In the past 8 weeks we have been working day and night, collaborating with a wide range of parties from partners to security firms to create Malda’s recovery plan: Operation Phoenix. This recovery plan outlines how we will make affected users whole again, while laying the foundation for Malda’s long-term success.

We would like to express our gratitude to the community for their patience and trust, as well as our partners for their continued support and advisory behind the scenes.

This is a recap of details covered in the livestream, where we introduced Operation Phoenix.

Operation Phoenix

The recovery plan strikes a delicate balance between three critical priorities; make affected users whole, fund a comprehensive security upgrade and relaunch in a timely manner. The goal is clear - relaunch as soon as possible, facilitate a successful recovery and position Malda for long term sustainability in the DeFi ecosystem.

Operation Phoenix is phased as follows:

Enabling Access to Remaining Funds in Malda

Why was the protocol paused until now?

Firstly, the attacker still holds a fake position on Malda which can be used to further exploit funds out of the protocol. Secondly, we want to suggest a fair, pro-rata distribution of remaining funds.

This can be verified by querying getAccountLiquidity on Malda’s operator contract for the exploiter’s two addresses: 0xb1e2c543035dc0ca845f91aec68f8a891ea5d74f and 0x6af48ed89d4e2693c5ef6017413c6465009f8004

The Process

The process begins with a Snapshot vote on the week of July 28th for all users affected. Their vote weighting is scaled based on the USD value of their deposits at the time the protocol was paused. The vote will have a 25% quorum. If the proposal passes, which will be live for a few days, the extraction begins in the outlined way promptly. As soon as extraction is complete, fund are distributed as per voted-on process.

Why do we need a vote at all?

These funds are community-owned, meaning the method of retrieving and distributing them must be decided by the owners themselves. A Snapshot vote gives affected users the ability to determine how to proceed.

The Voluntary User Recovery Fund

The voluntary user recovery fund is set-up to assist users impacted by the ~$285K exploit. It is funded from future protocol revenue, sourced from three potential channels:

• Fundraising – Any investments & capital deriving from fundraising we raise, will be prioritized as contributions to the voluntary user recovery fund to help make affected users whole.

• Future Airdrops – As active builders in multiple ecosystems, Malda is positioned to benefit from several upcoming airdrops. As any such airdrops Malda receives will contribute toward the voluntary recovery fund.

• Protocol Fees – The fees generated by the Malda protocol (ie: borrowing fees) will be set aside and reserved for the voluntary user recovery fund until the process is complete. This stream begins accumulating immediately after the relaunch. The more the protocol is used, the faster we can direct meaningful value toward affected users.

We will utilize these source as soon as they become available to facilitate making users whole again as quickly as possible. Distributions will be made in USDC, based on the USD value of user positions at the time the protocol was paused.

Malda Points & the Loyalty Multiplier

Affected users will also receive Malda Points as if they had 2x positions in the protocol from the moment of the incident until recovery is completed.

Those who choose to redeposit into Malda after relaunch will be eligible for an additional 2x Malda Points multiplier (making the final multiplier 4x) as a loyalty bonus on the points above, to acknowledge their patience and continued support.

To be eligible for this bonus, a position valued at least 15% of the amount that was recovered should be live for more than one week.

From Relaunch to Recovery

If we shifted all resources into recovery now, relaunch would be delayed by multiple months. As the community also flagged, competitors are moving into the same niche as Malda. Delays in relaunch risks killing momentum and jeopardizing Malda’s competitive position, which was a key factor in our decision to accelerate relaunch as much as feasible without compromising security.

Relaunching isn’t just about optics, it’s what unlocks revenue, growth, and ultimately, user recovery itself. Benefits come in manifold:

• Linea ecosystem momentum - Tap into the wave of growth coming with anticipation around an airdrop.

• Laying the foundation for funding - With the protocol live and re-audited, it's far easier to attract strategic capital, grants, or partnerships. This is the catalyst which funds operations and the recovery plan.

• Revenue generation and monetization - Protocol revenue is another stream of income that can be funneled towards voluntary recovery fund as needed. Delaying launch delays revenue generation that is a key indicator for investors to make investment decision.

• Securing position in a competitive market - The money market space is competitive, and timing is critical. Relaunching early ensures we’re ahead of competitors and well-positioned to capture users, liquidity, and visibility with the spotlight on Linea.

• Supporting Early backers - Relaunching minimizes the risk for our early backers including Governance Round participants, the MENDI holders and those awaiting the TGE. These groups are depending on the protocol being live again to unlock the upside they supported early on.

Security

The core lending logic and ZK infrastructure of the protocol remain secure. While the exploit was isolated only to the migrator contract, we’re committed to going above and beyond to rebuild trust and restore user confidence.

New, extra security measures for relaunch:

• A new audit with Sherlock, starting on July 24th

• Launching a Bug Bounty Program post-launch

• New integration of Hypernative Security Oracle

We are not only relaunching, but coming back stronger than ever before. A well-audited protocol is essential for attracting new users. While our existing community understands the incident and our recovery efforts, new users will judge Malda based on how we securely we re-enter the market.

Relaunching with another credible third party validation is key to building trust, expanding adoption, and driving long-term growth.

Q&As

Why did it take this long to hold the livestream?

In the past 8 weeks we have been working on securing a relaunch that advances the interest of all key stakeholders. These required negotiations, which always slowed down by legal and financial complexities, and we couldn’t move at the speed we wished we could.

The outmost importance for us was feasibility, to not cause any unintended damage for governance round participants or Mendi stakers.

How will recovered assets be re-distributed to users?

Recovered assets will be converted to USDC and distributed proportionally to affected users. There are 2 main arguments for this:

1. Voluntary Recovery Fund is funded by stables, it cannot account for market volatility

2. Existing borrow positions for users cannot be recreated.

Other protocols in similar situations also followed the same method.

Will users receive any kind of incentives for the idle time of locked funds?

Yes. Affected users will receive Malda Points as if they had uninterrupted deposits in the protocol from the time of the incident until recovery is complete, with a 2x bonus.

Those who choose to redeposit into Malda after relaunch will be eligible for up to 4x as a loyalty bonus, to acknowledge their patience and continued support.

Will Malda's codebase be redeployed with a clean version?

Yes. The current deployment is poisoned by the positions the attacker created. The codebase doesn’t enable anyone to modify the ledger to remove these positions. The attacker could also be a sanctioned entity which could cause further legal issues down the line, for both the users and for us as developers.

When will the recovery be considered complete?

The recovery will be considered complete once users have regained access to the remaining funds in Malda, paused in current deployment and we’ve generated enough revenue to fully fund the Voluntary Recovery Fund.

This is our top priority, along with relaunching a secure and successful protocol.