GoodDollar Community Update: Navigating Challenges and Forging Ahead

GoodDollarHQ
GoodDollar
Published in
8 min readDec 21, 2023

The Good Labs Foundation extends its gratitude to the resilient GoodDollar community. Transparency and inclusivity remain at the forefront as this update shares crucial insights into an incident that impacts the communal GoodDollar mission and protocol.

Reflecting on the founding principles of GoodDollar, as outlined in the original 2020 whitepaper, the mission has always been to cultivate an accessible ecosystem with a commitment to transparency, inclusivity, and community empowerment at its core. As referenced in the whitepaper, “the GoodDollar protocol presents a community-driven, distributed framework designed to generate, fund, and distribute global basic income via the GoodDollar token (hereafter “G$”).”

As the year concludes, it’s important to recognize the significant collective progress that’s been made in advancing financial inclusion over the past several years. In closing out 2023, over 650,000 people across 181+ countries have claimed G$ UBI, while the GoodDollar protocol continues to be one of the most actively used protocols worldwide. When it comes to creating real, meaningful impact, the diverse GoodDollar community, with over 20 local chapters worldwide, has led countless workshops, community events, and various local implementations that resulted in millions of dollars worth of peer-to-peer transactions, just this year alone.

Despite the challenges faced earlier this week, GoodDollar remains committed to its core values of transparency, accessibility, inclusivity, and community empowerment. Nonetheless, it’s crucial to acknowledge the difficulties that have arisen from this past week.

What Happened

On December 17, 2023, GoodDollar protocol faced an unforeseen security breach. The GoodDollar Reserve smart contract was exploited, leading to the unauthorized withdrawal of 627,328.47 cDAI and the unapproved minting of 14 billion G$ tokens. This exploit, rooted in untrusted input, revealed a code vulnerability in the GoodDollar protocol. All protocol contracts had undergone rigorous security audits prior to deployment.

The breach had a pronounced impact on G$ liquidity, as the unauthorized hacker proceeded to liquidate approximately 1 billion G$ tokens through decentralized exchanges (DEXs) on sidechains, significantly affecting all G$ holders.

The following lists all wallet addresses and transaction hashes involved in the original exploit of the GoodDollar protocol:

  • Wallet address that created the exploit: 0xec577447d314cf1e443e9f4488216651450dbe7c
  • The transaction was funded by additional wallets:
    i)
    0xec577447d314cf1e443e9f4488216651450dbe7c
    ii) 0x6c08f56ff2b15db7ddf2f123f5bffb68e308161b
  • Of which, were funded with ETH via Tornado Cash:
    Transaction Hash: 0x2c518fced86c9f50c7a7b991d590b69861bb9456676207950df83ab5e1383ec0
  • And funded with Fuse Token from ChangeNow:
    Transaction Hash:
    0xf0e60b79f1d454dea70147c8612c5689bbf33a2e36db52b96a27a6ccf22d24cd

The following lists all wallet addresses identified as holding funds (DAI, G$, G$X):

  • 0x6738fa889ff31f82d9fe8862ec025dbe318f3fde
  • 0x6c08f56ff2b15db7ddf2f123f5bffb68e308161b — holds the 625k DAI from the GoodDollar Reserve
  • 0xec577447d314cf1e443e9f4488216651450dbe7c
Flow chart detailing GoodDollar’s December 17, 2023 incident, provided by voluntary blockchain security analyst from the community.

Response

Immediate Actions on the Day of the Incident (12/17/2023)

  • Upon identifying the attack, a call was issued to the GoodDollar Protocol Guardians via standard communication channels. In response, the GoodDAO paused the core protocol contracts, including the GoodDollar Reserve, to mitigate further impact.
  • The GoodDAO, via the Protocol Guardians, inserted protection mechanisms that would dissuade the hacker from transferring any of the stolen funds. The Protocol Guardians added a 100% transaction fee to the remaining 9 billion G$ in the hacker’s possession, ensuring that any trading of the funds would benefit the GoodDollar Reserve.
  • Community members are urged to remain vigilant, monitor, and steer clear of any transactions involving the attacker’s identified wallet addresses.
  • Good Labs Foundation temporarily disabled the GoodWallet and GoodDapp.
  • Good Labs Foundation reported the incident to Chainalysis.
  • Good Labs Foundation reported the incident to Cayman Island Authorities and submitted an Internet Crime Complaint. Malicious addresses were also shared in various industry groups.

Subsequent Actions Taken (12/18/2023–12/20/2023)

  • After evaluating the 67% increase in the supply, the GoodDAO via the Protocol Guardians decided to resume G$ UBI distribution as soon as possible while trying to resolve the sudden increase in G$ supply.
  • The GoodDAO has allocated a pool of G$ tokens to resume UBI distribution, independent of the status of the GoodDollar Reserve. Good Labs Foundation has also donated a portion of G$ holdings to support this mission.
  • The GoodDAO via the Protocol Guardians, burned approximately 3.6 billion G$ UBI that were illicitly minted during the exploit.
  • GoodDollar Protocol core contributors made efforts to contact the hacker in public and private, urging the return of stolen funds.
  • As a show of support, Chainalysis created an incident report and tagged all wallet addresses (as red) involved in the exploit. All addresses are now flagged, tracked, and monitored by global law enforcement agencies that use Chainalysis.
  • To further safeguard against abuse, Good Labs withdrew most of its G$ liquidity from sidechains.

