Cypher announced that losses from the exploit will be distributed among users in an initial stage, then compensated through protocol revenue when the platform relaunches.
Crypto trading platform Cypher protocol has published a plan to recover from its $1 million exploit, stating it will “socialize” losses across the platform in an initial stage of the recovery. In the first stage of the plan, the Solana-based trading platform will produce a “pro rata redemption package” of current assets it possesses, which will become withdrawable by users through a web interface. However, the platform does not currently have enough funds to pay back all depositors, so losses will be distributed across all accounts in this initial stage rather than being borne by any particular individual or group.
In a second stage of the recovery process, the protocol will raise funds through an initial DEX offering (IDO), and these funds will be used to pay for audits and further development. At the same time that the IDO is occurring, users will be issued a “debt token” representing the remaining assets they are owed by the protocol. This debt token will grant them the right to USDC profits generated by Cypher in the future, allowing the protocol’s losses from the exploit to eventually be paid back to users.
In response to our recent exploit, Cypher is fast tracking an IDO.— cypher ©️ (@cypher_protocol) August 23, 2023
Here’s the game plan. pic.twitter.com/DFnJFvj4zD
“Our foremost priority is to direct funds towards impacted users, underscoring our dedication to rectify their financial losses,” the team stated. After these funds are paid back, the team will engage auditors Otter Sec and Mad Shield to perform public audits on the patched version of Cypher, in an attempt to discover any further bugs before they can become a problem.
The protocol will only resume “after a meticulous evaluation, ensuring every potential vulnerability is addressed.” In the meantime, the app’s smart contracts will remain frozen, the plan stated.
The $1 million Cypher exploit occurred on August 8. Security researchers have yet to determine its cause. $600,000 worth of crypto drained in the attack was frozen by various centralized exchanges, preventing the attacker from cashing them in. Cypher has announced that it will attempt to recover these funds for users through cooperation with exchanges or through seizure warrants issued by law enforcement.