PIP-59: Proposal for Returning 40.203 wETH to Bybit (After 10% Bounty Deduction)

Let’s vote for funds freezing and wait how this situation evolves!

Having the proposing user verified as an official representative of Bybit, we now share our opinion on the matter:

1. ParaSwap has no connection with the Bybit hack, before, during or after the hack. The hack was the result of Bybit’s own vulnerabilities and/or those of third parties such as safe or others, which should be duly investigated.

2. ParaSwap did not commit any irregularities after the hack, ‘code is law’, its smart contracts worked as they should. ParaSwap is a decentralised, permissionless, trustless, autonomous and neutral DeFi protocol based on automated smart contracts. The fees in question were legitimately collected when legitimate transactions took place on the blockchain using its smart contracts. In other words, they are not funds from the hack, but are legitimately collected fees for the service provided.

3. Therefore, ParaSwap has no obligation to refund fees that were legitimately collected for services provided in valid transactions recorded on the blockchain.

4. The debate here is purely philosophical, moral, or ethical, based on a request made by Bybit to ParaSwap to return the amount of fees collected from transactions executed by the hacker. In other words, the issue comes down to clarifying that the fees were duly collected, are the property of ParaSwap, and that Bybit, as a gesture of goodwill, is requesting their return for the reasons outlined in its proposal.

5. The DAO has the sovereignty and authority to decide on the allocation of its funds, so the discussion comes down to making a decision on whether the DAO accepts or declines the request to return the legitimately collected fees as a gesture of goodwill.

6. This is not a minor detail, as while ParaSwap is a decentralized, neutral, trustless, and permissionless protocol, the DAO retains sovereignty and decision-making power over the funds collected through fees. It can choose to return them to Bybit if deemed reasonable. This means we are not dealing with the automatic, autonomous, and irreversible collection and distribution of fees, but rather with a decision that remains subject to collective human judgment by the DAO. Given that the collected fees stem from an illicit act and require a human decision, isn’t it appropriate to return those funds to the victim rather than taking profit from the illicit act?

7. In the first instance, we understand that neither ParaSwap nor any other DeFi protocol should cover the errors or vulnerabilities of anyone who has been the victim of a hack, neither retail users, nor entities, nor CeFi, nor anyone else. The spirit of DeFi is that everyone is responsible for the custody of their own assets.

8. Despite this, we recognize that this case is uniquely significant within the ecosystem, as it represents the largest hack in crypto history. The full extent of its consequences remains uncertain, and we cannot rule out the possibility of legal action or regulatory intervention.

9. On this basis, we believe that it would be an ethical gesture of goodwill on the part of ParaSwapDAO, not only towards Bybit and its users, but also towards the ecosystem and the industry in general, to return the fees legitimately collected for the transactions made by the hacker, thus helping to mitigate the effects of the hack. Although, as mentioned, the fees were legitimately collected, the good gesture here is for ParaSwapDAO to return to the victim of the hack the funds collected for the transactions made by the hacker and not to benefit financially from the consequences of an illegal act.

10. In the same way, this case, which involves millions of dollars publicly derived from an illegal activity, could have legal implications for the Protocol and its members, as well as for the DAO and its various members (voting tokenholders, delegates and any participant of the forum and the community that participates in any way in the decision-making process in this case), so by proceeding with the return of the collected fees, ParaSwapDAO publicly demonstrates its good faith and goodwill, mitigating any possible interpretation in this regard. As stated in the first points, we do not believe that this interpretation is valid, but the return of the funds eliminates any risk of a contrary interpretation that could affect the Protocol, the DAO and its members in the decision-making process here in question.

11. Moreover, returning these funds would position ParaSwap among the DeFi protocols that acted in good faith and took steps to mitigate the effects of the hack—an ethical stance that could enhance the protocol’s reputation and be worth leveraging. Conversely, no one wants to be perceived as a bad actor, as this could put the protocol’s prestige at risk.

12. In this regard, it is not a minor fact that both Cointelegraph and DLNews recently covered the events that took place, the request that Bybit made to ParaSwapDAO with this proposal, and the debate that is taking place in the DAO, so this issue has already taken and will continue to take more public and media relevance within the ecosystem, the focus is on us and the decision we make, forcing us to be even more responsible when making a decision.

