[bisq-network/proposals] Reimburse the victims of the April 7 security incident from future trading fee revenue (#204)

wiz notifications at github.com
Wed Apr 8 14:02:10 UTC 2020 

> _This is a Bisq Network proposal. Please familiarize yourself with the [submission and review process](https://docs.bisq.network/proposals.html)._

### Protecting Bisq's perfect reputation

Nobody has ever lost any funds trading on Bisq, and we can't let this security attack mess up our perfect reputation. Over the past 12 days, approximately 3 BTC and 4000 XMR was stolen from 7 different victims on the XMR/BTC market, and I feel we should reimburse them.

### Current victim list

This is what we believe to be the victim list right now, but it will take another 10+ days to know for certain. The final list will be posted with full TXID and other details for public verification later.

```
Victim Onion            BTC Stolen  XMR Stolen
-------------------------------------------------
5n3mebt3rn3mewpz.onion  0.14000000  532.9310642
5f4wdwjruxauizpc.onion  0.60000000  507.4137509
yqdw6riz3l2l7t42.onion  0.30000000  260.12470378
zyeelafxvahizpm7.onion  1.00000000  1007.316807
zp4jmknswfzxbamd.onion  0.89000000  1467.40859
TBD                     0.30000000  246.51702261
-------------------------------------------------
Total                   3.23000000  4021.71193756
```

### Proposal

I propose that the DAO repay the victims of our recent security attack from future trading fee revenues as follows:

- Allocate 10% of monthly DAO budget to repaying the victims back for their loss
- That 10% (6000 USD worth of BSQ in a 60,000 USD / cycle budget) gets issued to someone playing this specific role (the "make 'em whole role"). The role owner requests this BSQ in a compensation request like any other.
- The role owner then sells that 6K worth of BSQ for BTC over the coming cycle in as prudently a fashion as possible
- At the end of the cycle, the role owner then broadcasts a batch bitcoin transaction paying out the BTC to the 7 victims in proportion to their loss. The BTC is sent to the bitcoin address that each victim used to pay their security deposit in the affected transactions.
- Repeat this process for as many cycles as necessary until all victims are paid back.

### Considerations

- We can adjust the % depending on how stakeholders feel
- We can adjust the budget as revenues increase over time

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/204
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20200408/52046258/attachment.html>

More information about the bisq-github mailing list