An update on the state of affairs as we see it right now. Specifically, what to do with affected tokens and LPs, and our initial thoughts on moving forward from the attack.

11:50 PM ยท Oct 15, 2021

7
15
4
72
If you are holding LP tokens for DEFI5, CC10 or FFF, exit them if you have not done so already in order to recover as much associated ETH as possible. Regarding attempting to burn the tokens themselves, we advise not doing so, as you will receive effectively nothing after gas.
2
1
1
14
If you have been buying DEFI5, CC10 or FFF in the aftermath of the exploit in the expectation of a rebound, please note that this will not happen. If you are considering doing so, please do not.
1
0
0
12
The DEGEN, NFTP and ORCL5 pools are safe. They are subject to the same exploit vulnerability, but the set of circumstances that enable the attack are not in place. They cannot be assaulted, but skepticism is absolutely warranted here.
1
1
1
15
It is important to note that the exploiter - at this time - still has not moved any of the funds since the attack. Our door is still open, and we encourage them to engage with us for a whitehat bounty, but recognise that this is ultimately their decision.
1
1
0
18
We have been heartened by the outpouring of support from the community: there are several experts digging for details regarding the exploiter. We are offering a $50,000 bounty for information leading to the return of funds if the exploiter does not reach out themselves first.
1
3
0
26
There are several parties in the space that stand ready to alert exchanges if funds begin to make a move. We have also been contacted by various parties with experience at a governmental level of cybercrime analysis. They are investigating.
1
1
0
18
We will be creating a forum megathread in order to field thoughts and potential ideas for recovery from our community members and the affected alike. A link to this thread will be Tweeted and pinned.
1
0
0
14
We will hold a community call on Discord on Monday or Tuesday where we can all discuss what has happened, and field ideas for moving forward. Details of this call will be publicised on this account when determined.
1
0
0
12
In terms of a way forward, it is crucial to remember that Indexed is a DAO. There is a core team (of three), but we do not a have majority control of tokens, and have not done so since March. The plan for compensation for the affected will have to be agreed upon as a community.
1
0
0
19
We have spoken to @RariCapital regarding their insights from their previous hack. They have provided some ideas. We would like to thank them for their time and kindness. They're phenomenal people who dropped everything to assist us however they could.
1
1
1
32
Indexed Core will consider some proposals ourselves, and put these forward to the community by next Friday, the 22nd of October. We cannot - and should not - determine this unilaterally. In this situation, the three of us are informed community members rather than controllers.
1
0
0
17
This is not the end for Indexed: we have a vision, and will continue to build it out, with your support. It is painful for us that we are a few months away from upgrading the core protocol to a version which we always intended to be fully audited before release.
4
0
0
25
Good intentions for future actions do not make amends for damage already done, however. We will now never know if this exploit would have been caught in either formal review or by community efforts such as @code423n4 and @immunefi.
1
0
0
16
We are - as ever - available in the Discord server to talk. Community input is dearly welcomed. Thank you for your patience, your support, and your well-wishes. It means the world, to us as people and to the DAO as a protocol.
1
0
0
20
We will be in touch with further details soon.
0
0
0
18