Share this page!

The Money Team GH Profile picture
Twitter logo
17 May, 94 tweets, 48 min read
Why the Vaults.sx hack is the most Bullish thing that’s ever happened to #EOS and crypto.

Prelude:

#EOS gets a lot of flak for it but it’s governance is certainly more transparent and decentralized than most of the top “public” blockchains out there.
Every governance process has growing pains yet evidently the more decentralized & transparent a blockchains governance is, the more hated it is.

Most other blockchain’s governance process is centralized & opaque but that doesn’t automatically make them better.
The forces secretly governing other blockchains behind the scenes don’t often have their dirty laundry out in the open like #EOS does/reveals/requires/mandates.

The wider crypto community, has a culture of “out of sight out of mind” when it comes to governance eg...
A major protocol change was once implemented by a handful of Ethereum devs after a short youtube conference call in which $ETH holders had zero input.

This was during the ICO craze, years after TheDAO Hack rollback that led to $ETC.

Everyone was getting rich, so no one cared.
Little has changed since in ethGOV.

In fact ethereum is headed towards a darker path in this regard.

Meanwhile #EOS is pioneering novel blockchain governance & experimenting out in the open with @RealEdenOS

Long term thinkers/investors pay attention to these subtleties.
Before you come @ us with the “plutocracy is still bad”,
we’d remind you that plutocracy is universal (pareto principle) and not to pretend ethereum (among other protocols) isn’t headed towards worse via purely plutocratic Proof of Stake,...
with nothing even remotely similar to @RealEdenOS being seriously considered

Yes, DPOS & on-chain governance is plutocracy, but so is proof of work/stake..

Difference is, plutocracy on #EOS unlike other opaquely governed protocols is not some unfortunate byproduct of the system
...but an explicit design choice, one that can be transparently & actively managed by it’s collective through voluntary social co-ordination efforts etc.
(peakd.com/steem/@lukesto…) ( eosauthority.com/polls_details?… )
Whether it’s admitted or not, every blockchain/DLT has a DAO behind it in one form or another, agreeing to abide by a set of coded rules.

But even the strongest rules/consensus can be changed/broken with enough incentive/motivation.
The bitcoin/ethereum DAO consists of mining pools & core devs, others have validators instead.

#EOS is about the only one of the major blockchains that makes transpency of the actions of the DAO’s behind these blockchains mandatory,
democratizes the power to hold these forces accountable among $EOS token holders, providing a social avenue to put pure plutocacy in check & researching more/better ways to do so. crypto.writer.io/p/edenos-alpha….
“This means that the elected block producers have the same power as demonstrated by Ethereum in TheDAO contract bug, it is just formalized and in the hands of the token voters instead of being informal and in the hands of hash power voters.” - @bytemaster7 link.medium.com/axDtwcF0hgb
Every blockchain has some form of governance, most of it just happens in the shadows (out of sight, out of mind) by miners & a handful of Devs with little to no general community input, leading to contentious hard forks & fragmentation during controversial decision points/events.
TheDAO hack and the creation of Ethereum from Ethereum Classic (which is actually the chain that honored the hardcore decentralization/immutability/credible neutrality narrative $ETH maxis tout today), brought this to the forefront.
en.wikipedia.org/wiki/The_DAO_(…
#EOS is a DAO.

DAO’S have collectives & custodians working to protect/further the interests of the collective.

Every MSIG dApp/contract on #EOS is a DAO.

#EOS is THE DAO #ETH built in 2016, without the hack, the rollbacks or the forks.

#EOS is a DAO OF DAO’S.
The mother DAO.
The Incident.

An open-source, audited, MSIG’ed dApp (Vaults.sx) built on #EOS was hacked.

Before the hack, Vaults.sx met all best practice requirements (audited, MSIG, EUA adherent)...
Allowing the dApp’s MSIG custodians in conjunction with ELECTED custodians of the mother DAO (#EOS) intervene to uphold the intent of code

NO BLOCKCHAIN ROLLBACK.
NO HARDFORK.
NO COMMUNITY SPLIT.
FUNDS SECURED.
CANCEROUS CELL NEUTRALIZED.

