===

Title: Proposal for srategic reevaluation of legal actions post-security breach and proposal for forward path

Date: 24th Feb 2024

Proposed by: Starlay Chan Initiative (SCI)

===

Summary

In light of the recent security breach, SCI has undertaken a thorough review of potential legal actions with our legal advisors. This evaluation has highlighted significant challenges and costs associated with legal enforcement, notably the process of obtaining court-issued orders directed at CEXs. This proposal outlines these findings in detail and presents alternative strategies for community deliberation.

Legal Enforcement Challenges

Obtaining Court-Issued Orders:

• The process to secure official orders from the courts mandating CEXs to release pertinent information is not only protracted but also financially burdensome. Preliminary assessments indicate that the initial phase of obtaining such orders could extend over several months, with costs potentially escalating to several hundred thousand dollars. This figure accounts for the complex legal procedures involved, including but not limited to drafting, filing, and litigating the necessary legal documents.

Identification and Apprehension Challenges:

• The probability of successfully identifying the hacker(s) through CEX account information is relatively low. Hackers often operate using numerous accounts, and there’s a high likelihood that the accounts used in the breach are not directly linked to the actual perpetrators. The endeavor to pinpoint and verify the correct accounts would incur additional time and financial resources.
• In the event that the perpetrator(s) are identified, the process of apprehension could be exceedingly lengthy and would likely require extensive international legal cooperation and potentially even extradition, further compounding the complexity and cost.

Given these considerations, the potential outcomes of pursuing legal enforcement may not justify the significant financial investment required, leading us to reassess the viability of this approach.

Proposed Focus Shift

Considering the above challenges, SCI proposes to pivot our strategy away from pursuing uncertain and costly legal enforcement towards more practical and collaborative measures. This includes enhanced coordination with CEXs for account monitoring and blacklist implementation, areas where we’ve already seen willingness to cooperate from platforms like Whitebit and Huobi. Also

Community Engagement and Decision-Making

This juncture presents multiple paths forward, which we wish to discuss with the Starlay Finance community. It’s important to reiterate that Starlay operates under a DAO governance model, with no single entity making unilateral decisions. As such, SCI’s role is to contribute to the dialogue and support the community in arriving at a consensus through voting. Here is how our decision made: Starlay Governance Process

Option 1: Rebranding and Evolution with Continued Support and Enhanced Compensation Strategy

Under Option 1, SCI proposes to discontinue legal enforcement efforts due to the high costs and uncertain outcomes associated with such actions. Instead, SCI will continue to operate and contribute to the Starlay Protocol as it has done to date. The option suggests rebranding and reallocating Starlay’s future tokens.

Key Considerations:

• Treasury Assets: The majority of the current assets in the Treasury have been accrued through dApp staking revenues on the Astar network. Given that these assets are intended for use within the Astar ecosystem, their allocation towards compensation will require community consultation and approval through a voting process.
• Financial Reserves: In continuing operations, SCI aims to maintain a 50% reserve within the Treasury to ensure operational sustainability.
• Introduction of New Tokens and Evolution Strategy: The emphasis shifts towards a broader strategy of protocol evolution and community support. The potential for future token issuance, aligned with the rebranding initiative, will be explored in close collaboration with the community. It is crucial that any decision regarding token issuance and the specific mechanics of compensation be ratified through community voting, ensuring alignment with the collective vision and interests of the Starlay stakeholders, however there is high possibility that the users suffered from this time incident would be allocated the new token.
• Continuous Efforts to Recover Funds without Legal Enforcement: We will pursue measures without legal enforcement. We remain committed to tracking wallet addresses, collaborating with CEXs, coordinating efforts with the Acala and Certik teams, engaging with the BNB security team, holding discussions with the Parity team

This option emphasizes a balanced approach that prioritizes community support and protocol sustainability over the uncertain returns of legal enforcement. Should the option 1 be selected, SCI commits to dedicating its full efforts towards contributing to Starlay’s future, with a clear outline of contributions and future scope as detailed in the provided forum link: Starlay Chan Initiative (SCI) 6-month budget request

Noted

Regarding the token distribution, we have outlined two options for consideration. These options will be subject to a separate voting process, distinct from the current vote.

