Umbrella Network
Published in

Umbrella Network

Internal AMA Recap with Umbrella Network’s Senior Advisor, Sam Kim and President, John Chen: Recap

Umbrella Network’s Senior Advisor, Sam Kim and President, John Chen, recently held an internal AMA in the main Umbrella Network Telegram channel to answer questions from the community.

Venue: Umbrella Network Telegram Channel

On: Friday. Tuesday, 17th May 2022 | Time: 3:00 PM UTC

Umbrella is a scalable, community-owned oracle that securely brings external data on-chain. It is the first decentralized oracle service to empower the community with the scale and security modern DeFi applications require.

The transcript is almost entirely in its original AMA form, mildly edited for punctuation and readability only.

*** AMA starts ***

EMILY:

We know a lot has been happening, both at Umbrella and in the broader economic and crypto markets as a whole. So thanks for your continued support and for tuning in today.

JOHN CHEN:

Thanks for hosting as usual. and thanks to the community for your continued support and for tuning in today.

So as a preface to today’s AMA, Umbrella’s chain oracle contract got exploited a little over a week ago, and we know that there have been a lot of questions from the community about what happened, and how that impacts the project, and our plans moving forward. So we wanted to have this internal AMA address many of those questions.

We will have this AMA in 2 sections. In the first section, Emily will be asking us a series of questions, which were all taken from the community, off of the telegram chat channels, or from Twitter. They have been paraphrased and condensed a bit for clarity purposes, but should reflect a portion of the current questions and concerns from the community.

Anything that’s not covered in this section, the community will have a chance to ask additional questions in the second section when we open up to live Q&A. Again thanks for tuning in and let’s get started.

PART ONE:

Q1. What are we doing to prevent another exploit from happening again? How do we know if the rest of the code has issues too?

JOHN CHEN:

We have outlined in detail in our statement to the community all of the action items that we are taking to prevent this from happening again including

1) Comprehensive code review and subsequent audits where necessary

2) Establishment of a security subcommittee to oversee the project security and processes

3) Hiring of a QA tester

4) Look to procure insurance for our oracle data feeds, among other things.

Here’s the link to our statement: https://medium.com/umbrella-network/update-on-umbrella-oracle-exploit-67ac0fe4414b

And our technical post-mortem: https://medium.com/umbrella-network/post-mortem-chain-exploit-2022-05-08-6007801b321d

For those of you that have not caught up, please feel free to read through.

Q2. Will the funds taken from the other projects be recovered?

SAM KIM:

We are working with a third-party specialist, someone who has worked on previous other project hacks and successfully recovered funds for some of those projects. While it is uncertain whether they will be successful in our case, we are still pursuing this course of action. For obvious reasons, we cannot share information publicly as that could weaken the investigation.

Q3. Why are we using UMB to pay for the hack and why the partner fund?

JOHN CHEN:

We are using UMB for 2 reasons.

1) Given the current market conditions, we want to conserve as much stablecoin in our treasury as we can.

2) Giving out part of the payout in UMB brings the other projects closer into our ecosystem and aligns our interests together.

We are however open to using tokens from our founding team fund instead to provide the UMB tokens.

Q4. How do you think the hack will affect Umbrella’s reputation for future partnerships?

SAM KIM:

While we have no data to suggest that it has been affected (i.e. our pipeline has not changed), we can’t deny that this latest exploit has impacted Umbrella’s reputation. We are in the process of undergoing an extensive and comprehensive audit of all of our smart contracts, and we are weighing some other options. We will be putting forward a strategic proposal to the community that will help to address and alleviate these potential market concerns and restructure our project.

We will have a proposal detailing our planning moving forward for the community in the next 7 to 10 days. The proposal is likely to include elements of open sourcing to provide more assurance and how we plan to expand our network of operators and strategic partners.

Q5. With the hack and the promise to implement more security measures, how much do you think this will stifle progress regarding the roadmap?

SAM KIM:

We have spent a considerable amount of time reviewing and assessing our overall situation in light of both the most recent exploit, as well as the current rather challenging market conditions. We believe given the current circumstances, we will be focusing our time in the short term to reviewing all of our code and making sure everything is audited and secure.

We will also look to focus on a few key initiatives for the project. We will be submitting a detailed proposal to the community within the next 7–10 days as mentioned above outlining the new roadmap and key initiatives for feedback.

Q6. How much runway is left for Umbrella?