Biologists would loove #EOS
We digress
This will no doubt raise questions & trigger a broader discussion in crypto.

To which we ask.

Which community do you think average/real world users, serious businesses & large regulated institutions would prefer?
An empowered #EOS community that feels safe using their blockchain with built in investor protection

Or one with an unusable blockchain with the illusion of immutability & an enduring risk of contentious hard forks (*cough* stopEIP1559.org *cough* $ETC $BCH $BSV *cough*)
"Unlike other PoS chains, #Ethereum 2.0 doesn’t have a formal governance structure at the protocol layer. Instead, it intends to become a fixed, neutral and unmodifiable base layer once it reaches the maturity and scale needed to support global settlement...
This process is known as the ossification of the base layer." excerpt from forkast.news/whats-next-for…

Question.
1. WHO decides when Ethereum 2.0 has reached "the maturity and scale needed to support global settlement"?
2. How long will debugging the chain take before THEY decide it's finally ready to become a "fixed, neutral and unmodifiable base layer"? If ever.
2 years? 3?

3. Will they ever be comfortable enough to make that irreversible decision with Billions of $ on the line on Eth 2.0?
Reality check 1.

"doesn’t have a formal governance structure at the protocol layer" = opaque centralized governance by a handful of devs/orgs in the shadows = dirty laundry hidden = out of sight out of mind governance.

Business as usual.
Reality check 2.

There's no such thing as "fixed, neutral & unmodifiable base layer". Not when assets worth billions of $ ride on your code/updates...
And even if "fixed, neutral & unmodifiable base layer" is ever acheived, the resulting "no room, foresight or provisions for human error/change" is shortsighted, reckless, naive & irresponsible at best.
Reality check 3. TheDAO hack 2.0.

Without on-chain governance, ethereum may very well be headed into an even darker forest. medium.com/@danrobinson/e…

Eth 2 will probably never even have a formalized recovery method...
for the "rare" case(s) that a critical Ethereum flaw occurs as a result of core dev work, much less 3rd party/user issues like the parity hack or #EOS Vaults.sx hack
Definitely not a recovery method that won't split the community irreparably, again

Titanic much? 🙄
Say an exploited vulnerability made the ETH 2 protocol itself at risk of being compromised to a large extent like TheDAO allowed, what then?

Another backwards incompatible contentious hardfork?

ETH 2.0 Classic?

Beacon Chain Cash?
or Just go back to using ETH 1?

And will the general stakeholders (token holders) have a voice in whatever decision the shadow government takes in this event?

Call #EOS whatever derogatory names you like.

At least #EOS is rational, honest & deliberate in it's approach.
The only immutable factor in the universe is mutability(change). Software & it's relationship/relevance to the physical world is not exempt to universal law & the human condition.
At least #EOS recognizes change as a universal constant thus places importance on the INTENT of code/decentralization, makes accomodations for human error(another constant), has transparent, adaptable, evolving governance and generally achievable goals rooted in reality.
“EOS set out recognizing that bugs happen and that the community needs a process to quickly establish the intent of the smart contracts and to resolve things accordingly. This is nothing more than the formalization and acceleration of the same kind of process Ethereum used...
... to resolve theDAO hack or that Bitcoin used to resolve the 0.7/0.8 fork.” - @bytemaster7 link.medium.com/axDtwcF0hgb
Eg: Voter rewards were adopted to publicize/adapt/democratize vote selling to address voter apathy, BP collusion & vote buying effects on EOSGOV.

