[Transcript] ‘The Crazy Story behind the CoinMetro Hack’
Text transcript of EllioTrades’ Interview with Tom Tirman, CEO of PARSIQ.
Introduction, Ellio:
At the beginning of this month October 2020 the CoinMetro exchange was hacked and a significant portion of the PRQ token was stolen and this led to a challenging series of decisions for the PARSIQ team. Now as you now I am a big fan of PARSIQ, I have been working directly with the team, they are sponsor of the channel and so when I heard that some people weren’t happy with the way that PARSIQ handled the event, I began working with the team to try to bring them to find a resolution.
Now what you’ll hear over the course of this interview with the team that we’re about to play and by the way I know everything that they were going to say before they said it we’ve been working together for a few weeks to try to find a sensible resolution, present the series of events in a way that the audience could really digest it and understand the decisions that the PARSIQ team had in front of them.
As the hack really wasn’t their fault the Coinmetro exchange was hacked. However, their token was the target of the hacker’s actions. So I hope you guys enjoy this I’ve been working with the team to present a reasonable and satisfactory path forward to recover from this hack. Obviously, they protected a significant amount of holders by forking their coin and reissuing it.
However there was a noteworthy 100 to about 150 people who did buy the dip on Uniswap and while they were able to protect the 7000 plus holders that didn’t buy the dip, there were still about 100 to 150 people that were left out of that plan. So I’ve been pressing PARSIQ to try to figure out how to do something for these people — bearing in mind of course that they are a very small startup and they don’t have all the money in the world just to make it rain on everybody.
And again it wasn’t their security systems that got breached. It was Coinmetro’s, remember. So if you guys are excited to hear what went down — the timeline on how PARSIQ reacted to it and actually used their technology in a variety of ways, in addition to creating new tooling and new technology that helped them address specific issues throughout the timeline — I think you guys will enjoy this one.
So if you guys are excited, give me a thumbs up and as usual remember each and every comment is entered to win your very own Ledger Nano S.
Welcome to the channel Tom Tirman from PARSIQ the CEO and founder. Tell us a little bit about PARSIQ Tom for those of us who might not be aware of what PARSIQ is and what it does.
TOM:
Essentially, PARSIQ is a platform that makes blockchain events consumable and it makes blockchain data actionable. So we allow users — both individuals, companies, enterprises — to monitor any events across different blockchains in real-time and at scale and to connect those events to any off-chain apps or devices to automate different workflows.
ELLIO:
Yeah you know I had a when I first found your project I was really enthusiastic about it because I saw it as kind of like doing the opposite of what Oracles do which is kind of taking off-chain data and bringing them on-chain. And then you guys are kind of like a reverse oracle if you will. But you’ve also built out this really cool toolkit which is what really excited me which was not only did you build these tools to easily extract information from blockchains and make it so that app developers could just quickly access them and trigger you know actions within their applications.
But you even went a step further and built a WYSIWYG environment so that non-technical people could quickly do things like drag and drop stuff. So that is like “Hey if this happens then this then this”, and you don’t even have to code. What inspired you guys to do that? Do you guys see a lot of non-technicals that would take advantage of this toolkit in the future?
TOM:
Yeah, I think it’s a unique offering in a way that we have both the programming language and the idea for developers to utilize the full power of PARSIQ. For everyone else, we have these visual editors sort of like drag and drop templates wizards so this allows accessibility for everyone. Doesn’t matter if you’re a developer you’re a business person or just a cryptocurrency user.
ELLIO:
And you know this technology you know it’s extremely common obviously in the non-blockchain world but accessing blockchain data. I think people think it’s really easy to access blockchain data but it’s actually kind of annoying to get the data out of the blockchain. Were you guys building something and realized that this is a pain point that just keeps coming up? How did you guys decide to build this?
TOM:
So our team consists of a lot of experienced blockchain developers that have built blockchain solutions for projects like Civic, Bitfury, and these were the pain points that they themselves had experienced. The problem is that blockchain data — it’s massive — it’s unstructured and it’s difficult to make it actionable. to make sense of it. So this was definitely something that inspired us to create PARSIQ for developers to easily work and process live streams of blockchain events.
