On the 25th of September 2020, KuCoin experienced a serious breach in security (aka “hack”) and as a result, various ERC-20 tokens with an estimated value of 150 million USD, were transferred out of the exchange fraudulently. Of the tokens stolen, 43 million AGI tokens, owned by diverse community members, were among them.
It’s worth emphasizing that this event was entirely isolated to the KuCoin exchange and did not affect the security of our platform or any of our DApps… The event also has had no impact on the short, medium or long-term availability of AGI tokens for those who want to use them on the SingularityNET platform.
Ultimately, after serious consideration and discussion of the various options available in response to this hack, SingularityNET Foundation has decided not to take any drastic action, such as hard-forking the AGI token smart contract.
KuCoin has assured us that their insurance policy will recompense those who have had their tokens stolen; and we are of course pleased and relieved to hear this, although we also do need to emphasize that it’s not a matter SingularityNET Foundation has anything directly to do with.
In the remainder of this blog post, in the interest of transparency and community, we briefly explain some of the thinking that went into our decision here; and then we provide answers to a number of questions regarding the hack, our response and the AGI token generally which have occurred recently in the community.
Choosing Decentralization and Democracy
When we first were notified of the KuCoin hack, the SingularityNET Executive Team in conjunction with the SingularityNET Supervisory Council convened to discuss our options in this evolving situation.
We noted, at this time, that some other projects similarly affected by this KuCoin hack event had chosen to hard-fork their token smart contracts, thus eliminating or reducing the hacker’s ability to profit from their theft. We very seriously discussed this option but felt that it had serious downsides along with the obvious upside.
Making a centralized decision to hard-fork seemed against the decentralized ethos of the project, and setting the precedent of hard-forking in response to hacks on exchanges or other third-party repositories of tokens seemed undesirable.
Also, we quickly realized that if we were going to hard-fork, we would need to come to this decision in a democratic way rather than purely as a centralized Foundation decision. Specifically, in section three of our whitepaper specifies that during years 3-4 of SingularityNET’s operations, any major changes in the operations of the network are subject to the agreement of the foundation plus a 51% majority of AGI token holder votes.
With this in mind, as we, as we discussed in the SingularityNET community on 28 September, we briefly considered it would be appropriate to hold an AGI Hard Fork Voting event, to solicit community input regarding whether a hard-fork was an appropriate response to the KuCoin hack. We began preparing to conduct a vote.
While these preparations were underway, however, two important and relevant developments occurred.
First, we discussed the situation further with KuCoin, who assured us that their insurance policy would recompense stolen tokens.
Second, the hacker liquidated a significant fraction of the stolen tokens – thus eliminating much of the value of a hard fork
Based on these developments, the Foundation leadership decided it no longer supported the option of a hard fork. Given this, a vote no longer made sense (as according to the whitepaper, major decisions in years 3 and 4 require the agreement of both the Foundation leadership AND 51% of the vote of token-holders).
We understand that it would have been possible to respond more quickly - and execute a hard-fork before significant liquidation of the stolen tokens occurred – had we made a strong and rapid centralized decision. Gathering input from multiple parties and organizing a democratic process is not the pinnacle of efficiency. However, we felt it was important to adhere to the democratic nature of the SingularityNET network and the decision processes outlined in the whitepaper.
Those who have been around the blockchain space for a while will remember the DAO hack on the Ethereum blockchain, which led to the hard-fork of Ethereum that created the divergence between Ethereum and Ethereum Classic. This hard-fork was controversial at the time, and several of the SingularityNET Foundation leadership did not personally support it back then. It is not clear that the decision to hard-fork Ethereum at that time is one that has aged well. This is just one example illustrating that the strong centralized actions that seem best in the heat of the moment, may not always appear wisest in the different light of hindsight.
Why haven’t you frozen or burned the tokens that were stolen?
The AGI token supports pausing and burning. Because of this, some community members have wondered why these functions were not utilized to address the KuCoin hack. This can be clarified by explaining how the pausing and burning functions in the AGI token smart contract actually work.
When the pausing function is activated, the entire AGI token contract would be frozen. As a result, the platform, marketplace, RFAI Portal, staking portal, publisher portal and SingularityNET-based apps would all be disabled. This is a situation that we would like to avoid.
