After a devastating hack, a cross-chain decentralized finance (DeFi) protocol has revealed today a temporary compensation plan for token holders and investors impacted by one of the largest exploits in DeFi history.
In a Tweet today, EasyFi announced their “Interim Compensation Plan,” a multi-stage process that includes immediate payments, IOU tokens, and incentive programs aimed at victims of the attack.
1/ #EasyFi is releasing a carefully thought out compensation plan for the protocol users on @0xPolygon.— @easyfi.network (@EasyfiNetwork) May 7, 2021
We would also like to inform you that we have onboarded new strategic investors & strong backers to help expand the protocol operations & business. https://t.co/Gu7FtLcsnc
The hack, which took place 19 April, is considered to be among the largest in DeFi history, with $6 million in stablecoins and 2.98 million EZ tokens worth upwards of $120 million lost at the time of the attack. The hacker was in a complicated position, however, as after exploiting the protocol they owned upwards of 30% of the supply of EZ tokens and there was limited liquidity with which to unload them. The token “hardforked” to EZ 2.0 a week later, rendering the attacker’s remaining tokens effectively worthless.
In a Tweet from his personal account, EasyFi founder Ankitt Gaur confirmed that the hack was the result of a “targeted attack on the founder's machine/metamask to access admin keys and execute the well-planned hack.” This attack vector bears similarities to a 2020 hack on the personal computer of Hugh Karp, the founder of Nexus Mutual, who lost $8 million.
An expert from hack and exploit publication Rekt noted that the theft may have been the result of lax security practices, in that a single individual was in possession of the keys to the treasury, as opposed to being secured in a wallet with precautions against this type of hack such as a multisignature scheme or timelocked transactions.
In their compensation plan blog post, EasyFi characterizes the attack as “well-planned” and “sophisticated.”
Regardless of the cause, the efforts to compensate victims is multifaceted. Per their post, 25% of lost funds will be distributed to users “immediately” in the form of stablecoins, while the remaining 75% will be distributed as “IOU” tokens. The IOU tokens will have “25% discount on spot price of EZ at the time of distribution,” and be redeemable for EZ v2 tokens on a 1-to-1 basis. Hack victims will also reportedly be the recipients of future airdrops from unspecified partners and have access to other incentivized programs still in development.
The post also noted that the protocol has worked to attract new venture capital via an “accelerated” fundraising round following the hack — a round that is still ongoing.
The token is down 4.7% today to $11.30, and down 33.8% on the week — still reeling from both the hack, as well as from compensated investors possibly cashing in their IOUs.
Compensation methods are an increasingly hot topic as hacks and exploits continue to plague DeFi. EasyFi’s multifaceted approach mirrors that of Origin Dollar’s, while other protocols have opted for creative cross-platform treasury magic to mitigate attacks in recent months.