13. We do not ignore the fact that 80% of the fees collected are distributed to the stakers, so it is important to be cautious when making decisions about the destination of these funds, but we are convinced that the best way to protect the stakers and their investment is to make a decision that puts ParaSwap in the right place in history, making an ethically valuable decision that generates a healthy prestige within the ecosystem of being a good player, a protocol that helped mitigate the effects of the hack, as opposed to the bad reputation that would put ParaSwap in the position of a bad actor that “kept the profits of the hack”, which can generate negative consequences both in public opinion, users and the industry, potentially generating future conflicts that could jeopardise Project Miro’s plan to list the new token on the top-level CEXs. This big-picture perspective that we are outlining to justify our decision is, in our view, the best way to protect the stakers and their interests. It positions ParaSwap on the right side of this story, showcasing to the outside world, the industry, and our partners that it is a trustworthy, collaborative protocol committed to the ecosystem and the industry it belongs to. ParaSwap’s reputation will be further strengthened—not only by offering a top-tier product but also by demonstrating good faith, reliability, and commitment through its DAO. This will undoubtedly be appreciated by current and future partners, potential new allies for integrations and collaborations, and the broader industry. Additionally, it paves the way for strengthening alliances with CEXs, which could facilitate the listing of the token

14. Therefore, while we understand the reasons given for not returning the funds, we also believe and prioritise the fact that the DAO should be a driver of the Protocol’s success, be part of it and contribute to its growth, as we expressed in our post Driving Protocol Success through Optimised Governance. By this we mean that the DAO is not a separate entity from the protocol, it should not only focus on its internal processes and some actions related to the growth of the protocol, as it is done so far with the PGWG for example, but the DAO should also play an essential role in issues such as the one we are analysing, maintaining the reputation of the ParaSwap brand. For this reason, we believe that the return of the funds is a good sign that must be taken in order to increase the reputation of the DAO and therefore of ParaSwap. While we do not underestimate the sum in question (44.67 ETH), we believe that by making a high-level decision, the goodwill and credibility gained from this action could bring significantly greater long-term benefits to the protocol, the DAO, and ultimately, to the stakers and investors as well.

15. This decision does not imply disregarding or interfering with the decentralized, permissionless, trustless, and neutral nature of ParaSwap. These principles remain untouchable and are not being questioned. It simply involves making a decision regarding the DAO’s funds, where the determination of their destination rests collectively with the DAO.

16. We acknowledge that Bybit offers a 10% bounty on recovered funds related to the hack, as outlined on http://lazarusbounty.com/and that ParaSwap is listed on the ‘Bounty Hunters Leaderboard’ as a potential beneficiary if the decision is made to return the funds. We believe this is fair, as the DAO is dedicating time and effort to address this restitution issue, and it is reasonable for Bybit to voluntarily compensate the DAO for its involvement. In this case, ParaSwap would not be retaining or keeping funds from the hack but rather accepting a voluntary recognition from Bybit for its efforts.

17. For all the above reasons, our position is that we are in favour of the proposal made by Bybit and we believe that ParaSwap must return the requested funds in the context of the voluntary bounty offered by Bybit. In other words, it must return 40,203 wETH and keep 4,467 wETH as a voluntary bounty offered by Bybit. We ask the proposer @bybit to explicitly clarify this and adjust his proposal accordingly before putting it to a vote.

18. As for how to proceed with the implementation, due to legal concerns and to act with the due diligence that the case merits, the return of funds should be conducted in accordance with the steps proposed here by @citizen42:

19. This decision, which we propose to adopt, must be understood as entirely exceptional and applicable solely to this specific case due to its unique circumstances. It should not be considered a precedent for future cases, which will be analyzed on their own merits and in due course.