JOHN CHEN:

The hack and subsequent payouts have depleted a chunk of our stablecoin reserves. We have taken steps to streamline our team and operations to lower monthly overhead. We currently have enough to run the business in the short term (3–6 months), pending these cost-cutting measures. We will look to raise additional capital to realize the longer-term vision. As mentioned before, we will submit a detailed proposal for a restructuring in the next 7 to 10 days for community feedback and approval.

Q7. Is the team sticking around?

SAM KIM:

The team continues to be committed to the project. However, there is a need to restructure and streamline. As an example, we will be reducing our engineering team from a headcount of 15 to something more sustainable. We will accordingly adjust our roadmap in light of these adjustments. However, much of the base product has been completed at this point. More information will be included in the detailed proposal on our restructuring, strategic positioning, and longer-term plans.

EMILY: Thanks so much for that Sam!

I think I can also respond to that rest assured everyone we are a long-term project.

We aren’t going anywhere, no matter what challenges we face or what obstacles get thrown in our way.

When things go wrong — and they will — we will simply get up, dust ourselves off, do our damndest to course-correct, lean on our community for support, and keep putting in 1000% til we reach our goals.

Can’t tell you how much we appreciate this community and all of your incredible support. Thank you, guys!!

Q8. Can Fortress just dump the UMB tokens they will be receiving and therefore reduce the price of UMB?

JOHN CHEN:

The tokens will be vesting linearly over 1 year, so they will not be selling into the market all at once. Monthly it translates to about 830K of UMB tokens that they may or may not sell. We will not be speculating on the UMB token price. However, if and when Umbrella is able to raise an additional round of capital, we can look to potentially complete the payout in stablecoins instead of tokens.

Q9. The hack will give us bad press, do you have a marketing strategy that will resolve this?

JOHN CHEN:

There has been a significant amount of press overall covering a plethora of negative news in the crypto markets over the past week plus (i.e. Luna / UST and others). We were fortunate to not get covered much, if at all in the press. So I don’t think we were impacted.

Q10. Looking back and reflecting on 2021, do you think venturing into blockchain gaming was a wise decision while the organization had not scaled up yet?

SAM KIM:

The code that was exploited was deployed back in August of 2021 when we still had a lean team and moving against an aggressive roadmap. While we had strict development processes defined, they were not adhered to while we were developing to meet our targets and roadmap goals.

Furthermore, MetalCore and Sandstorm are distinct and separate entities with their own team and funding. In other words, they are separate projects from Umbrella. Umbrella merely made a small investment in the private round. Umbrella resources are not used.

As it pertains to the larger blockchain gaming, Umbrella has not begun developing in this area. Some R&D continues to happen about what data needs to be on the chain. But the development of this product is further down in our roadmap.

While gaming remains an attractive market for us, we balanced our resources and our roadmap accordingly.

Q11. For Sam — you have been away from the project (to the public/community) for a while promoting MetalCore, do you think that was a good decision?

SAM KIM:

The decision to be less public facing is a result of wanting to separate my influence from the community council, validators, and others in the community. Our goal is to be a DAO that is independent of any single person.

We have great leaders who have become great representatives of the project.

I remain fully involved and committed to the day-to-day operations of Umbrella Network.

Q12. So… last question for this section before we move to the live session…

Umbrella acquired Lucidity but the community has seen little to marketing and Lucidity. What benefits do they bring to Umbrella?

SAM KIM:

Fortune 500 brands move far more slowly than crypto projects. Lucidity continues working closely with brands and agencies such as Samsung, Dentsu, Omnicom, and others.

Space Agency award: https://www.outer.space.be/fr/blog/mixx-awards-the-winning-cases-of-space

https://medium.com/umbrella-network/lucidity-clinches-silver-in-iab-mixx-awards-754b7a3948e9

We hope to share additional public news with you soon. We’re awaiting approval from client teams. These things tend to move slowly with big brands and agencies.

PART TWO.

LIVE SESSION:

Q1. Those 12.5 Mil Umb tokens, should be bought by the team from the market (Kucoin), Don’t you think it s fair that way ?? Is it our fault the third hack is happening? Those companies that you recompense with 12.5 mil Umb, will DUMP ON US!! We have suffered enough with 10x down from our first investment in UMBRELLA! Don t U think 37 Mil Umb from VC s release this year, is enough selling pressure on us ?? Do we need to handle another 12.5 umb that they will sell on us? Please …Don’t Make Umb token value $0.001

SAM KIM:

We will take your input into consideration. However, it is important to retain our team. And penalizing them will probably have a negative consequence. We had to move quickly. We consulted the Community Council when striking the deal. We believe the deal terms were fair.

