While I am extremely sorry for those that lost their fundraiser seed, I must speak strongly against this proposal.
The main reason why I am against it is because it is exploitable. There is a chance that some users in the 5% that have not send a transaction yet may see their ATOMs be stolen from them. If their Bitcoin or Ethereum private key were compromised, this proposal would effectively enable the hackers to seize their ATOMs as well. I think that while unlikely, the fact that this possibility exists should disqualify the proposal immediately.
Additionally, this proposal opens the possibility for malicious actors to attack the reputation of the network. All they need to perform the attack is to collude with one of the users that have not sent a transaction yet. Here is how the attack could unfold:
- Alice is in the 5% of users that have not sent a transaction yet. Alice possesses both the bitcoin private key she used in the fundraiser and the fundraiser seed. She decides to collude with Bob to perform the attack.
- Alice gives her BITCOIN private key to her friend Bob. Then, she and Bob both short the ATOM market. Then, Bob performs the recovery procedure in this proposal and transfers Alice ATOMs to his own address, and sells them all on the open market.
- Alice starts the reputation attack a few days/weeks after. She publicly says she lost her Bitcoin private key a while back, but not her ATOM fundraiser seed. She proves she owns the fundraiser seed, and starts to speak out in every community channel asking where her ATOMs are.
- If she and Bob are clever enough, they can start a coordinated FUD campaign on the Cosmos network claiming the community allowed for an exploitable proposal to be implemented, and resulted in her losing her funds.
- ATOM price tanks, Alice and Bob profit.
Of course, there is a high likelihood that no such attack would occur, but do we really want to take the risk? This would be a major hit for our community. What I’m getting at is: do we want to take the risk of implementing an exploitable proposal to help a few people? Are there no other ways?
My last point would be this: what kind of precedent would such a proposal set? We have many examples of communities being torn apart by “fund recovery proposals”. The latest example is the Parity Multisig hack. The Ethereum community said no to the proposal, even though:
- The proposal was NOT exploitable, whereas the one at hand is.
- Many more people and projects were involved. The value was much more significant.
Again, I am very sorry for the individuals that lost their fundraiser seed, but I would not risk the cohesion of our community and the reputation of our network over it. Maybe we can find an other way, but I sure hope it does not involve any possibility of exploit.