You cannot treat the cancer without acknowledging/publicizing/coming to terms with the diagnosis.
Not everyone wanted/wants the voter rewards model but it was necessary at the time decentium.org/jmart.x/agains…
hence the community implemented that option through opt-in Voter Reward Proxies decentium.org/eosnewyorkio/t….
Ecosystem contributions/growth took a hit during bear market but being an opt-in feature, the implementation of voter rewards did NOT lead to an irreparable hard fork.
The improvement/replacement of the voter rewards option (which is imminent, if the current EDEN/EOSGOV focused trend continues) won't lead to a fork either but better, more involved, community-led on-chain governance.
Whatever proposals/upgrades come next will also have on-chain community input.

Just like REX & NRM were PUBLIC, ON-CHAIN, CAREFULLY CURATED, AUDITED PROPOSAL+CODE the community had a voice in implementing. eosauthority.com/powerup/
#EOS harnesses the power of collective intelligence through an evolving “wisdom of the crowd” approach to governance that is fully transparent, public, on-chain & with opt-in arbitration in real time.
The Vaults.sx debacle is opt-In arbitration at it’s finest.

Opt-in arbitration works by allowing #EOS users to choose any arbitrator to mediate their interactions.
Just as businesses today choose different jurisdictions in which to incorporate,...
so too will EOS users and businesses built on EOS choose different arbiters (rotating BP’s, ultimately voting token holders) based on specific cases.

All arbitration requires that two parties agree to an arbitrator prior to there being a dispute.
The Vaults.sx dApp team had chosen their arbiters beforehand both by using/building on #EOS (EOS user agreement) & delegating some reputable BP’s as custodians to it’s MSIG’ed contract.
By using $EOS & subsequently the Vaults.sx contract, the hacker simultaneously signed the #EOS user agreement and the rules of the MSIG’ed Vaults.sx contract’s custodians.
By exploiting Vaults.sx’s vulnerability, refusing to accept the bounty offered by it’s maintainers (@EOS_Nation), & attempting to disperse the stolen funds, the hacker displayed malicious intent thus the dApp had reason to intervene.
If the hacker had simply stolen & kept SXEOS (the internal Vaults.sx interest accruing token), then the custodians of the Vaults.sx MSIG could’ve simply frozen the contract and dealt with it locally.
But since the hacker withdrew the stolen SXEOS into $EOS (automatically signing the #EOS user agreement), they immediately exposed themselves to the rules/purview of the mother DAO,
and the Vaults.sx MSIG custodians now had reason to file a dispute with the elected custodians of the mother DAO (15/21/100’s of elected rotating #EOS BP’s) through a coded on-chain proposal/petition.
The Vaults.sx team also had the option of doing nothing & letting the hacker have the funds, in which case the elected BP’s would’ve respected their decision.

The team opted for arbitration/early intervention.

A wise choice.
Now let’s proceed to blockchain court.

Arbitration Case: Vaults.sx team VS Hacker.

Evidence: All on-chain evidence points to the fact that Vaults.sx built a useful dApp (coded with intent to give users yield while protecting funds)...
using best practices (audits & MSIGS) & further offered a $100000 bounty displaying pure intent.

While the hacker exploited a peaceful collective, abused the #EOS user agreement, refused bounty & attempted to flee displaying further malicious intent.
(Ironically, the hacker also powered up his account FOR FREE with @eospowerup, a community funded resource, before commencing the attack. THE AUDACITY. The staggering level of contempt & gross disrespect to the #EOS DAO collective is also evident)

eosx.io/tx/629cdf1abbf…
Resulting verdict:

The Hacker lost.
Voter elected BP’s neutralized hacker accounts.

Stolen funds to be returned to patched Vaults.sx contract.

bloks.io/transaction/dd…

This opt-in arbitration case reveals the importance of the “intent of code” philosophy, the power of on-chain governance, and highlights #EOS’s governance within governance
Akin to Governance with Google 2FA level security

Hard to hack a pragmatic ethics/purpose driven community
A decision was preemptively taken by the community (voting token holders) to support the BP's take action.

This was NOT a centralised decision. @EOS_Nation gave the hacker a chance to do the right thing, next resorted to arbitration via the 15/21.
The elected BP's acted in favour of members of the #EOS collective, protected them from heavy losses, setting precedent & all without weeks/months of unneccessary controversy or a contentious hard fork.