ELLIO:
Yeah and I personally think what you guys are doing you know obviously I’m building a video game for us to have the what’s the experience within the game mimic what’s going on on the blockchain. Meaning, if one user transfers an asset to another yeah you could build a custom sort of API solution. But what you guys have done kind of saves us that process and we no longer need to even…we can just quickly do a drag and drop and we have all those actions triggering so that if someone literally sends something on Ethereum it’ll literally change within our game and I think that that’s the kind of functionality that will bring blockchain into like this real developer-friendly environment that you see with like you know mobile web and stuff.
TOM:
Yeah, that’s part of the value proposition to save time for projects to save the money to save them infrastructure costs and reduce complexity.
Yeah and obviously we’ll talk about a little bit of your plans for the future but I wanted to talk now about sort of what’s happened over the last couple of months or month and a half. So obviously we all know that a couple of weeks ago Kucoin was hacked and this was kind of like you guys were debuting in my mind your technology kind of for the first time for the community where you kind of put to work some of your mechanisms to help coins that got affected by the Kucoin hack. Can you explain sort of what happened there? What your role was? How you were first notified and then you know if you guys were able to help people what that helped sort of look like?
TOM:
So one of the projects whose tokens were stolen from Kucoin is our partner NOIA network and they reached out to us with this problem. What we did we quickly realized that we can apply our tech to take a snapshot of all the addresses and all the balances held by the NOIA token at a certain block and then we can hard fork for them to restore the original token balances in a new token contract, all except the hacker’s address.
This was successful and we decided to take snapshots of all of the projects whose tokens were hacked and stolen from the Kucoin and multiple projects actually use those to successfully hard fork and restore the tokens.
ELLIO:
So you know I’d say for at least Kucoin and several communities this was a very good sort of showing of what PARSIQ can do and this isn’t even your main offering this is just something that you guys figured out you could do with your technology right? This isn’t like your main product is snapshots. This is just something that you could do by essentially being able to really easily manipulate and or not manipulate but access blockchain data and sort it into you know actionable data.
So tell me what happened about two weeks ago. We know that there was a hack on Coinmetro but I think this is where the audience is really interested to understand what happened and all the decisions that were made. Why you guys made those decisions. The timelines. Who you guys protected and then we can get to some of the stickier issues of maybe some of the people that got left behind in this whole situation. But I’ll let you tell the story and then I’ll give you the follow-up questions for the things that I think the audience is most interested in.
TOM:
So it all started with our partner exchange Coinmetro, they got hacked and as a result about three percent of PRQ’s circulating supply was stolen by the hackers. Luckily enough because of PARSIQ’s monitoring and alerting systems that Coimetro uses, we managed to save the vast majority of the funds on Coinmetro hot wallets. But among those stolens was over three and a half million PRQ tokens. So we had a difficult choice to make whether to let the hacker have his way or do apply the same technology that we use to help the project from the Kucoin hack and and apply it in this situation for PRQ.
We decided to go down that road because otherwise we would let the hacker get away with stolen funds. The hacker could suppress the price. The hacker could take the ETH that belongs to liquidity providers on Uniswap. So we decided this is the best possible decision that we could make under the same circumstances.
ELLIO:
So let’s start with the first moment because I think the timeline you know is very important here. When you found out about what was going on this was just a couple of minutes after the hacker started tampering with funds. Then walk us through sort of what the series of decisions were? What those decisions were and how do you execute them and then who essentially those decisions benefited and who was potentially hurt by those decisions? I think this is really important for the audience.
TOM:
So we decided to take the snapshot and do the hard fork but we devised a plan that involved us not only doing a snapshot and announcing it. We couldn’t announce it beforehand or give anyone time because that would give time to the hacker to sell those funds. What we did was we also came up with a plan to save the liquidity of the liquidity providers on Uniswap so it all happened at the same time. We took the snapshot, we posted the announcement in all of our social media channels and then we deliberately created a false flash crash on Uniswap by selling a large amount of the now obsolete PRQ token to crash the price over 99 percent to save the Ethereum that was in the liquidity pools and later restored the Ethereum to their proper owners.
ELLIO:
So this is where you know I think people will have some confusion but some people might even object, right? So you made the decision to create a flash crash and this was one: a way to kind of get the word out that something was going on and something was wrong. Because if you see a coin down 99 percent, you never see that right? You only see it down maybe you know 50 percent on the worst day right? But to see a coin down 99 percent you know something crazy is going on and when I saw that I immediately checked your socials. So that was sort of what I was looking for because after being in this industry for so long and loving all coins and trading them for so long it’s very rare to see a 99 percent in a day and so I went and checked your socials. But there were some people obviously that didn’t.
