrYunani, Anyobservation, and Vyryn into the top places for the key minutes necessary.

Thanks to the efforts of everyone involved, DrYunani, Anyobservation, and Vyryn achieved the top spots mere minutes before the election period came to an end. Funds were saved — barely. Thank you to the community for all your help in this.

The accounts with the highest vote power on Neri shortly after the election closed on Feb 19 2023.

Findings of the Investigation

As I mentioned earlier, the cryptomonKeys detective team has been conducting an investigation into the Kavian heist. On February 19th, further investigation into the attempted Neri heist was added, and the detective team presented their findings to cryptomonKeys leadership. The following assertions represent only the most confident conclusions arising from the investigation.

  1. It is an established fact (100%) that the same entity/entities who backed the Kavian thieves previously backed Adam, Duane and Max on Neri.
  2. It is an established fact (100%) that the Kinderparty website is not presently operating, and that Adam, Max Infeld, and Duane Phillippi are associated directly with Kinderparty.
  3. It is an established fact (100%) that Duane, Max, and the wallet that funded the drain (qrlqu.wam) are landholders for Kinderminers distribution.
  4. It is an established fact (100%) that Adam, Max Infeld, and Duane Phillipi are all associated directly with Krown Custodianship (A DAC on EOS).
  5. It is well established (~100%) that Max (Neri Custodian) is Max Infeld, who Dacoco tweets indicate is a Product Manager for Dacoco and that Duane (Neri Custodian) is Duane Phillipi of CSX (A former EOS Block producer).
  6. We have high confidence (>90%) in the conclusion that Adam was involved financially with the Kavian drain wallets. We identified a shared funding source, direct voting support from his known wallets to and from the thief accounts, and other forensic indicators.
  7. We have high confidence (>90%) that the governors of Kavian involved in the TLM drainage represent an entity that violated the Alienworlds terms and conditions by using multiple accounts to participate in governance actions.
  8. We have very high confidence (>95%) that Adam Hunt is qrlqu due to that account on WAX (and its corresponding waa*) sharing a public key with an EOS account that is well-linked to Adam Hunt.

Further detective details can be found here: The Kavian Document

What’s Next?

Most likely, qrlqu will come back for round three next week. They’ll extend their stake time in order to amplify their vote power, and potentially bring in additional funds. As it stands right now, we won’t be able to stop them. The community support was substantial, but brief.

There is the possibility of transferring the bulk of Neri’s funds to a multisig that then votes for DrYunani, Anyo and/or Vyryn to prevent qrlqu from taking over next week. Even that may not be sufficient funds to prevent a future Neri heist, but it would make an attempt much more expensive. Combined with it meaning the funds would no longer be present to steal, qrlqu and any future would-be thief would be looking at a much less attractive proposition: much more cost to steal much fewer funds.

We could do this today. However, this could be construed as doing something very similar to what qrlqu did on Kavian last week. How do we know with certainty that we’re in the right and they’re in the wrong? Well, it’s pretty simple (in theory; distributed power always is): Transparency, and checks on power.

We, Vyryn, DrYunani and Anyobservation, propose to transfer Neri’s funds to a new multisig account. This new account would be constructed as follows:

active/owner (2)

  • +1 anyo.cabal (Anyobservation)
  • +1 a52qw.wam (DrYunani)
  • +1 b52qw.wam (Vyryn)
  • +2 federation (Dacoco/Alienworlds)

What this means is a multisig that requires a weight of 2 to conduct transactions. Anyobservation, DrYunani, and Vyryn would each have one vote, and federation would have 2 votes — itself a multisig of senior Dacoco members (the company that runs Alienworlds). This would allow Dacoco to step in if they felt that we were misusing funds, with enough weight to conduct a transaction by themselves. Thus the check on power.

However, a check on power isn’t sufficient by itself. Transparency is also necessary. That’s where this write up comes in. We’re proposing this action, and asking for community feedback. We aren’t taking this action unilaterally. Instead, we’ve decided the most transparent and productive course of action is to open it up for community discussion. So, what do you think? Do you like this idea? Do you have a better solution? Whatever the solution, we have this week to decide and act on the decision.

We will be hosting a Q&A session throughout February 20th on the cryptomonKeys Discord in the Alienworlds channel to discuss further. We will also be available on the Interplanetary Council community Telegram group for questions. Finally, we’ve prepared a google form for you to submit feedback and express your opinion on the proposed solution.

A very big thank you to the monKey detectives who contributed hours to unravelling the block-trail. And thank you to the community members who pitched in to ensure we could keep Neri funds safe.

cryptomonKeys is a non-profit, freely distributed NFT project that’s been in the Wax space since 2020. Check cryptomonKeys out at https://cryptomonkeys.cc

Alienworlds is a popular Web3 game that’s been in the Wax space since 2020. Check Alienworlds out at https://play.alienworlds.io/

This article was updated in the following way on Feb 20th 2023 as the detective team extended their investigation to EOS and new information quickly came to light. “Findings of the Investigation” #8 previously read: “We were not able to confirm an identity for Adam with high confidence. However, we have very high confidence (>95%) that Max Infeld and Duane Phillippi are fully able to identify who is behind Adam and their accounts, based on a long established history not only with Max and Duane directly, but also association through Krown Custodianship and land ownership for Kinderparty/Kinderminers.”

--

--

Vyryn
Vyryn

Written by Vyryn

Vyryn is a software engineer in emerging technologies research, and Director of cryptomonKeys, freely distributed NFTs on Wax (Volunteer).

Responses (1)