Certik admits their responsibility
As it was explained in a previous article, the private key that enabled interaction with the timelock was publicly available on the Levyathan project Github in the governance repository, due to a serious oversight of the developer.
This availability led to the unfortunate events of July 30, 2021. Indeed, the oversight of the developer allowed a malicious hacker to gain control of the LEV contract and mint an infinite number of tokens before dumping them on the market.
Regarding the malfunction of the emergency withdrawal contract function, Certik has since those events come forward. Certik confirmed their part of responsibility in the events of July 30, 2020. Here is a part of their answer:
“First of all, please accept my sincere apology. After internal investigation, it appears that you are absolutely correct. We failed to address the actual issues in our report, together with the incorrect suggestion of the fixes, ultimately lead to tremendous loss of your asset. Needless to say, we have a lot of reflections that need to be done on our own part. It was a human error, as much as we don’t want to see it happen, we are trying to address it systematically. We have updated our database and automation tools to prevent similar mistakes being made again. […]”
Certik confirms that the Levyathan project was a victim of external errors. A more rigorous work on the part of Certik would have prevented these events from happening.
As for the future, several measures have been decided upon.
A multisig for the recovered funds
A multisig has been set up with the help of other community members to ensure the integrity of the process. We thank them for their availability and their will to serve the community in tough times.
The address of the multisig is: 0xf3381970372fcA75270C0d67956Fd8D6304377D7.
As you can see, 265,185 BUSD have already been returned and will be distributed to community members who were victims of the technical flaw in the emergency withdraw function.
All funds returned by members who benefited from the bug in the emergency withdraw function will be deposited at the above address before being distributed.
We invite you to return any excess funds you may have received to the above address. It is through the actions of all of us that the stolen funds will be recovered, for the good of the community.
The people who received a surplus have one week from this publication to return the surplus money to the address of the multi-sig. At the expiration of this delay, an official enquiry will be launched by the competent authorities to trace and identify each portfolio.
Will Levyathan deliver a V2 ?
Due to the numerous threats and aggressiveness of some members of the community, the new developers who were to contribute to the project no longer feel comfortable working in this climate and have withdrawn from the project.
Furthermore, the funds allocated to the development of Levyathan were siphoned off during the hack of the platform and all recovered funds are destined to be distributed to the community : therefore, the project is no longer able to self-finance.
In an attempt to find an external financing solution for a V2, Levyathan has tried to approach large companies, or to find an agreement with Certik for a compensation equal to their responsibility. Unfortunately, none of these attempts were successful.
The Levyathan homepage, as well as all social networks will be closed in the next few days and made inaccessible.
Longdrink Finance
Longdrink Finance, a protocol following the same beliefs, has come forward with a proposal to the Levyathan community.
In order to help those affected by the exploit, Longdrink Finance is going to distribute a total of 2500 $LONG to 500 of our community members (5 $LONG each).
The airdrop can be claimed on their website once it goes live next week. They have created a pre-exploit snapshot of all LEV holders and Levyathan’s liquidity providers, as well as our index stakers, whose wallet addresses will be whitelisted for the airdrop.
To stay updated on the proposal, you can join their Telegram at t.me/LongdrinkFinance
Please note that no former Levyathan contributor has a connection with this project. While Longdrink Finance has undergone an audit, we cannot guarantee for either the security or the success of the protocol and will bear no responsibility for Longdrink’s past and future actions.
We regret the turn of events and the necessity of having to announce the end of Levyathan so abruptly to the community. We thank you all for your support and active participation in this project.