So you guys made the decision to do the flash crash as a way to notify the community but also you have a bunch of liquidity providers and the goal was to say, “alright if we don’t crash the price right now and take all the eth out of the liquidity pool then the hacker will essentially drain this liquidity pool and they’ll have the ETH. That was essentially your thought process, right?
TOM:
Exactly and in a way we’re successful because we took all the ETH out of the pool and later restored them to the people who provided liquidity. But we figured that after a 99 percent plus crash that most people would not trade their old token. They would understand that something is wrong but unfortunately a lot of people still traded the old PRQ after the snapshot.
ELLIO:
Yeah, I think that that’s really the group you know based on the comments in my chat and the comments on my Youtube. I think that that’s the group of people that are pretty upset. They have of course believed in PARSIQ enough to buy a 99 percent dip or a 90 percent dip. They believe in your technology and team and they were like, “Hey I bought the perfect dip here”. And some people even felt like PARSIQ dumped on them right they were like wait PARSIQ dumped on us. How do we even wrap our heads around this?
You know obviously I’ve talked with you and the team over the last week or so a significant amount trying to understand this and the decisions you made. So talk about essentially the different options because essentially it sounds like if you guys weren’t going to dump, the hacker was going to dump and take that eth essentially and that that ETH would have been — it’s not that it was just going to sit there — it’s that that ETH was essentially going to be drained by a hacker instead of restored to liquidity providers. Most importantly PARSIQ didn’t make money on this right? It’s not like you guys took that ETH had a party with it right?
TOM:
No absolutely. Actually, we had a lot of losses because of the whole process but it was all done to protect the nine, seven thousand holders that we have and also the liquidity providers. So out of the all options that we had, we felt this was the best one: the least amount of people would take any loss.
ELLIO:
Yeah, and people would have said things like why don’t they just remove the liquidity why didn’t they just burn their LP tokens or you know sort of people felt like there could have been other options. But can you explain the sort of cost and benefit of those different options?
TOM:
So there really weren’t any options because the liquidity belonged to the people, the community. We had no way to notify them. We don’t know them personally. The only way we could have notified them is by public announcement but that would have been an invitation for the hacker to start selling. So that wasn’t an option.
We had no freeze or burn function in the old smart contract so that wasn’t also an option. So this is the best plan we could have come up with.
ELLIO:
I understand you know that essentially after talking to you, you said you know we protected 7000 people and that was the goal is you protected the holders of the token as well as the liquidity providers and there was compared to 7000 people all getting hurt financially, you were able to kind of shield them as well as — however you were not able to stop the Uniswap buyers from buying that huge dip — and so there was your estimates are between 100 and 150 people that were sort of negatively affected by this bought on Uniswap and were essentially victims of of this right?
And so you know I’ve been talking with you and saying hey you know, the 7 000 people that you protected they were asleep — they slept through the earthquake. They don’t even know what happened and they’re not concerned right because everything’s okay for them.
A lot of those people it’s like nobody’s sending you thank you cards to those 7000 people. But you do have the hundred people that are very kind of upset. So I was kind of pushing you to come up with an idea of what you can do to essentially help these people and you told me you had some ideas.
TOM:
Yes, well it’s impossible for us to directly refund them and refund their losses. But we came up with an idea to help them and to incentivize them. For a while we had planned to launch a liquidity boost program to additionally provide liquidity for PRQ on Uniswap. So for them to be eligible to get additional rewards on top of what Uniswap is paying them — additional rewards in the form of PRQ — we we will now issue a utility token called PRQBoost.
And to be eligible for PRQ rewards, you have to stake some PRQBoost. So this will create demand for the new token and a substantial part of the newly minted token; we will airdrop to the people who incurred losses by trading the old PRQ on Uniswap proportionally to their losses. So this is like a way for us to help and support the community.
ELLIO:
You actually used PARSIQ technology to establish what those losses were right because you actually it’s not so easy to just look at the blockchain and say who won and who lost here. I think part of the irony of what’s happened here is that this moment should have been in my opinion a great example of PARSIQ’s technology but instead everyone is focused on the hacker the dumping the liquidity switch and all these things and no one’s quite paying attention to all the times that I think that PARSIQ kind of used their technology for good or you guys kind of solved problems with it.
