Tensions Rise Between SushiSwap, Lido Over Return of Exploited Funds
Tensions between two popular decentralized financial (DeFi) projects have reached a breaking point as crypto exchange Sushiswap and Ethereum staking protocol Lido await the result of a contentious vote to return stolen crypto to Sushiswap.
It’s a situation involving a multi-million dollar hack, a crypto Twitter battle and weeks of decentralized governance theater. DeFi projects have long faced mainstream skepticism due to the prevalence of hacks and the shoddy decision-making of the decentralized organizations that operate them.
Both issues were on full display in recent weeks as Sushiswap began an effort to recover funds it lost in a $3.3 million hack, only to get thwarted by the tricky politics of Lido’s governing body, LidoDAO. A second attempt is ongoing, but looks to be headed toward defeat.
Sushi recovery effort
Due to the nature of Sushiswap’s April exploit, the majority of stolen funds were directed to a Lido vault contract that automatically distributed it to Lido stakers and node operators. No one’s trying to claw that money back, but the 40 ETH (~$72,000) that landed in Lido’s treasury appears to be the most easily recoverable. It’s this chunk Sushiswap wants returned.
As a show of support for Sushiswap’s recovery effort, LidoDAO put forth a governance proposal on May 4 to vote on whether or not to return the 40 ETH from the LidoDAO treasury to Sushiswap.
The vote saw the majority of Lido token holders cast votes in favor of returning the funds, but the vote fetched only 44 million votes, shy of the 50 million votes required to reach quorum.
On May 18, LidoDAO put forth a second governance proposal on whether or not to return the funds. The proposal’s voting period closes Thursday, May 25.
So far, the new vote has seen even less participation – and the majority of voters flipping to ‘no action’ – stoking tensions between the two projects as the prospect of the funds getting returned appear dimmer.
‘Code is law’ or theft?
After the failure of the first vote, Sushiswap’s Head Chef Jared Grey took to Twitter to call Lido’s actions “theft.”
“Unfortunately, as we’ve worked with the Lido team to find a way forward to return the stolen funds they’ve disbursed, several personalities have made the argument Lido has no duty or authority to return them, essentially greenlighting the distribution of stolen funds to multiple Lido DAO participants,” tweeted Grey.
Grey also accused Lido advisor and pseudonymous DeFi user Hasu of leveraging DAO procedures “to obfuscate and impede” the process of returning the funds.
However, the Lido camp says Grey is too quick to cast blame.
“Many of us feel we’ve done everything we can to help them in the face of legal threats to fellow contributors, under a situation where they’ve made a series of careless and sloppy mistakes,” said a Lido contributor who requested not to be named. “For them to take such a disingenuous and pointed stance on Twitter like this is really disappointing to see.”
The Lido contributor alleged that Sushiswap didn’t properly audit the smart contract that was subsequently exploited and that Grey used misleading language to imply that Lido’s treasury received considerably more ETH than it did. Grey did not immediately respond to a request for comment.
Another twist in the saga revealed that the hacked wallet in the Sushi exploit is Ethereum address sifuvision.eth, belonging to a fund run by pseudonymous crypto personality 0xSifu. 0xSifu was the treasurer of failed DeFi project Wonderland and was later revealed to be a former executive of the Canadian crypto exchange Quadriga, which collapsed in epic fashion in 2019.
Both projects have faced regulatory woes this year, with Sushiswap revealing they were subpoenaed by the Securities and Exchange Commission (SEC) in March. LidoDAO, the decentralized autonomous organization behind the Lido staking protocol, was rumored to have received a Wells Notice by the same agency in March, which a spokesperson for Lido at the time declined to confirm or deny.