20. Despite the above, and in order to avoid a situation where in the future any person or entity could request a refund of fees from the DAO claiming to be the victim of a hack, which would force the DAO to analyse and decide on a case-by-case basis whether or not a refund is appropriate, which would be unfeasible and unreasonable, we believe that it is necessary for the DAO to establish a clear and predictable framework and mechanisms for future similar cases, and that once this issue has been resolved, the DAO should begin to establish this framework and seek solutions, for example through Kleros or SEAL. Likewise, the Reward Mechanism Automation approved by the DAO and being developed by @wakeuplabs will help prevent similar cases in the future, as the distribution will no longer depend on human calculations and manual execution by the GovCo, but will be fully automated and independent of human decisions, making the distribution of rewards automated, decentralised and neutral.

21. In summary, we will support Bybit’s request on the condition that the proposal is reformulated to meet two conditions that we consider crucial and essential:
    a. Incorporating a legal indemnity clause, as suggested by Citizen42;
    b. Incorporating that ParaSwapDAO is the beneficiary of the bounty offered by Bybit, and therefore, of the 44.67 wETH of fees collected, the proposer is requesting the restitution of 40.203 wETH, while the remaining 10%, which amounts to 4.467 wETH, will be retained by ParaSwapDAO as part of the voluntary bounty granted.

22. This is our opinion as of today, but we are still reviewing arguments and analyzing our final decision. Therefore, and given the complexity of the issue, we do not rule out making last-minute changes if any DAO member or delegate presents a strong and justified position that we fully agree withand makes us reconsider our opinion.

It seems that the consequences of this project from both a product and marketing perspective have not been properly considered. This is not about making a profit from illicit funds because it is not even “profit” because also shares operational / Transactional costs ; it is merely a redistribution to stakers, which does not sustain the project, is just like a hook to catch more users. The project is sustained by users, and implementing a clawback or cutting rewards that were previously stipulated for stakers will only drive users away and erode trust in the project. An example of this is the price action of PSP, not only for the market conditions but for this event has been destroyed. And is not attractive for any CEX or user.

Trust in a project is invaluable, and it has now been compromised not just by this proposal but also by the abusive conditions imposed on an entity that bears no responsibility for this situation. We must stop treating Bybit as a privileged entity and start seeing it as just another market participant. This reminds me of when a big tech company sues a small startup and the latter is easily destroyed, we are replicating the same thing.

Moreover, this fund represents less than 1% of the total, and there is no precedent for refunding fees, as the system does not typically allow for such actions. Opening this door means opening Pandora’s box. Rest assured that approving this proposal will cost far more than 4.4 wETH or 44.67 wETH. It will cost the project its entire potential. Users will never trust this platform again, and the probability of recovery will be close to zero.

Additionally, understanding the business model of this project is crucial.
What benefit does the token get from being on a CEX dominated by market makers?
Perhaps some trading volume and fees, but after an event like this, those gains are not truly beneficial. What the project needs is more liquidity, more wETH, and that is not something exchanges will bring to the table. Unless Bybit establishes real working conditions through its BD team, such as integrating the EARN service into its platform, there is no indication that they have any interest in repairing the reputational damage they have caused.

On top of that, operational costs are not even being considered, only a bounty. I strongly suggest seeking further advice from individuals involved in similar projects, people who do not focus solely on ethical or coordination aspects but also on business viability. At the end of the day, decentralized or not, this platform operates under a business model that has been severely harmed, and whether the 44.67 ETH is returned or not, it will not be restored to its previous state. This is deeply unfair, yet it seems none of you have taken it into account.

“To exempt one man from the law is to destroy the law itself.” – Cicero

Following feedback from the DAO, we have amended our original proposal to implement some changes to it.

Firstly, to show our commitment to our HackBounty program, we have excluded 10% of the amount related to the transaction from the request. This amount is in line with our bounty for recovery of stolen funds. The final amount which will be transfer to the requested address is 40,203 wETH. With this upfront deduction, we hope to show the community our commitment to transparency and willingness to cooperate for an ethical resolution of this conflict. By taking part on our HackBounty, we also acknowledge ParaSwap DAO’s role as a good actor in the Lazarus bounty, assisting us with the recovery of funds.

With the epoch end approaching soon, we move our proposal to the Frozen Period, and aim to move to publishing the proposal soon after.

Thank you @Bybit for your response and for incorporating the feedback from various community members regarding considering this situation within the framework of the bounty. This is a step forward.