To recap what problems did you address and obviously I know that you guys built a few tools on the fly to sort of identify who the victims were. Can you talk a little bit about what you guys built very quickly to kind of address this stuff just to show the audience how quickly you guys were reacting from a tech side?
TOM:
To calculate the losses we actually used our tech, we used our archive nodes along with our monitoring system to calculate all the trades of the old PRQ after the snapshot. So we know exactly who earned money by trading the old PRQ token, who lost money, and how much and when. So we have all of this data available thanks to the technology that our team has developed.
ELLIO:
And you also mentioned to me before we recorded this episode that one of the exchanges that you worked with actually made things a lot worse. Can you tell us a little bit about that? I was actually kind of just blown away. Maybe I shouldn’t be blown away but I was a little blown away by this.
TOM:
For the successful implementation of the hard fork, we needed all centralized exchanges to disable withdrawals and deposits before the snapshot. We reached out to all of them and all of them confirmed that they disabled all deposits. Trading could continue on the books because nothing moves in the blockchain actually, but it was important that no one could deposit or withdraw PRQ from centralized exchanges.
Eventually, we found out that Poloniex Exchange had a loophole in their deposit system so they removed the deposit button, but those who knew their deposit address were still able to deposit and sell that PRQ. So what happened was a few people were buying the old obsolete PRQ on Uniswap for almost zero sending it to Poloniex and selling it to people for a substantial amount of money.
Now when we found this out we asked Poloniex to hold trading immediately. But a lot of damage has already been done because people who sold the odsolete PRQ on Poloniex they already received their USDT and they had withdrawn so it was impossible for Poloniex to reverse those trades. We had multiple calls with the Poloniex team. We offered different options on how to solve this but they rejected all of the offers and basically they left the PRQ buyers with nothing, with the old worthless PRQ token.
And on top of all that, they took the old PRQ tokens which they knew were not worth anything anymore and they dumped it on the Uniswap buyers.
ELLIO:
So you’re saying Poloniex took the old token and dumped on Uniswap?
TOM:
Exactly, we were surprised as well to see this happening.
ELLIO:
And those were PRQ tokens that were supposed to belong to users on their platform right?
TOM:
Right, they dumped the exact amount that they had at the moment of the snapshot because they knew they would be receiving the new ones in that same amount. They didn’t need the old ones, so they decided to turn a little bit of money on it I suppose by selling it to unsuspecting buyers.
ELLIO:
You know obviously, exchanges are you know huge huge revenue businesses. It’s pretty surprising that they would do this for what it’s you mentioned it was something like 100 ethereum.
TOM:
Up to 100.
ELLIO:
Yeah, it seems like while that is a lot of money but for an individual, but not for an international crypto-exchange you’d think that they would be motivated more by you know trust and branding than a hundred ETH. Anyway, I think that that’s an important detail just to realize that you guys had various issues you know the essentially the core of the issue was Coinmetro got hacked you guys didn’t get hacked there’s nothing wrong with the smart contract or your technology.
But you had to make some difficult decisions and in that essentially you decided to remove the liquidity from Uniswap. That’s where things got really dicey and some community members essentially got left behind and so for whatever it’s worth I think it’s good that you guys are trying to give them something to the effect of this PRQBoost token which you guys have created. It’s not like a refund or a rebate but it is something and I think that that’s you know good that you guys are trying.
Other coins that have had similar issues just don’t do anything for these types of people who fall through the cracks so congrats to you guys for doing that.
TOM:
Thank you, and for Poloniex buyers who bought their old token and got left holding their old token because of Poloniex’s error, we refunded them in USDT.
ELLIO:
So you did refund the Poloniex victims as well so in the end you guys had a significant amount of costs that you guys paid because of this, correct?
TOM:
Correct.
ELLIO:
Yeah, so I guess you know to me I think that pretty much wraps up the timeline but I wanted people just to be you know focused again on what PARSIQ is doing and what the positive things that PARSIQ sort of emerged from this: how you guys maybe came back out of this stronger and what your plans are sort of for the future.
TOM:
It was a series of hard decisions, very difficult decisions, but I think we made the best out of what we had about the options that we had. But going forward we have some very exciting months coming we have a lot of big news. We have major partnership announcements. We will be announcing the liquidity boost program with the PRQBoost token.
Next week we will also be announcing our upgraded Tokenomics — especially excited about that one because this will directly tie the PRQ demand for PRQ token to the demand of PARSIQ services and not only decrease supply but also allow people to earn passive income. I can’t say more details yet.
