CBDAO Exitscammed: Moving Forward as a Community
BREE as we know it is dead. All resources are purged, the devs rugged. CBDAO is no more.
This morning, one of the admin wallets exploited a backdoor in the Synthetic Bree (SBREE) token contract. They minted 50,000 SBREE, converted to BREE, and dumped onto the open market. Here is the mint, and here is the activity of the dev wallet. The original sale funds (roughly $1 million in ETH) are also as good as gone.
Myself and many others uncovered the identities of the developers in early August (shortly after the sale), and the CBDAO team members were aware of this, so it seems quite irresponsible to go for such a blatant rugpull for such a paltry amount of ETH. The 50,000 sold translated to under 200 ETH received by the attack.
Fortunately, law enforcement has already been contacted, as have the exchanges and firms that did business with CBDAO (Binance, Bittrex, Poloniex, Etherscan, Somish labs). As information has been compiled and delivered to proper authorities, I will not spend time here to dox the suspects or divulge compiled information. There are many BREE holders working on compiling more information.
Why Rug?
Given that the team waited for the coin to bleed from $50 to under $4 and pulled the plug in order to secure (only) an extra $60,000 is quite sloppy. Prior to the pull, the team had been developing the project and meeting deadlines. They recently hired new team members and pushed a new website the night before the attack. Deadlines were met and their contracts worked.
It doesn’t really add up. The Bree community has proposed three possible scenarios to explain why things unfolded the way they did:
- Malicious developer hid a backdoor and executed the attack as a solo inside job.
- Team had a falling out (we suspected three core team members taking on the ‘Coinbreeder Daniel’ persona) and one members decided to pull the plug on the others.
- This was a larger, more sophisticated attack that also involved the multiple CBDAO scam-forks (ybdao and hatchdao).
Moving Forward: Community-led CBDAO Spin-Off
Until more information is compiled and investigations put these guys behind bars (which they will, they are already well doxxed) I believe the best thing the community can do is band together to rebuild the project on our own.
Originally, I made the case for Governance-as-a-Service, the (woefully unfulfilled) niche that CBDAO attempted to penetrate. The content of the original article still holds up, so spend some time there if you’d like to learn more about what Governance-as-a-Service is and why it’s such a big deal.
To summarize, GaaS is the business of bootstrapping the governance of new DAOs so they can launch sans failure right out the getgo. It’s a sorely needed service and it’s something the large, passionate BREE community can still work together to provide.
In essence, we the core of a GaaS token would look like a treasury governed by token holders. New DAOs would partner with us with some agreed upon allocation of tokens to our treasury. We participate in their DAO and whenever a vote is broadcast, we reach consensus on our response to the vote and signal a unified vote with the treasury tokens.
In this model, new DAOs bootstrap their governance and participation with an active, experienced DAO community and we can build and govern an ever-growing treasury of allocated tokens.
The core of CBDAO has always been the community, not the code, and this is something that is still very much achievable.
How do we get there?
Of course, going from a disgruntled group of rugged bagholders to a “Governor of DAO” of our own is not an easy task by any means. Here’s the steps I envision need to take place, and what can further manifest in the future:
Airdrop to all BREE holders at time of rug
New token (to be named) airdropped 1:1 to every address holding BREE onthe block of the SBREE mint. We can use Etherscan + snapshot analytics tools to get the associated balances of every address staking, holding, and providing liquidity. Anyone who bought BREE after the rug will receive nothing, but wallets who sold after rug are still eligible. There are several concerns to work out:
- Which wallets are connected to the team or have received tokens from the team (we will want to blacklist these)
- How can we make this fair to Liquidity Providers, who also lost an equal part ETH (2x airdrop for LP? Or other incentive)
- How can we make this fair to stakers, who were unable to dump their tokens for a bit of ETH back, and also showed greater faith in the platform (1.2x airdrop to stakers? Or other incentive)
- Should SBREE holders who did not yet convert receive an airdrop?
- Is it better to airdrop to every eligible address or make it opt-in? So only those that pass a basic “Litmus test” of commitment are rewarded.
Set Up Multi-Sig Admin Keys
Put the token contract in the hands of hands of community members that agree to participate as multi-sig holders. Multi-sig means that a majority of key holders need to cooperate in order to perform activity to the contract. This activity would include minting additional tokens and governing the treasury (explained below). Things to consider:
- How many key holders are we looking for? 2-of-3 5-of-9? 11–of-21? More?
- Should key holders dox themselves to participate?
- Are there other trusted figures in the community to bring into the multi-sig?
- What is the plan for participants who want to exit the community and no longer play the role of a key holder?
- Should this be in place before the airdrop, or transfer control after?
Create a Snapshot.page for Governance Voting
CBDAO wanted to build their own governance dashboard ground-up (dumb). Yearn, Rarible, Yam, and many others just use snapshot.page which is easy to interact with and enables off-chain voting with wallet signature and Metamask Connection.
With governance in place, community members can vote on how they’d like to steer the project. This could include additional minting of tokens to sell in order to generate ETH for liquidity and to onboard developers. Tokens could be minted for liquidity mining. Other strategies can be proposed and voted on, and the community can similarly vote against minting additional tokens.
- What will the standard for voting looks like? This looks like standards for quorum requirement, majority threshold, and voting time.
Raise Funds
Through governance voting, we will need to determine a mechanism for fundraising. We need funds to onboard developers and provide sufficient market liquidity. Marketing and BizDev may also benefit from funding. Questions to be addressed:
- How many tokens sold and at what price?
- Will it be a traditional sale or will we use some alternative method (delegated vaults, for example)
- Can we allocate additional tokens as a dev bounty?
- Should we forego fundraising altogether and work on a volunteer basis?
Website, Official Channels, etc.
Of course, we’ll need a website, Telegram, governance forum, Discord (?) to start. A litepaper or gitbook of some sort is also important. We’ll want a pitchdeck of sorts to help with reaching out to partner DAOs.
BizDev
With all the infrastructure built, it’s time to do the Governance-as-a-Service. Ultimately, this comes down to our passionate community reaching out to prospective projects about working with us to bootstrap their governance and community participation. This may include commissions for community members that introduce successful partnerships.
Consulting and Advising
On top of the base Governance-as-a-Service, our members may also be able to further assist partner DAOs as a more comprehensive “incubator” program, where we can help with their materials (website, articles, documentation, etc.) and strategy (community engagement, book building/valuation, launch platforms, etc.)
Sandbox
This is really the main part of the equation we’re missing from CBDAO. If we make it this far, why not utilize resources to build out the sandbox initially envisioned?
If we make it this far, that means this idea was a raging success.
Final Thoughts: It Takes a Village
Communities banding together around a good idea after the team scams is not unheard of in crypto. With that being said, this can only work if we get active support from many of the active BREE community members.
We have an opportunity to turn this into something special and actually build out a working DAO. The community is the hard part- we’ve got that. There’s still a possibility here to do something really impressive.