Juno, a sovereign public blockchain in the Cosmos ecosystem, saw $36 million worth of its native token, JUNO, which was seized from a whale, sent to the wrong blockchain address.
Last week, the Juno community voted to seize $36 million worth of JUNO tokens from the wallet of a whale, who is accused of cheating a community airdrop. Unfortunately, rather than send the funds to an address controlled by the Juno community, as originally planned, a programming mix-up sent the funds to the wrong address on Wednesday.
According to CoinDesk writer Sam Kessler, “This situation serve as a case study for the trials and travails of on-chain governance. This is because the promise of blockchain-based governance is that the will of a community is directly codified on-chain.
“In a world where “code is law,” a simple community vote should have been enough to move tokens from one specific blockchain address to another. Unfortunately, the failure of several human-controlled safeguards showed how code-centric governance has yet to live up to its heady promise.”
What you should know
- Juno Proposal 20, which passed with overwhelming community support last week, revoked tokens from Takumi Asano, a Japanese investor accused of gaming the Juno airdrop to the tune of $120 million in February.
- It was the first major example to date of a blockchain community voting to alter the token balance of a single user accused of acting maliciously.
- According to the community vote, Asano ran an exchange service that should have rendered his wallets ineligible for the so-called Juno “stakedrop,” which gave JUNO tokens to stakers on the Cosmos Hub blockchain.
- After a delay of a few days, last week’s vote was supposed to automatically run code moving the “gamed” funds, now worth around $36 million, from Asano’s wallet into a “Unity” address controlled by the Juno community.
- When the code was executed on Wednesday, a programming error ended up moving three million revoked JUNO tokens to an erroneous address on the blockchain where nobody, neither Asano nor the Juno community, has access.
- Andrea Di Michele, a member of Juno’s “Core-1” founding developer team who goes by “Dimi,” told CoinDesk that the fudged transfer came as the result of a copy-paste error.
- He explained, “When I gave the [Proposal 20] developers the address of the [Unity] smart contract, I pasted the address of the smart contract and just underneath put the transaction hash. But I didn’t write ‘the transaction hash is this,’ I just put the transaction hash.”
- According to Dimi, developers accidentally copied the transaction hash, which looked similar to the wallet address, rather than the address itself. As a result, the seized funds ended up moving to a crevice of the Juno blockchain where nobody has access.
Many people in the crypto community are asking who is to blame for this mistake. According to Kessler, “Validators who deploy nodes to run proof-of-stake blockchains like Juno are theoretically responsible for conducting due diligence about on-chain upgrades like the one that came with Proposal 20. It is this disintermediated community of validators, not any specific developer, which is responsible for issuing blocks, securing the network and processing upgrades in a “decentralized manner.”
He went on to state that of Juno’s more than 120 validators, not one appeared to notice that the Unity address was pasted incorrectly.