A very tough decision.
A moral obligation vs my duty to protect the DAO as a delegate.
It is also a lose-lose situation and we need to chose the lesser evil.
So I am voting No on this proposal.
While I have sympathy for the user’s loss (truly), I believe approving this sets a dangerous precedent for the DAO.
-
Finality is necessary: The exploit happened over 18 months ago. The DAO already ran a compensation program and successfully closed it. We cannot leave the treasury open to liability indefinitely.
-
Security risks: As mentioned in the proposal, refunding this now creates a loophole where someone could intentionally trigger an old approval today just to claim a refund from the DAO. We can’t verify if a hack is genuine this long after the fact.
-
User responsibility: DeFi requires active monitoring. It is unfortunate the user missed the notifications, but it is not reasonable for the DAO to cover losses for users who haven’t checked their approvals in over a year.
We need to respect the deadlines established in the previous governance votes.