Additionally, the activation of the pausing function is clearly a major decision which according to the whitepaper would require a 51% majority vote of the AGI token holder votes.
The burning of tokens is a function that only the balance owner can activate. You can burn your own tokens, but the Foundation cannot burn your tokens; therefore burning was a non-practical option and discounted.
What will happen to those who lost their tokens?
KuCoin has communicated directly to us that they are insured against user fund theft. According to their report, the KuCoin insurance fund can cover the losses of community members who had their AGI tokens stolen in the hack. For more information and compensation, please contact KuCoin.
What could the SingularityNET team do in the next period so that it’s better prepared to deal with similar problems that might occur in the future?
Discussions among SingularityNET Foundation leadership and the Supervisory Council have touched on a variety of possible changes that might potentially improve the network’s responsiveness to future problem situations.
One option discussed was to introduce a very-rapid-response voting mechanism, so that we were always poised to launch a vote immediately on an hours notice. This would be technically feasible though not simple or inexpensive. However, in the end, it seems not very socially feasible for various reasons - e.g. the members of the voting community will not be always available at the last minute during a holiday or weekend. There are good reasons that rapid emergency response and democratic decision-making almost never go together.
Another option discussed was to have the community approve (by vote) a set of guidelines specifying the circumstances under which the Foundation leadership should take drastic emergency action in the absence of a vote. In any such case, there would then be a community-based review process after the fact, in which the Supervisory Council would lead the broader community in understanding what the leadership did and why, and whether any of the emergency actions taken should or can be rolled back.
Obviously, leaders of democratic national governments have these sorts of “emergency powers”; however, the omission of this sort of thing from the original SingularityNET whitepaper was not entirely accidental. These matters are complicated to get right and, as history shows, are highly subject to abuse. However, this “emergency powers” option may well merit further consideration and discussion.
Relatedly, it would also be possible to modify the AGI token smart contract so as to give the Foundation greater ability to counteract hacks or other problems that may occur. There are pluses and minuses to this which merit careful consideration. However, it seems probable that modifications to the contract may be useful in near future anyway, to support the initiative to make the AGI token multichain (which we need to do e.g. to create a Plutus-based version of the AGI token as we are planning as part of the SingularityNET/Cardano partnership).
It’s worth noting as well that a Plutus-based version of the AGI token might end up with additional governance-related smart contract features giving greater flexibility for dealing with hacks and other problem situations. In a multichain-AGI future, it is easy to envision scenarios where more robust tools for emergency management exist in regard to some flavours of AGI token (e.g. Plutus-based) than in others.
Putting these aspects together, one possible path for ongoing improvement is to work toward a revised AGI smart contract token which gives more flexible avenues for emergency management (possibly with different aspects in regard to the different chains involved), and then get community vote-based approval not just for a hard-fork incorporating these new features, but also for an “emergency powers” policy clearly articulating in which cases the Foundation leadership is authorized to use which features.
VERY IMPORTANT: Best Practices for Token Holders
We encourage all token holders to use a hardware wallet at all times and to be the sole owner of the private keys to your wallet. A hardware wallet is the safest way to store your tokens, as the private keys never leave the device. Your tokens should only leave your hardware wallet for the minimum amount of time necessary to carry out whatever transactions you need to make with them.
Staking AGI tokens via the SingularityNET staking portal is also an effective way to secure one’s tokens, while also earning staking rewards.
Further information and feedback
We understand you may have further questions about this topic and so we invite you to ask questions and debate the topic with others on our SingularityNET Community Telegram channel.
We’d like to thank each and every member of our community for their patience and support during this time. We feel that after careful consideration, listening to our community, and the current timeline of events, our response to this event is the correct course of action. Those that have been impacted will be compensated by KuCoin, and those that have not been impacted can continue using the AGI token and platform as usual.
We thank each and everyone one of our community members for their continuous support. SingularityNET plans to reinforce and expand its collaborations to shape the coming AI Singularity into a positive one, for all. To read more about our other partners, click here.
SingularityNET has a passionate and talented community which you can connect with by visiting our Community Forum. For any additional information, please refer to our roadmaps and subscribe to our newsletter to stay informed about all of our developments.