ELLIO:
Since DeFi mania kicked off it seems like passive income is pretty much all anyone’s focused on and so I think that a token I actually had said to you a couple of weeks back that a tokenomics upgrade would be a smart move. Not everyone sees that our communication is right and that’s you know part of the benefit of being in the position I’m in is I get to help communicate what the community thinks to you guys and also hear what you guys are thinking internally.
I like the fact that you guys are listening so much. You know the idea for the PRQBoost token — I think that that came out of the back and forth with the community that wasn’t the original plan but you guys listened to the community. The idea for upgrading the tokenomics. I think you guys are listening to the community hearing that they wanted a little more of a connection between, “Okay so you guys have great tech you’re providing great services but how do we get the token to move?” It kind of reminds me of the Ripple Dilemma you know? You have Ripple who’s the great company who provides a ton of tech software solutions but XRP doesn’t necessarily fit into all of it.
I think it’s good that you’re doing that. Is there anything exciting I guess that’s coming up that maybe you can give us a hint of if you have tokenomics you have some partnership announcements coming up. Anything else you can tease the audience with before we before we wrap it up?
TOM:
So we also have a new product that will be launching at the end of Q4 and can’t share the details again but it’s gonna be exciting it will also tie in tightly with the tokenomics and I think a lot of the players in the industry are going to use it but more on that later.
ELLIO:
I appreciate it. Are there any final words you have for the audience based on sort of wrapping up? The whole experience, what happened, and what you guys learned, what you want to leave the audience with. Sort of some final words given in where you guys are at the end of October here in 2020?
TOM:
Well, we would like to thank the community for their support. I mean it’s been a very difficult few weeks but generally, the community has been very supportive and we want to support you back. So I think there’s a lot to look forward to for PARSIQ and PRQ in the very near future. So thank you.
ELLIO:
Thanks, Tom I appreciate it. We look forward to hearing those exciting updates in the near future.
So there you have it directly from the mouth of the PARSIQ CEO. Tom and I have been working together over the past few weeks to try to come up with a solution that would be satisfactory. I think it at least tries to offer some path to recovering some funds. What I like is that they were actually able to deploy their technology in interesting ways to take snapshots, calculate who was actually victimized — as some people who bought the dip actually made money and flipped those gains in the volatility of the market that day.
I know that some people had objected to me in private chats that they had drained the ETH from the liquidity pool feeling like PARSIQ was actually dumping on them but I don’t really see it that way. They were faced with a variety of decisions and if they didn’t do that, it felt like the hacker would have done that.
Remember Poloniex actually did go and dump on the market. As shocking as that was we still have no comment, no word from Poloniex on this. Some seriously shady business over there but personally I think PARSIQ has tried to create the maximum amount of benefit and recovery for the maximum amount of their community members. And then they were left to choose between kind of exclusively bad options here, as essentially a hacker ran off with a significant amount of their coin supply.
Regardless I’m curious what you guys think. Do you think PARSIQ made good decisions throughout this process? Do you think that they need to do more? What do you think of the PRQ Boost Program? I’ll link the blog article explaining PRQ Boost below this video.
Now I happen to know that PARSIQ has some pretty amazing stuff on the horizon. Throughout this whole event I believe PARIQ technology kind of got a battle testing here and I happen to know that they’ve been making inroads and partnerships with some really impressive projects and so there’s a lot to look forward to with PARSIQ but I think it’s important that we make sure that this event is properly addressed and that the people who feel like they were hurt by this feel like at least the team is trying to help them in the way that they can.
Now I have talked directly with the team and told them that the community management needs to be leveled up, as the way that they were handling the telegram really didn’t seem to make the people who got victimized on Uniswap feel any better about it. In fact quite the opposite.
So these are all part of the growing pains of being a small startup but hopefully throughout this episode you’re able to see that at least from my perspective PARSIQ is trying to do what they can do to make things right but I’m curious what you guys think let me know in the comments section below and as usual if you enjoyed this video go ahead smash that like button and remember that each and every comment is, of course, entered to win your very own Ledger Nano S.
Thank you guys so much for watching my name is Ellio Trades and I’ll see you very soon in the next episode.
If you have questions about using PARSIQ you can always ask our team in TELEGRAM GROUP: https://t.me/parsiq_group
