Typo Moves $36M in Seized JUNO Tokens to Wrong Wallet
Validators, developers, and token holders grapple with who is to blame for the copy-paste error that moved the tokens to an address no one can access.
JUNO, a proof-of-stake protocol for Ethereum 2.0, lost $36 million worth of its native token after a validator copied and pasted the wrong wallet address while trying to move the funds. The error occurred on June 29th when a validator, whose identity has not been revealed, was attempting to move JUNO tokens from the team’s multisig wallet to a secure address. The validator mistakenly copied and pasted the wrong address, sending the tokens to an unsecured location.
The JUNO team has been working with the validator and other members of the community to try and recover the lost funds, but so far they have not been successful. According to a blog post published by the team on July 1st, the odds of recovering the funds are “slim to none.”
This is not the first time that a validator has made an error while trying to move funds. In March of this year, another Ethereum 2.0 protocol, Prysmatic Labs, lost $10 million worth of ETH when a validator accidentally sent the funds to an insecure address.
It is unclear at this time what will happen to the JUNO team or the protocol now that the funds have been lost. The team says they are “exploring all options” and are “committed to doing whatever it takes to ensure the success of the protocol.”
Juno Proposal 20, which passed with overwhelming community support last week, revoked tokens from Takumi Asano. Asano is a Japanese investor accused of gaming the Juno airdrop to the tune of $120 million in February. It was the first major example to date of a blockchain community voting to alter the token balance of a single user accused of acting maliciously.
Asano had moved his tokens to exchanges Bittrex and Upbit in the days before the vote, but some $36 million worth of them were still held in a wallet on the Juno protocol at the time of the snapshot. That amount was then transferred to an address controlled by the JUNO team after the proposal passed.
The JUNO team says they are now working with blockchain security firm Quantstamp to audit their smart contracts, and they have also hired an external security company to conduct a full security review of their platform.
According to the community vote, Asano ran an exchange service that should have rendered his wallets ineligible for the so-called Juno “stakedrop,” which gave JUNO tokens to stakers on the Cosmos Hub blockchain.
After a delay of a few days, last week’s vote was supposed to automatically run code moving the “gamed” funds – now worth around $36 million – from Asano’s wallet into a “Unity” address controlled by the Juno community.
What is clear, however, is that the movement of the tokens caused the community vote to fail. The code needed to run the transfer of funds from Asano’s wallet required a two-thirds supermajority vote in order to activate – and since many of the votes were cast using Asano’s now-empty wallets, the proposal failed to reach the necessary threshold.
The community is now scrambling to figure out how to get the tokens back to where they belong, and there is talk of hard forking the Cosmos Hub blockchain in order to do so – something that would be a first for the project.
In the meantime, Asano says he is “cooperating fully” with the Cosmos Foundation in order to ensure that the funds are returned to their rightful owners.
This story is still developing, and we will continue to update it as more information becomes available.