Compensation Plan to Affected Users from Precision Loss Attack on xBank
Dear Community Members,
Last week has been incredibly tough for us. A project that we had been working on for over two years, xBank Finance, was exploited through a Precision Loss Attack, which you can read more about here.
Since we’ve launched xBank two years ago, it was during the depth of the bear market. We bootstrapped the development and operating expenses with our own fund, did not launch a token, and have not made any income (i.e., there was no protocol fee collection) from the project. While we are just as devastated as you are, we believe in making things right, and would like to try our best to support our users who were affected by this unfortunate event.
To show our accountability for this event, we’d like to share with you our compensation plan for the community:
Compensation Plan
A significant portion of xBank users engage in airdrop farming. While this practice is prevalent, we acknowledge the presence of users leveraging multiple sybil accounts to maximize the potential zkSync’s airdrop.
Our compensation plan is guided by the principle of prioritizing the most affected users. Hence, we categorize affected users into two groups based on their net account value (Account’s Deposit minus Borrow Value):
Category 1: Depositors with net value < $100
# of accounts: 112,495 accounts
Total Value: 191,729.3483 USD
Category 2: Depositors with net value of $100 & over
# of accounts: 694 accounts
Total Value: $389,273.813
Our compensation plan will be divided into two seasons, and each season will prioritize different groups of users:
Season 1:
For season 1, we will be distributing $100,000 in USDC for category 2 users — Depositors with net value of $100 & over. Our rationale to prioritize category 2 for season 1 is that users in this category are likely individual airdrop farmers rather than professional airdrop farming operators. Therefore, they were more impacted on a relative basis from this event. Also, if an individual user had less than $100 of net value, we hoped the amount is small enough compared to their overall portfolio sizes.
The $100,000 USDC will be split proportionally based on the users’ net account values. This means that users in this category will receive around ~25% of their net account value back. Category 1 users — Depositors with net value < $100 will not receive any compensation in season 1, but will be prioritized in season 2.
Season 1 Summary:
Compensation: $100,000 USDC
Prioritized Users: Category 2: Depositors with net value of $100 & over
Timeline: By 31/05
Please note that for Season 1, we’ve made the decision to cease the distribution of $PYTH rewards from airdrops. Instead, we will allocate these funds, along with contributions from the team’s personal pockets, towards compensating our users.
Season 2:
For season 2, we are committed to distributing 100% of the zkSync’s airdrop and the recovered fund, if any, to our users. In this season, the distribution priority will be as follow:
- Priority #1: Category 1: Depositors with net value < $100 will be prioritized, where we will distribute funds to the these users to make them whole.
- Priority #2: Any remaining funds will be distributed to make users in category 2 whole.
- Priority #3: Lastly, any remaining funds will be distributed to esXB holders.
Season 2 Summary:
Compensation: 100% of zkSync’s Airdrop and any recovered fund
Prioritized Users: Category 1: Depositors with net value of $100 & over
Timeline: TBA (pending zkSync’s airdrop)
Update on Exploiter
The exploiter unfortunately chose not to cooperate, so now we can assume he’s a blackhat. We are currently tracking his wallet, and while he has not moved the exploited funds, all hope is not lost. Once the exploiter starts moving funds, he will leave more trail, where we can get leads to uncover his track and identity.
Again, here is his wallet address: https://debank.com/profile/0xfa9d342a222f1e1052a9eea73d35e4eeba045729
We’re in touch with Seal 911, a team of security research, who is helping us keep an eye on the exploiter. Exploiter, if you’re reading this, it’s not too late to return the funds. Otherwise, mark our words, we will make you pay. You will spend the rest of your life running, and you will one day be eventually tracked down
