PIP-59: Proposal for Returning 40.203 wETH to Bybit (After 10% Bounty Deduction)

Perhaps this discussion should serve as a trigger for exploring a fully decentralized revenue distribution mechanism.

Beyond preventing similar cases in the future, this would also align with the core principles of DeFi by minimizing trust assumptions and human intervention in fund management.

3 Likes

Code is law

Not paraswap mistake, we shouldn’t pay the price for bybit mistake

and I agree we should also propose a change on fee distribution and automate the distribution daily.

3 Likes

Could we try aligning our position with Uniswap? They also appear to be similarly exposed.

I find this discussion to be very healthy and interesting, and I appreciate the level of thoughtfulness and engagement from everyone !

My 2 cts

I think it would be wise to freeze the funds for the time being. This will give us the opportunity to have this discussion calmly and thoroughly, without feeling pressured by a tight timeline.

Before any funds are sent, the identity of Bybit must absolutely be verified. At this point, we do not have sufficient proof that the proposer is truly representing Bybit.

I will probably be voting against this proposal.
Ultimately, Bybit is responsible for its own security and should have taken the necessary precautions to protect its assets. It’s their investors who should bear the cost of their security failures, not us. ParaSwap and its community should not be expected to cover for their mistakes.

4 Likes

When we mentioned legal implications, we were referring to the potential legal consequences for delegates and token holders who vote to retain profits from an NK criminal organization. Each delegate must be aware of the legal implications in their jurisdiction or where their company is registered.

Code is law, but in Paraswap’s code, governance has the power to vote on this proposal and decide whether to keep funds originating from an organized crime group in a restricted country under multiple jurisdictions. Therefore, you cannot argue that “code is law” to justify keeping these funds under your country’s court if you had the ability to return them.

As some community members have mentioned, it’s worth decentralizing this aspect so the DAO doesn’t have to make these decisions. In the meantime, a proposal describing a framework for handling these requests could be a good approach, forming a group to investigate them, with the part affected by the hack being required to fund the group in advance using their own resources.

1 Like

I agree with your vision.

1 Like

Was that a threat? WTF…

1 Like

Your argument suggests that delegates and token holders could face legal consequences for keeping the funds, yet there is no precedent of regulators enforcing such action against DAOs in similar cases. Coinbase kept the MEV fees from the Curve exploiter and faced no regulatory burden despite calls to return stolen funds. Why should Paraswap DAO be treated differently?

More importantly, why should a DAO be punished for a CeFi security failure? Bybit’s security was compromised, yet now the burden is shifting to a decentralized protocol that had no role in the incident. This sets an unsustainable precedent where DAOs are expected to compensate for CEX failures, effectively turning decentralized governance into a backstop for centralized risk.

If the concern is legal exposure, then the logical step is not an ad-hoc refund, but rather a structured, decentralized framework for handling such cases. I support the idea of requiring the affected party to fund an independent investigative process upfront, rather than placing the financial and governance burden on the DAO. That is the only way to ensure fairness and prevent DeFi from becoming an extension of CeFi’s risk management.

2 Likes

This is a case of choosing between morality and legality.

From a moral stand point, returning the said funds after deducting associated cost is the way to go especially when Paraswap DAO has benefited from similar recovery activities during the March 20th, 2023 Augustus V6 exploit.

From a legal stand point, Paraswap protocol acted autonomously as designed and provided a legitimate service which earned it the said funds. Moreover, a refund will create a precedent for future occurrence and might make the DAO liable if it chooses not to intervene in such events in the future.

Conclusively, I think Bybit’s request of full refund is not reasonable and selfish. They are asking the Paraswap DAO to incur direct loss as a result of the cost incured while processing the transaction and further costs associated with the proposed refund.

Instead, I suggest that the proposal be amended to 80% refund and 20% bounty for the DAO. However, we need to follow up with legal procedures that prevents similar intervention in the future.

1 Like

Your points are valid as one side of the debate. However, as pointed out by @Argonaut:

if we refuse to return the funds, delegates and some token holders—along with @Laita (Paraswap Team)—could face legal consequences. This is especially concerning since we lack clear rules both from a legal perspective and within the DAO itself. It’s easy to say “code is law,” but I don’t want to put myself or others in a situation similar to that of the Tornado Cash developer.

Mentioning the Coinbase case is relevant, but how can we be certain that Coinbase won’t face legal charges in the future? Even if they don’t, how do we know our case won’t be prosecuted? Bybit has sufficient resources to potentially take legal action.
We should note that the Curve exploiter returned the stolen funds, and that case is nearly settled. However, in our Case, the bad actor is from one of the most sanctioned countries and has already completed the money laundering process.

Ultimately, handling this situation is a trade-off between two options:

  1. Potentially facing legal charges in the future while maintaining Paraswap’s neutrality.
  2. Mitigating legal risks and working to fix the system to avoid setting a precedent for future cases.

When it comes to fixing the system, simply creating a DAO framework may not be sufficient. We should focus on automating the system and minimizing governance interference as much as possible to reduce the DAO’s workload while maximizing neutrality. As mentioned by @Ignas here and other community members, the best and most neutral approach is through tokenomics.

If we can automate revenue distribution over shorter periods instead of the current full epoch, along with implementing other necessary changes, we can maintain the system’s neutrality while preserving revenue and avoiding potential legal consequences.