We will explore ways to renegotiate should we have the treasury post additional funding.

Q2. Thanks a lot for this AMA John, and Sam. It answered the most burning questions I have seen most people have.

John, I noticed you saying that the team is open to potentially paying the reimbursement for the hack from the founding Team fund, is this something the community should create a proposal about?

JOHN CHEN:

Yes, we can use the team fund for the UMB token reimbursement instead of the partner fund. We will abide by whatever final vote by the community on what to do for this.

Q3. Hey Sam & John. Here are some questions from a community member who couldn’t make it:

1. What are your plans for the rest of the year?

2. Where do we stand with DPOS?

3. How will the bear market affect the token unlocks for the team? Does it make things difficult from a financial perspective?

4. Did the recent exploit change your view on current audit policies and what is done to make sure this will not happen again?

5. Is Umbrella still a financially strong organization?

SAM KIM:

Thanks for filling in. I will just take the last question since many of the other points were addressed or will be addressed in the upcoming proposal.

Umbrella as mentioned has limited treasury at this time. But despite the market conditions, there are many funding options available to us. While we haven’t secured any additional funds, we are hopeful and optimistic. We will keep you posted.

Q4. When are you listing on tier 1 exchanges?

SAM KIM:

We don’t discuss listings

Q5. Hi John, Sam,

I’m totally going to disrespect the Q&A format, guess my ego doesn’t allow me to just relay the q’s. Also, I think most of them need context and not often do I get the chance, or feel the need, to ask you questions. So here goes:

Considering you aim to be a community-owned oracle:

(1) What made you decide to provide a solution to the projects affected by the hack, without consulting the community (through a vote or having the community council deliberate with the community)?

Community members will be affected by the (not insignificant) issuance of tokens to the affected parties in multiple ways. Often a topic of conversation within the community is that so far, despite having formed plenty of partnerships with respectively smaller projects, we have yet to form partnerships with high profile (i.e. top 200 ranked in mc) projects.

The recent hacks will have hurt the Umbrella Network’s reputation and these projects will be more reluctant to use your services;

(2) What will you do in order to attract partnerships with projects that are making a significant impact in the industry, that will currently be hesitant to use your services?

The recent hack has caused a sufficient dent in the partnership funds (and the treasury?), funds that were supposed to be used for growth purposes;

(3) What specific consequences does this have for forming partnerships in the future?

(4) Will you consider securing a series B funding?

You have the technical solution to scale up massively. Having followed the progress closely this last year, I cannot help but think that scaling up the organization in concordance with the ambitious plans has become increasingly difficult since the end of summer ’21. This often leads to the (quality-)problems and challenges you’ve been facing recently;

(5) In retrospect, was venturing into blockchain gaming while the organization hadn’t been properly scaled up yet a good decision?

(5 1/2) Perhaps Sam’s prolific character caused you to ‘drop the ball’ in maintaining the quality on the things that were already in place a little?

Lastly, I advise you to be vigilant around installing the Security Subcommittee (or installing it as a temporary solution at most). I understand the recent hacks are forcing you to implement quality inspection, especially as you work with external parties and/or freelancers. But no decent employee/worker wants to have their work checked, and I don’t consider Miguel (just an example) as the kind of guy who wants to continuously check others’ work. In my experience, this will either cause irritation or will not be done properly over time.

It is natural to get addressed to critically in these times, but I also want to express my sympathy. It’s not easy to build and scale up a company. You are clearly committed to succeeding and working ambitiously and relentlessly toward your goals. Amidst all that, you still take time to address a community, so thank you for that.

I prepared my q’s before the internal AMA started, I see most of these questions (might) have been answered in the meantime. Ofc no need to address the ones that have already been addressed again.

SAM KIM:

I’m going to break down your questions into parts. And thanks for the thoughtful questions.

Question from Gabos: First, The recent hacks will have hurt the Umbrella Network’s reputation: these projects will be more reluctant to use your services. (2)What will you do in order to attract partnerships with projects that are making a significant impact in the industry, that will currently be hesitant to use your services?

Answer: We’ll outline our plans in the proposal. But we have a plan that will open source all of our software, and build community-based governance, strategy, planning, etc. We think these aggressive transparency initiatives will turn the tide for us.

