Minterest Remediation Plan: Next Steps for Recovery

Thank you for your continued patience and understanding during this challenging week. Following the security breach on July 14, where $1.4M in mETH and WETH was stolen from our Mantle Network deployment, we have been working diligently to address the situation and outline a clear path forward for our users and the protocol.

Incident Summary

On July 14, 2024, Minterest experienced a significant security breach due to a reentrancy exploit in the mUSDY market. This vulnerability led to the manipulation of exchange rates and subsequent liquidation of user positions, resulting in the theft of $1.4M in mETH and WETH. We took immediate action to contain the breach, including suspending operations across all networks and collaborating with forensics experts, centralised exchanges, and legal authorities. For a comprehensive report on the exploit, you can refer to our detailed blog post here.

Stolen Funds Status

Our efforts to address the theft have involved extensive collaboration with forensics experts, centralised exchange partners, and bounty hunters. Although the hacker has not communicated or shown any intention to cooperate, we are committed to pursuing all avenues for recovery. We anticipate a prolonged process but remain steadfast in our efforts.

Remediation Process

In response to the breach, and after considering numerous options and community suggestions, we have developed the following remediation plan to restore Minterest to a stable operational status:

1. 15% Haircut for WETH & mETH: To account for the stolen funds, an approximately 15% haircut will be applied to WETH and mETH supplies. For example, if the WETH supply displayed on your Minterest Dashboard is 1 WETH, your updated balance will be approximately 0.85 WETH.

2. $MINTY Compensation: Users affected by the theft will receive $MINTY tokens equal to their share of the $1.4M stolen. These tokens will be valued at a 25% discount to the listing price (to be determined). 20% of the tokens will be unlocked at the Token Generation Event (TGE), with the remaining 80% vesting linearly over 6 months.

For example, if you lost $3,000, you will receive $MINTY tokens worth $4,000 at the listing price: 

Compensation = Loss / (1 - Discount) = $3,000 / (1 - 0.25) = $4,000

Of these, $800 (20%) will be unlocked at TGE, with the rest vesting over 6 months.

This is the fastest vesting schedule among all current Minterest tokenomics buckets.

3. Yield Farming Boost: To aid recovery for those affected, WETH and mETH suppliers with a pre-exploit supply greater than $50 will receive a 40% boost in MNT and MINTY emissions for three months following the reopening. This boost is equivalent to a Level 3 NFT Boost and will override any lower percentage boosts.

4. Recovered Funds: Any funds recovered will be distributed proportionally to affected users in addition to the $MINTY compensation.

Detailed Steps Coming

We will share the operational steps necessary to adjust supply positions on Minterest in a subsequent post, including examples to guide you through the process.

Addressing Common Concerns

Impact on Other Markets: The decision to apply a haircut only to WETH and mETH is due to the direct impact of the exploit. Since the theft specifically targeted these assets, expanding the haircut to other markets would unfairly penalise users who were not directly affected. This focused approach helps stabilise the protocol and maintains fairness.

Legal Recovery Efforts: We are working closely with forensics experts and centralised exchanges to track the stolen funds and identify the hacker. Legal avenues include cooperation with law enforcement agencies and legal counsel specialising in cybercrime, alongside using bounty hunters to incentivize the return of the stolen assets.

Timeline and Confidence: While the recovery process is complex and uncertain, we are dedicated to pursuing all possible avenues. Given the lack of communication from the hacker, we expect the recovery to be prolonged but remain resolute in our efforts.

Mitigating Liquidation Risks: To reduce the risk of liquidations, we will ensure that all users’ net health factor positions will be greater than 1.05 after applying the 15% haircut. Detailed operational steps and examples will be provided to help users manage their positions effectively.

Reason for 15% Haircut: The 15% haircut reflects the proportion of stolen funds relative to the total WETH and mETH supply. This method ensures a fair and proportional adjustment of holdings, distributing the impact evenly across all affected users.

Determining $MINTY Listing Price: The listing price for $MINTY will be set based on existing tokenomics and consultations with our exchange partners. The token will be offered at a 25% discount to the listing price, with an accelerated vesting schedule to balance immediate compensation with long-term value.

Rebuilding Trust: We are committed to rebuilding trust through transparency, enhanced security measures, community engagement, and fair compensation. Regular updates on the recovery process and security improvements will be shared.

Enhanced Security Measures: To prevent future exploits, we are implementing several security enhancements, including regular third-party audits, advanced monitoring tools, bug bounty programs, and improved internal code review processes.

40% Boost in Emissions: The 40% boost in MNT and MINTY emissions for three months is designed to support those impacted by the exploit. This significant boost balances compensation with inflation control and aims to stabilise token value.

We remain dedicated to ensuring the security and integrity of our platform and will take proactive measures to protect our users’ assets. For any questions or further information, please contact us on Discord/Telegram or via email at nextlevel@minterest.com.

Thank you for your patience and continued support.

24, July 2024