Until then, given the lack of legal clarity and the absence of a clear framework for handling such situations within the DAO, it would be wiser to avoid unnecessary risks, learn from past mistakes, and focus on improving the system.

Regarding the Bounty:

Bybit expects a full refund at no cost.

Based on Bybit’s announcement here, I believe we are entitled to a 10% bounty. The Bybit proposer should confirm this in the proposal and verify ownership of Bybit’s address to ensure the funds are properly returned to them.

1 Like

We should take this discussion to the public and seek legal counsel. This isn’t just about Paraswap, the entire DeFi ecosystem is at stake. Today, Paraswap represents a much larger fight: Will DAOs be forced to cover CeFi’s failures, or will we defend DeFi’s core principles?

Bybit’s case is setting a dangerous precedent where centralized entities can pressure DAOs into returning funds at their discretion. If we allow this now, what stops future cases from forcing similar interventions?

Instead of bending to pressure, we should:

  • Engage with legal experts to establish protections for token holders and delegates.
  • Bring this issue to the media to ensure the broader crypto community understands the long-term risks.
  • Coordinate with other affected protocols to prevent this from becoming a standard practice.

This is bigger than one DAO,it’s about the future of decentralized governance.

A practical solution would be implementing a consent agreement stating that once a smart contract is signed, Paraswap is not liable for any actions taken by the user. This disclaimer should be presented upon accessing the platform, ensuring full transparency.

With expert legal counsel, we can draft clear terms and conditions that protect the protocol and its governance from future liability claims. If users interact with a smart contract under “code is law,” they must accept the inherent risks, just as they do with any other DeFi protocol.

1 Like

We have to be sure and not guessing about “could face legal consequences”. But just return funds is too simplistic for our case.

1 Like

We hear the DAO community’s concerns and want to reassure you — this proposal is legitimate and comes directly from Bybit. Please refer to our X post.

https://x.com/Bybit_Official/status/1897203207069425795

4 Likes

Things evolve over time, as well the regulatory/laws landscape.

I’m currently not advocating any course of action for now, I’m just stating that the DAO should seek legal counsel on this matter and have (maybe not for this specific case), a proper framework on how to deal with situations like this.

1 Like

Thank you @Bybit for confirming the validity of your post. With this clarification in place, it is now essential to ensure that the remaining key points are also fully addressed.

Without proper cost recovery acknowledgement and a legal release & indemnity, the DAO could be exposing itself to future legal and governance risks. These steps are not just procedural but fundamental in safeguarding the DAO from potential future liabilities.

To move forward responsibly, I encourage further alignment on these outstanding points so the DAO can proceed with confidence in structuring and preparing proposal for community vote.

2 Likes

I want to reiterate once again: under no circumstances should we rush to return the funds immediately, as this would cater to CEX interests at the expense of DeFi philosophy. However, the controversial origin of these funds cannot be ignored, given the significance of the hack for both the DeFi and CEX sectors.

I also want to emphasize the consequences of holding/receiving these funds in your wallets. Even a tiny fraction of these assets will impact the rest of your holdings, complicating matters or even leading to the blocking of your account on any CEX where you attempt to transfer them. Your previously flawless AML score could be compromised.

Therefore, these funds must be frozen in a separate wallet (we have to vote only for this), and a broad discussion should be initiated to align our position and next steps within the legal framework. Additionally, coordination with other key players—such as Uniswap, which also appears to have been involved in the exchange of stolen funds—should be considered.

Unfortunately, any simple solution would be the wrong one.

2 Likes

I don’t see where there is an issue or even a consequence of receiving those fund. Paraswap offers a services, it’s not money laundering, it’s just swap that are 100% traceable.
It’s like you are saying that your local baker, who sold pancakes to a criminal, must return the money because the money was coming for criminal activities. That doesn’t make sense.
And I’m pretty 100% sure that paraswap DAO allready gain fees from hacked / illegal fund previously because well, there is no way to tell at the moment of the swap if the fund are illegal or not.
Once again, returning those fund would set a dangerous precedent and will open the door to every single one person who had their found stolen in the past that went through paraswap.

At the end of the day it’s just a moral issue, not a technical or legal one.

I agree though on the fact that we should wait to see Uniswap move and continue this discussion after that

2 Likes

This represents my point of view and not that of SeedGov. I like the examples, but I don’t think it’s that easy to compare this to a bakery. On the other hand, I am not a lawyer, but it seems pointless to debate the morality of each person writing here. The most reasonable approach, in my view, is to hire a legal service (expenses on Bybit), freeze the assets, and proceed to do the right thing (rather than making guesses)

1 Like

As mentioned, if we approve this, are we setting a precedent for DeFi? We have a moral and ethical obligation to protect this space from bad actors.

A DAO profiting from a hack presents bad optics. Returning the funds shows support for another industry player against a sanctioned state actor.

I agree that a legal expert should assess the situation. For now, I support returning most of the funds, minus a proportional fee, with a contract to avoid future legal issues.

This is a valuable lesson for Paraswap and DeFi in general. An automated fee distribution model—such as buybacks, burns, or revenue sharing via staking—could have prevented this headache.

Edit: by “revenue sharing via staking” I mean automated revenue sharing to stakers. From previous enerow comment I understood that those are manual right now.

1 Like

We already have revenue sharing via staking ON

1 Like