Who’s the Loser? On Socialized Losses

What happens when two wrongs don’t make it right? At the end of the day, the users are the losers on socialized losses.

On June 23, the Harmony Protocol confirmed that their BNB/ETH bridge had been compromised and some $100,000,000 worth of tokens were stolen & eventually swapped for ETH and sent through Tornado Cash, an Ethereum mixer used for anonymizing funds.

Despite the involvement of several international authorities, the attacker was able to mix the funds successfully, and as of this writing has still not been identified. This attack wasn’t an exploit like we’re so used to with bridges & defi protocols, but rather a majority compromise of the multisig wallet’s private keys.

These keys are needed for signing transactions & pushing changes inside the contract, but are not a valid form of security for any protocol or any individual if they are held on a server, as was the case here and also with the Ronin Network hack.

You might remember my article on “The Pirates of Privacy”, discussing the Bitfinex hackers and oil pipeline hackers, who were also taken down by storing the private keys on a remote server.

Quick note to all protocols, exchanges, hackers, and normal-ass people: NEVER EVER DO THIS. This is a centralized risk, and what’s worse Harmony was warned. Two out of four signatures were needed for a compromise, but Harmony’s write-up states that the private keys were encrypted and stored by Harmony, with the keys doubly encrypted by a passphrase and a key management service.

Ostensibly, this would provide fairly strong security, assuming none of the keys or services used a common machine or server. Despite this, the hacker was somehow able to access & decrypt two of the four keys. Harmony has since changed their multisig to 4-out-of-5 required, but with sparse details coming from them, it is hard to tell exactly where the vulnerability was, or if it is still an issue moving forward.

What we do know is that Harmony is hesitant to touch their Treasury, saying that it is needed for runway & ongoing development. Their solution for making users whole instead involved socializing losses or inflating the supply.

Socializing Losses?

When exchanges suffer hacks or outsized positions not liquidated due to lack of volume or available counterparties, this can lead to huge losses. Generally, exchanges have a fund set up to handle such problems when they occur, but what happens when the loss is too big?

What if I told you that they share the losses, even amongst winners?

That is precisely what has happened in the past, beginning with one of the first cases where OKCoin socialized millions of dollars in losses due to a Litecoin futures position not being liquidated after a series of DDoS attacks left too few buyers to successfully close the position.

The difference is “socialized”, splitting the losses between the fund & the users.

This doesn’t only happen with futures markets, though, as Bitfinex socialized losses with an “IOU” to affected users following a $416m hack.

While not an exchange; this, too, is essentially Harmony’s proposal to their community.

Additionally, some 86 million ONE tokens are to be minted to reimburse defi protocols for depegged/uncollectible loans.

The idea is that minting this many new tokens, at current prices post-hack, would reimburse users for their losses. Completely neglecting the fact that even with vesting on the new emissions, the price is likely to continue dipping for the foreseeable future.

At the end of the day, the users are the losers. This is why fundamental analysis can be so incredibly important, because any risks posed by the team or their inadequate security measures becomes your risk the moment you press ‘buy’. Very rarely will a company or protocol bear the brunt of their losses & continue building, regardless.

An audit is not always enough. Multisig is not always enough. If the protocol isn’t entirely trustless, then you’d better be absolutely certain that you can trust their procedures & processes, and each and every multisig key holder or service involved.

If not, then expect a series of increasingly bad choices. I’ll leave you with this warning from the Harmony Protocol team on what happens if users can’t agree on either of the two bad options they were given. And I know that I say some version of this every week, but, please…

Verify more. Trust less.