There is tremendous value in this

It's not perfect(nothing is)
but it works
This particular resolution panned out (honored intent of code) and with a process for further refining will work even better. A few interesting takes relating to this:

Takes 1.



Takes 2.

t.me/EOSGov/211021











Takes 3.















The Vaults.sx outcome doesn’t mean #EOS isn’t decentralized or credibly neutral or whatever myths you’ll hear from motivated intellectually dishonest opponents.

It doesn’t mean BP’s will arbitrarily censor random users accounts for no justifiable reason.
#EOS is working exactly the way @bytemaster7 envisioned & how informed $EOS token-holders/voters intend it to work.
This incident and it’s handling is proof that #EOS is ready for the real world masses/businesses.

This was a defining moment that showed #EOS’s tremendous value to institutional builders & average users alike.
It drew a fine line between #EOS & every other major blockchain & definitively demonstrated #EOS unique value proposition

It shows unlike majority of the popular opaquely/centrally governed blockchains, #EOS has transparent, decentralized on-chain community-driven governance,
opt-in arbitration, and credible neutrality with a specific purpose; to positively/progressively serve the #EOS collective (every user adhering to the EUA.)

Moreover,

• This is NOT miners, @Block_one_ or some off-chain government or country dictating what #EOS should be or do.
• This is NOT a meme-coin operating on the whims of founders or celebrity influencer(s) like @elonmusk

• This is NOT a self-elected dictating council of preselected elite decision makers (hedera.com/council).
• This IS a globally dispersed collective (the #EOS community), through voting & delegation, boldly & publicly stating on-chain what it stands for, what it values and what it will NOT tolerate.
Black-hat hackers & ransomware bandits DON’T STAND A CHANCE on #EOS.

The #EOS DAO does not negotiate with terrorists, sorry.
Data can be time-stamped & hashed, (see @WordProofio), hackers couldn’t delete if they tried, and if funds are stolen, teams behind database/contracts built on #EOS can seek arbitration/intervention and avoid these embarrassing scenarios.
We’ve been quietly observing them for 3 years.
B1 doesn’t just act without good reason.

If you look closely you’ll notice #EOSIO data privacy is also in the works (part of a larger strategy to attract traditional database players to build on #EOS imo.)
What the vaults.sx arbitration/resolution means:

1. Users/Devs of quality MSIG’ed #EOS DeFi projects etc. adhering to best practices & the EUA can rest easy, knowing they’re automatically insured by voters at protocol level w/o risk of contentious forks & splits.
2. Negligent building/design/mgmt is discouraged as MSIG’s & dApp/smart contact security best practices are incentivized ecosystem-wide. (Required to qualify for arbitration)
3. Black-hat Hacking & criminal activity is automatically/actively dis-incentivized in #EOS ecosystem by the #EOS community {preventive AML compliance (as opposed to the traditional reactive, expensive, forensics/KYC dependent, protracted wild-goose chase type AML compliance),..
will save companies like @Apple @amazon @PayPal @Visa @Mastercard @Tesla @Shopify both time & money while boosting their efficiency, reducing their carbon footprint & crediting their regulatory reputations)
4. Users, Builders, Institutions will feel safer & more comfortable using #EOS for custody, settlement etc (eg. if an MSIG’d @Visa stablecoin smart contract is hacked, @Visa has option to recover funds via #EOS arbitration.
Hacker won’t even dare.
No such appeal on Ethereum etc)
Four birds, One stone.
Four positives from one hack.