However, we believe that it is still missing, and we would like you to include in the proposal a release and indemnity clause to ensure that the protocol, the DAO and its members are protected and indemnified from any potential future claims. Is there any reason why this was not included in the proposal?

Thanks for the update!

I want to echo the point made by @citizen42, @SEEDGov and several others that engaged in this conversation: While there is not a proper legal framework for a situation like this, the request for the indemnity clause to be explicit stated in the proposal itself.

Although there is no concrete plan yet, discussions around potential action plans have been very positive.

As @SeedGov rightly pointed out:

The DAO has the sovereignty and authority to determine how its funds are allocated.

Since this decision ultimately rests with the DAO goodwill, and given that it may reach a consensus to return or freeze the funds, it would be valuable to understand Bybit’s position on supporting ParaSwap in the future.

A few possibilities that come to mind include:

• Listing the rebranded ParaSwap token.
• Engaging in co-marketing or highlighting this particular event.
• Aligning with our mission and publicly supporting our approach.

A public statement via social media or the forum could help clarify Bybit’s stance on this matter.

Additionally, I would like to know if there will be any explanation regarding how these funds will be allocated. Anyway, since this is a refund, I don’t expect too much.

cc: @Bybit

We’ve heard your feedback and have added a Release section to the proposal. We hope this addition provides clarity and reassurance should the proposal be approved.

As @Bybit does not have the minimum voting power required to submit the proposal, we have offered to submit it with our delegation wallet to facilitate a smooth governance process as the fee distribution period for this epoch is approaching and this issue must be resolved by then.

Voting starts on Saturday 15th March, thus complying with the 2-day frozen period, in accordance with the new PIP Lifecycle recently approved. Voting ends on Thursday 20th March.

https://snapshot.box/#/s:paraswap-dao.eth/proposal/0x135921e5304462fbfbec415a817aa64af7bed730687ad867a79f77ca6bfed8c4

I’d like to come back to this subject one last time before the proposal goes live. I think it’s important to clarify a few points and give some final thought to the long-term implications of this decision. I think we need to be sure of the direction we’re taking, not only for this specific situation, but also for what it could mean for the governance of ParaSwap in the future.

Yes, the DAO is sovereign, and that’s precisely why we need to consider the implications of this “gesture.” If Bybit can request this with proof of a hack, are we prepared to do the same if an average user makes a similar request, providing all the evidence showing that their wallet was hacked and that their funds passed through ParaSwap? Or is it simply because this is the biggest hack and Bybit carries more weight? If we say yes to Bybit, we open the door to everyone — small holders or big players — and the DAO will quickly lose its autonomy by constantly playing the role of a benevolent arbiter.

It says that DeFi shouldn’t make up for other people’s mistakes, then that an exception is made because it’s “the biggest hack”. This is arbitrary. The size of the hack doesn’t change the principles: ParaSwap is not responsible. Making an exception here opens the door to future exceptions based on size or media coverage, which compromises neutrality. If the rule is “no responsibility”, it should apply universally, not selectively.

First, what does “positioning on the right side” really mean? If it means pleasing CEXs like Bybit or external observers by giving in to their request, then that kind of reputation is a trap. A DeFi that bends to the expectations of centralized systems to earn “good faith” points loses what makes it unique: its independence.

Next, you say that keeping the funds could make us appear as a “bad actor” and harm our prestige. But why? The 44.67 wETH are not the stolen funds; they are legitimately collected fees for a service provided by ParaSwap. Associating them with “immoral profit” is a distortion that plays on the fear of public opinion rather than technical reality. If we give in to this media pressure — just because Cointelegraph or DLNews are talking about it — we are giving these actors disproportionate power over our decisions. A reputation built on the fear of being poorly perceived is fragile; a reputation built on firmness and consistency is durable. I would rather be respected for our strength than applauded for our submission.

Reputation is a double-edged sword. By accepting this request, ParaSwap might gain some points with CEXs and external observers — but at what cost? In the eyes of the DeFi community, we would be seen as those who caved under pressure, those who created a dangerous precedent. If we give in today, why not do it again tomorrow? A reputation built on compliance rather than strength weakens us in the long run. Real reputation — the kind that matters in DeFi — is built on consistency of principles, not on opportunistic concessions.