Please wait for the proposal as that will also have lots of opportunities for those in the community

Question from Gabos: The recent hack has caused a sufficient dent in the partnership funds (and the treasury?), funds that were supposed to be used for growth purposes. (3)What specific consequences does this have to form partnerships in the future? (4)Will you consider securing a series B funding?

Answer: pending the proposal, we may be using Team Tokens instead of the Partnership Funds. So this might not be an issue.

Yes, we are open to another private round.

Question from Gabos: You have the technical solution to scale up massively. Having followed the progress closely this last year, I cannot help but think that scaling up the organization in concordance with the ambitious plans has become increasingly difficult since the end of summer ’21. This often leads to the (quality-)problems and challenges you’ve been facing recently. (5)In retrospect, was venturing into blockchain gaming while the organization hadn’t been properly scaled up yet a good decision? (5 1/2)Perhaps Sam’s prolific character caused you to ‘drop the ball’ in maintaining the quality on the things that were already in place a little?

Answer: Actually, I believe it is the opposite. The code issues happened back in August 2021 when we were a lean team. Since then, we’ve grown the team considerably and are better able to meet the aggressive deadlines and roadmap.

We have not ventured into the blockchain gaming market as mentioned in the first part of the AMA. And I have never been actively involved in the coding, testing, and deployment of code. This was the result of non-adherence to the development and deployment process that are defined at Umbrella Network.

Having said that, of course, I take this responsibility seriously. And I will be actively involved in defining far more secure processes for our product development process. We will also invite external experts to assist us.

Question from Gobos: Lastly, I advise you to be vigilant around installing the Security Subcommittee (or installing it as a temporary solution at most). I understand the recent hacks are forcing you to implement quality inspection, especially as you work with external parties and/or freelancers. But no decent employee/worker wants to have their work checked, and I don’t consider Miguel (just an example) as the kind of guy who wants to continuously check others’ work. In my experience, this will either cause irritation or will not be done properly over time.

Answer: We will take this into consideration. The team will do whatever they need to do to ensure the future security of the product and project regardless of whether it’s something they enjoy doing or not. They are committed to achieving the mission they signed up for.

Q6. Hey Sam & John. Here’s some questions from a community member who couldn’t make it:

1. What are your plans for the rest of the year?

2. Where don we stand with DPOS?

3. How will the bear market affect the token unlocks for the team? Does it make things difficult from a financial perspective?

4. Did the recent exploit change your view on current audit policies and what is done to make sure this will not happen again?

5. Is Umbrella still a financially strong organization?

JOHN CHEN:

Hey Kierran Questions 1 and 2 will be addressed in our upcoming proposal to the community. For Q3, we’ve already factored in the current market conditions so have plans in place. The team will be able to continue working on the project. Q4 we addressed in our update statement to the community and that plan is already being executed. Q5 I think Sam has answered.

SAM KIM’S CLOSING STATEMENT:

Thanks everyone for joining in today, and thank you for being a member of our community. We value your time, energy, input, and everything else that you do. We’ve been working on this project for close to 20 months now. From going live on 6 major mainnet and counting to providing thousands of data feeds at incredibly high refresh rates, to rolling out our random number generator, unique options pricing solutions, and our newly launched Passport beta, among others, we are incredibly proud of what we’ve achieved. Arguably more progress than any other oracle in the market today.

It’s unfortunate that a mistake from August 2021 caught up with us now while we were in the process of reviewing all of our codebases. But it’s on us as a team that this happened. This has been a significant hit to the project — there is no denying that. However, we still strongly believe that the base product and underlying tech are sound and have great potential. We still deliver 4,000 data feeds with the highest frequency of updates. We’re able to FULLY support more networks than any other oracle.

As alluded to previously, we are working on a proposal to submit to you guys before we pursue an aggressive action plan to realize Umbrella’s potential. While there have definitely been some setbacks, we’re excited to present to the community some fresh ideas that we are now working on that we feel can propel the project in the right direction. We look forward to sharing this with you and getting your feedback.

***AMA Concluded***

Join the discussion on Telegram at https://t.me/umbrellanet

About Umbrella Network

Umbrella Network is a scalable, cost-efficient, and community-owned oracle for the DeFi and blockchain community. Its Layer 2 technology uses the latest advances in Merkle tree technology to write multiple data points on a single on-chain transaction, so it allows for batching data to smart contracts accurately, securely, and inexpensively.

Umbrella believes a community-owned oracle is not only possible but essential to creating a truly decentralized financial system.

Stay ahead of our latest updates. Follow Umbrella on:

Telegram| Twitter | Announcements | Website | Governance

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store