All this, not to mention #EOS’s superior performance & UX for decentralized applications with scalability, human readable accounts names,..
customizable account permissions, high-throughput, low cost to feeless transactions, low latency, #EOSIO rolling updates & optimizations etc.
And if you really think #EOS’s decentralized, transparent, community driven on-chain governance + opt-in arbitration is such a bad thing then please feel free to never use an app-store or any product with terms&conditions or user agreements, never use a staking service/derivative
never join or use any other DAO on any other blockchain (which are really DAO’s with centrally opaque off-chain governance), never use an exchange or a bank, never complain when you’re a victim of crime & theft, never try to recover lost or stolen property,
never file an insurance claim, never vote in any election, never call the police, or file a police report, never sue and never go to court or seek mediation/legal arbitration to resolve disputes in real life.
never file an insurance claim, never vote in any election, never call the police, or file a police report, never sue and never go to court or seek mediation/legal arbitration to resolve disputes in real life.

Good luck with that.
Simply put, if you don’t agree with the terms of the community’s #EOS user agreement, then don’t use $EOS.

However, you can bet your bottom dollar that security & regulatory focused projects & institutions like Bullish Global et al. will be using $EOS heavily in the near future,
for a multitude of use-cases including but not limited to trading, tokenized assets, settlement, custody, arbitration. Etc.

Protocols like #EOS/#EOSIO SHOULD & WILL EXIST/PERSIST, regardless of what hardline crypto proponents want or believe.
#EOS provides a much-needed middle ground between crypto & traditional databases.

This is a good, practical thing.
$EOS makes hacks & crypto theft even harder to get away with:
cryptoslate.com/bitfinex-hacke…
The recent cyber-attack against Colonial Pipeline that triggered fuel shortages across parts of the U.S. is the latest sign of what’s at stake.

Colonial paid hackers nearly $5mil ransom in untraceable crypto after the breach.
The outcome of @Colpipe ransomware attack neither draws mainstream acceptance for crypto nor attracts a positive regulatory response/stance to crypto in general.

#EOS is different.

#EOS & the #EOS collective is decentralized crypto with fraud prevention & “Black-hat hacker repellent” all rolled up in one with superior performance & climate friendly cherries on top. eosauthority.com/green/
@Colpipe unknowingly wishes their systems were built on #EOS.

(all banks, financial institutions & government databases that have been victim to hacks & ransomware attacks wish their systems were built on #EOS)

Hope @POTUS @JoeBiden is paying attention.
Transparent, decentralized, verifiable, pragmatic, adaptable, evolving community-led blockchain governance.

Manifesting again in the promise of @RealEdenOS.

Price action is the least interesting thing happening in crypto right now.
A strengthening of incentives (already begun with powerUP NRM+REX+$10B BULLISH+Staking Proposals+EdenOS), community, governance and growth of #EOS ecosystem is imminent

HODL! STAKE! EARN! BUILD! THRIVE!

#BULLISHonEOS
Disclosure: We own $ETH & $EOS
This is not financial advice
Relevant reading:

Adequate summary/history of $EOS
100xcrypto.net/eos/

#EOS philosophy:
bytemaster.medium.com/the-intent-of-…

hive.blog/blockchain/@au…

Opt-In Arbitration medium.com/aurora-eos/aga…

Resulting Proposals:
Delete ECAF(enforced): eosauthority.com/polls_details?…
EUA: medium.com/eos-new-york/t…

EUA On-chain Proposal(enforced): eosauthority.com/polls_details?…

EdenOS crypto.writer.io/p/edenos-alpha…
Against voter rewards: decentium.org/jmart.x/agains…
Resulting proposals:
Exchange Voting Portals: eosauthority.com/polls_details?…
Proposed solution: medium.com/@generEOS/open…
Enforcement:
More soon with @RealEdenOS help.
Vaults.sx Hack summaries/lessons:

eosnation.io/safe/

eosgo.io/news/vaultsx-h…

eosgo.io/news/history-w…

Vaults.sx vault On-chain arbitration proposal(enforced): eosauthority.com/approvals/eosn…

Tech overview:

Fin/
@threader_app unroll
@threadreaderapp unroll

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with The Money Team GH

The Money Team GH Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @themoneyteamgh has new unrolls!

Check out other threads from @themoneyteamgh!

Read all threads by @themoneyteamgh

:(