Exclusive

DeFiance Capital rescues $13.3 million at risk of being stolen

Quick Take

  • Not only did DeFiance Capital founder Arthur Cheong lose $1.7 million in NFTs and crypto in a phishing attack, but a second wallet was exposed.
  • From the second wallet, the hacker stole more than $720,000 of Lido tokens and had the potential to steal a lot more — but it was prevented.

It’s been a bad week for DeFiance Capital. 

On Tuesday, it was reported that DeFiance Capital founder Arthur Cheong fell foul to a phishing attack by clicking a malicious link in an email. His personal crypto wallet was compromised, losing $1.7 million in NFTs and cryptocurrency. What wasn’t reported is that a second wallet was also compromised, initially losing more than 200,000 Lido tokens ($720,000) of money belonging to the firm.

And worse: it contained a further 3.7 million of vested Lido tokens, worth $13.3 million, that were steadily getting unlocked — which either the hacker or DeFiance Capital could transfer out of the wallet, whoever got there first.

The vesting did, however, provide some respite. Even though the hacker had access to the staked Lido tokens, they could not sell them all because they were locked in a ‘linear vesting’ contract. Linear vesting is a system in which crypto protocol holds funds for a scheduled period and a tiny amount is released with each new block. 

Only a small number of Lido tokens kept getting unlocked at a time. Cheong told The Block that it used flashbots — a messaging protocol that can enable you to get priority when making transactions — to rescue most of the funds that were getting unlocked.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

In an effort to stop the bleeding, a representative from DeFiance Capital by the name of ‘jacob.defiance’ made a governance proposal to the Lido DAO community on voting platform Aragon. As discussed on Lido’s governance forum, they proposed to burn the vested Lido tokens and mint them to a new wallet in the fund’s control.

On Wednesday, Lido DAO members voted to pass the proposal, following which the team burned the entire sum of vested tokens. The tokens will now be returned to the fund's control.

So in all, Cheong and the fund lost more than $2.42 million but saved a further $13.3 million from getting stolen, a small silver lining.

This story has been updated to show that DeFiance Capital managed to rescue most of the funds that were in the process of getting unlocked rather than the hacker.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Authors

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]
Tim is the Editor-In-Chief of The Block. Prior to joining The Block, Tim was a news editor at Decrypt. He has earned a bachelor's degree in philosophy from the University of York and studied news journalism at Press Association Training. Follow him on X @Timccopeland.