Consequence

  • 627,328.47 cDAI were drained from the GoodDollar Reserve. There still remains an opportunity for the hacker to return the stolen funds to the Reserve for the good of the people.
  • 14 billion G$ were minted, significantly inflating the supply from its pre-incident total of 6 billion G$.

Total G$ Supply: 17,279,832,159.88

(as of 12/20/2023)

  • Mainnet: 11,008,046,241 | 64.8% of supply, of which 9 billion G$ are frozen in the hacker’s wallet
  • Celo: 2,240,223,365 | 11.2% of supply
  • Fuse: 4,031,562,554 | 25.1% of supply
  • Currently, there’s limited G$ liquidity availability on sidechains.
  • Efforts are underway to update the GoodDollar Dashboards to reflect accurate data feeds following the incident.
  • Good Labs has temporarily paused programming slated for January 2024, including the Prosperity Grants Program and the introduction of the new Ambassador Points initiative, with plans to resume at a future date.

What’s Next

  • The GoodDollar mission remains unchanged. GoodDollar continues its commitment to building an open, sustainable universal basic income protocol through blockchain technology.
  • Thanks to the GoodDAO, the protocol is live and distributing daily G$ UBI. However, the GoodDollar Reserve is under review.
  • There will be a working group established to explore effective strategies and viable pathways for improving GoodDollar liquidity. Details regarding how you can participate in this initiative will be available in January 2024.
  • Security will take a more prevalent role in the innovation and development process, both for the GoodDAO and Good Labs Foundation. Good Labs Foundation will seek to find additional security partners that are willing to offer pro-bono services on behalf of the GoodDAO, and all community members are encouraged to do their part in proactively pursuing ways to support the protocol’s security.
  • This incident presents an opportunity to create a better GoodDollar. As the blockchain landscape has evolved, so too must GoodDollar. Standing as the world’s largest decentralized UBI community, GoodDollar is at a pivotal point where resetting is an opportunity to implement improvements and enhancements, many of which have been envisioned since the GoodDollar protocol’s inception in 2021.

Your Support is Invaluable

In recent days, the wave of support that has swept in from the GoodDollar community has been nothing short of inspiring. From the very beginning, GoodDollar has been committed to fostering a community-driven protocol, and the outreach from community members, partners, and stakeholders expressing an eagerness to help during this challenging time is a testament that GoodDollar’s strength and value are deeply rooted in its community.

Highlighted here are various initiatives started and inspired by community members, offering meaningful ways to help support GoodDollar’s path to recovery:

1. Share Your Story

What is it: A community-initiated social movement aimed to inspire through a collection of personal stories about GoodDollar’s meaningful impact.
How to get involved: Join the movement by sharing your own story about how GoodDollar has impacted you and your community, followed by the hashtag #StandwithGoodDollar.

2. Donate to #StandwithGoodDollar

What is it: Inspired by the many people who reached out wanting to help, the Good Labs team created a new & dedicated wallet to accept crypto donations that will be used to help relaunch G$ liquidity when the time comes.
How to contribute: Donations can be made via the GoodWallet or any Ethereum wallet. Crypto donations of any token (including G$) on the Ethereum, Celo, or Fuse blockchains are accepted, including Ethereum L2s such as Optimism, Base, Polygon, etc.

ENS: standwithgooddollar.eth
Ethereum Wallet Address: 0xA5e51aF835a0cDf7D5cE12ee15A3A5cD49A6E958
Donate via GoodWallet

Donate via EVM-Compatible Wallets
Donate via GoodWallet

3. We Want to Hear From You

What is it: Now more than ever is the time to express your opinions and suggestions about the GoodDollar protocol. What improvements do you want to see? What changes would you like to see implemented? Your insights are key in shaping the GoodDollar protocol into the UBI infrastructure that you want to see.
How to get involved: Complete the user survey and share your thoughts, feedback, and suggestions. Your voice is vital in guiding how the GoodDollar protocol can evolve and improve.

This is a defining moment in GoodDollar’s journey. Despite all the unanswered questions and uncharted path ahead, these challenges are embraced as an opportunity for collective rebuilding. GoodDollar, together with its community, remains committed to its mission and ready to navigate through these difficult times and emerge stronger than ever before.

FAQ

To ensure transparency and clarity, here are the most frequently asked questions that have emerged from the community.

Could this hack affect my personal data?

Upon investigation, this exploit was isolated to the GoodDollar Reserve. All your personal information related to GoodWallet or GoodDapp was not affected, according to the standard privacy policy.

Does this hack affect my personal holdings in the GoodWallet?

The GoodWallet is a non-custodial wallet, meaning that you have full control over your keys and G$ tokens. You can view your G$ tokens in any Web3 wallet.

When will the GoodDollar Reserve be restored?

The GoodDollar Reserve smart contract is up, but minting of new G$ is currently disabled. A new working group will be established January 2024 to determine the optimal re-set plan for G$ minting and improving G$ liquidity.

--

--

GoodDollarHQ
GoodDollar

GoodDollar is a series of ongoing experiments and research, establishing an economic framework designed to reduce global wealth inequality through UBI.