Finally, the idea that media attention “forces us to be more responsible” bothers me. Responsible to whom? The stakers and the community who believe in decentralization, or the external commentators who want a good story? If ParaSwap is to strengthen its reputation, it’s not by playing the good Samaritan for Bybit, but by showing that DeFi can stand firm against pressure — even under the spotlight. That’s the kind of ethical stance that carries real weight.

‎ ‎ ‎
‎ ‎ ‎ ‎ ‎
In conclusion, this choice is not merely a question of funds or immediate reputation. It is a decision that touches on the very essence of what we want to be as a decentralized protocol. Giving in to this request today might seem trivial, even pragmatic, in the context of the largest hack in recent history. But the consequences of this action go far beyond this isolated situation.

By agreeing to return these funds, we set a precedent that redefines the scope of our responsibility as a protocol. For by conceding here, we open the door to other ideas, potentially even more difficult to manage for the ecosystem. If we become the protocol that intervenes to correct losses related to hacks or external vulnerabilities, what will prevent us from having to intervene in similar cases, or even more complex situations in the future?

What seems to us today like a simple concession could become the starting point of a series of increasingly problematic requests, testing not only our autonomy but also the very foundations of what it means to be a decentralized protocol. The value of a DeFi protocol lies in its ability to operate autonomously, impartially, and resistant to external pressure. If we begin to adjust our decisions based on the influence of external actors or media pressure, we risk eroding this autonomy and sliding towards a governance model that resembles the centralized institutions we are striving to surpass.

What may appear today as a gesture of good faith could, in the long run, weaken our position in the DeFi ecosystem. A reputation built on consistency, neutrality, and respect for decentralization principles is durable; a reputation built on the fear of displeasing or the search for external validation is, on the other hand, fleeting. We must ask ourselves whether we want to be respected for our firmness or applauded for our submission.

We have to understand, we do not engage in recovering stolen funds; we simply return the legitimately earned protocol commission. For this commission to be considered unlawfully earned, Bybit must present legally valid proofs—which they have not come close to providing.

In no way we should hurry on this matter!

Complying with such requests under these circumstances would pose a serious reputational risk.

Thanks for that great super detailled summary.
For all these reasons mentioned, I will vote against.

This is a very controversial issue and subject to interpretation, so there are no valid or invalid positions, it is a matter of making a decision based on what one believes. Moreover, we do not necessarily disagree with your position, but we maintain our point of view, especially that expressed in points 13 and 14.

Regarding the concept of decentralization so often invoked, we understand that it must be remembered that this is a DAO and the tokenholders - themselves or through their delegates - ultimately have the right to vote to decide the course of this proposal, and that is also what decentralization is all about.

It is especially at times like these that participation in the DAO takes on special importance and that is when we most need delegates and tokenholders to express their opinions in the forum and especially by voting.

This is one of the first times we’ve seen a proposal like this, and frankly, it’s quite impressive. Kudo’s to the Bybit team for tracking down all these avenues to try and return lost customers’ funds. For the vote itself, now following a 10% bounty deduction, here are some thoughts:

• Returning the funds would certainly be seen as a demonstration of our dedication to ethical standards and industry-wide efforts to combat cybercrime. Overall, additionally, this amount is rather negligible and we certainly think it’s more of the concept of it than the value of the ETH itself.
• With the concept, this will set a precedent for future incidents. We’re not sure if returning the funds might obligate the DAO to act similarly in future cases, potentially exposing us to unforeseen liabilities. Conversely, this would likely just as importantly set precedent in the broader crypto space for something like this. Thought: Likely Bybit knows this and is using this small example of funds transfer to secure a win and convince other avenues where more funds were lost to act similarly, smart move in our opinions if so.
• The proposal includes a 10% bounty deduction, aligning with Bybit’s HackBounty program, makes a lot of sense and in line with general Defi standards.

Overall, we are leaning in favor as there is a strong general inclination to return the funds and uphold the DAOs ethical standards. Ensuring a transparent and secure process will reinforce trust in our governance practices and demonstrate our commitment to integrity in the DeFi space.