Option 1-1: USD-Based ASTR Distribution

Under Option 1-1, compensation for the hack will be calculated based on the USD value of DOT/LDOT at the time of the hack, and ASTR will be distributed accordingly. This approach ensures a swift distribution process

Option 1-2: DOT-Based ASTR Conversion and Distribution

Option 1-2 proposes converting ASTR to DOT based on the current valuation and then distributing DOT to the users. This method aligns compensation with the original asset lost but may require additional steps for conversion and distribution.

In both cases, if any stolen funds are recovered, compensation could potentially increase from 40% to up to 100% of the initial user loss. Should the recovery exceed the losses, the surplus will remain with Starlay treasury, considering the initial 40% compensation was provided from the treasury.

Option 2: Dissolution of Starlay and Cessation of Hacker Tracking

Option 2 involves the dissolution of Starlay Finance and the cessation of efforts to track the hacker, including the use of Treasury funds for such purposes. This option would entail liquidating the Treasury and using the remaining assets for community compensation.

Key Considerations:

• Community Consultation: Similar to Option 1, the use of dApp staking revenues from the Treasury for compensation requires community input and approval, given their intended use within the Astar ecosystem.
• Vote-Driven Decision: The decision to dissolve Starlay and allocate the remaining assets for compensation will be determined through a community vote, ensuring that the chosen path aligns with the collective preference of the stakeholders.

This option represents a definitive closure to the protocol’s operations, focusing on equitably distributing remaining assets to the affected parties.

Option 3: Pursuing Legal Enforcement

Despite the outlined challenges and costs associated with legal enforcement, Option 3 remains on the table. This option would involve proceeding with legal actions to attempt asset recovery and hold the perpetrators accountable.

Key Considerations:

• Cost vs. Reward: As previously discussed, the potential costs of legal enforcement may outweigh the possible benefits, making this option less favorable compared to the alternatives.

Option 4: Continuing Development Without Compensation

Under Option 4, the Starlay Chan Initiative proposes to continue the development of Starlay Protocol without providing compensation for the security breach. This option focuses on moving forward with the current development plans and strategies to enhance the protocol’s features and security, without allocating funds from the treasury for compensation purposes.

This approach prioritizes the long-term growth and sustainability of the protocol, leveraging the current assets and resources to improve and expand the platform’s capabilities. The decision to not provide compensation is based on the assessment of the protocol’s financial health and the strategic direction aimed at maximizing the protocol’s potential and value to its users and stakeholders.

Next Steps

We will put the proposal to a vote via Snapshot in 3 days

Voting Schedule

Snapshot Voting: 27th Feb, 09:00 UTC - 1st Mar, 09:00 UTC.

Voting Option

1. Rebranding and Compensation
2. Dissolution of Starlay
3. Pursuing Legal Enforcement
4. Continuing Without Compensation

Hello, after having read many responses to the initial proposal, those of us who have been affected by the hack are part of the community, any that does not contain compensation to the users will be considered negative for ACALA, ASTAR, STARLAY.
They are losing the opportunity to do something positive and not looking for a solution that provides a positive path, if they close the protocol or do not compensate the users, the reputation of the site and the developers will fall, like the rest of those who supported STARLAY.

I think it would be better to merge this option 1 and option 2 because it could split the votes of users who think they should be compensated.
I can see such opinions in the general-chat of Discord.

Thanks for your suggestion. This makes sense to me. I’ll make the necessary adjustments.

Thank you for the adjustment

Option 4 is a gravestone for the chain, who will further invest in a protocol that doesn’t gaf about its users?

Will users who have been hacked and have no possibility of purchasing governance tokens be listened to? How can we vote?