Recent Events and Forward Strategy - What Happened?
As most of our community will be aware - It appears that on Saturday, 6th April, the deployer wallet in control of the veRELAY and lottery contracts had the ownership changed and a new proxy deployed. This gave opportunity for an unknown actor to sell over 1,000,000+ RELAY tokens into the market. Included in the 1m+ RELAY sold, were tokens held in the veRELAY staking pool. Since the event, we have been working tirelessly to find the root cause. Unfortunately, we cannot provide a foolproof answer on how this unauthorized actor gained access to the deployer wallet and sold the token, but we are actively looking to find more information. The following security measures were installed and validated by our team:
-
Communicating secrets through an encrypted channel, i.e. auto time deletion secret chats on telegram, encrypted with 7-zip SHA256
-
Keep secret sharing only to those involved directly with the development of the project
-
Deletion of secrets upon fulfillment of use
What did not happen:
-
send secrets over unencrypted channels
-
tell secrets to an unauthorized personnel
-
Deliberate theft of funds by dev employees. (All dev employees are known, doxxed, legally hired, and have background checks).
Our Response
Our team has undertaken several proactive measures to address the situation and mitigate potential risks. Our CTO has led efforts to review and reinforce our security practices, ensuring that all team members are well-versed in adhering to best practices for safeguarding sensitive data and project assets. We are currently holding internal discussions to foster a deeper understanding of the incident and identify any overlooked vulnerabilities. As soon as we receive any intel on the identity of the actor and how the attack happened, we will update the community as soon as possible.
Moving Forward Understandably, our community wants answers (and so do we)
Although in the dark, we want to bring light into this situation and provide a moving-forward strategy for our community. This event has served as a catalyst for introspection and refinement. As we continue to investigate the root cause of the incident, our primary objective is to regain the trust and confidence of our community and stakeholders. We are optimistic about the future trajectory of Relay Chain and remain steadfast in our commitment to transparency, integrity, and excellence. We aim to carry out the below efforts to maintain the safety and security of the Relay token and project; Enhanced Security Audits: Conduct comprehensive security audits of our smart contracts and infrastructure to identify and address any vulnerabilities or weaknesses.
Continuous Monitoring: Implement robust monitoring and alerting systems to promptly detect and respond to any suspicious activities or anomalies.
Education and Training: Provide ongoing education and training sessions for team members to reinforce security best practices and raise awareness of potential threats.
Community Engagement: Maintain open channels of communication with our community and stakeholders, providing regular updates and insights into our security efforts and progress.
Collaboration and Partnerships: Forge strategic partnerships with reputable security firms and industry experts to leverage their expertise and resources in fortifying our project.
Clarification/TLDR
No Deliberate theft of funds by employees.- A relaunch is planned
-
RELAY buys actioned near the 1M RELAY sell will be refunded (Except any buys involved were malicious upon review)
-
All Relay tokens that were taken from our staking community will be redeemable 1:1 upon relaunch (more details to come).
-
Liquidity from the trading pool on CamelotDex has been drastically reduced. This aims to stop any large amounts of relay tokens from being sold into the market.
We aim to turn this negative into a positive for the project and community. We are currently in discussion on the most appropriate way to relaunch the project and how that would look. We will do our utmost to provide transparency to our community with regular updates and communication.
We appreciate the patience shown by our community at this time.
Relay Team.