Describing the opt-in equivalent to the opt-out is, at best, misleading, if not outright false.
Throughout our year of activity as a validator in the ecosystem, we’ve conducted over a dozen rescue operations to safeguard users’ assets from compromised wallets and seed phrase leaks due to phishing attacks. Primarily, we’ve utilized frontrunning attacks, as mentioned by @RoboMcGobo, which involve injecting the signed transaction precisely at the unbonding block. Competing in this realm demands substantial preparation and resources, efforts that most hackers don’t typically undertake unless the victim is deemed worthy of their attention. Until now, we’ve successfully recovered all users’ funds. However, since the introduction of LSM, the security landscape against leaks has drastically shifted. The attacks prompt swift LSM liquidation of ATOMs, leaving the user with an empty wallet. It’s essential to clarify that in such cases, the attackers can only steal ATOMs, as they forced to initiate the regular unbonding of all other tokens. While rescuers can usually recover these leftover funds, affected users still endure significant losses, given that ATOM is typically their largest asset in the portfolio.
One might argue that these users are accountable for their losses and that it shouldn’t be our collective responsibility to bear the consequences of introducing the LSM, asserting that making it opt-in could deter DeFi adoption. We strongly oppose this perspective. Thus far, LSM adoption has been relatively slow, with one possible explanation being the widespread ignorance surrounding its existence and capabilities. To us, this presents a precarious situation. Hence, we’ve opted to support a preemptive approach until education on the LSM’s capabilities offsets the prevalent ignorance regarding its advantages and risks. For context, we’ve undertaken a similar initiative concerning authz transactions: Authz Module: Education on the Risks is Needed.
The rationale behind our support for an opt-in mechanism for the LSM is clear-cut. It offers a net and immediate protection to all ATOM users, with minimal detriment to DeFi. To mitigate any adverse effects on LSTs adoption, we propose:
- Introducing a soft opt-in with a reduced activation period to a few days (48 hours, at least).
- and/or set a time-cap to 20% of user stake accepted within the LSM for each period (48 hours minimum recommended here as well).
We sincerely hope that the community will listen to this call and act accordingly. We should not accept false statements and let them blur rational judgement. We are open to debate openly about the technical details but the truth must be told first, being direct actors in multiple leak recoveries we hope that our statement will shed light on what is factual and what is not.