After the recent success with $AAG token retrieval from the Horizon Bridge hack, we feel this is a great opportunity to remind our community how Lossless Protocol operates and how it provides a layer of security. In this article, you will find information from the moment an integration happens to a walkthrough of the hack-spotting process.
Before we begin, here you can find our documentation, GitHub and SDK.
Protocol Overview and Integration
The objective of the Lossless Protocol is to provide an extra security layer in order to prevent fraudulent token movement and recover fraudulently taken tokens. This functionality is available to all the tokens that follow the LERC20 standard.
The protocol incorporates a new layer of blockchain security, ensuring that fraudulent transactions are identified, frozen, and recovered with the help of our active community of Finders and Stakers. In short, it’s a piece of code token owners place inside their token’s smart contracts prior to the token’s launch into the market or during a relaunch. You can:
- Integrate the protocol manually with the help of our guidebook
- Mint your tokens on our Token Minter and integrate it automatically
- Relaunch your token with our Token Relaunch Toolkit
The Lossless Protocol is deployed onto six chains: Ethereum, BNB Chain, Polygon, Avalanche, Fantom, and Harmony. It means that projects building on these chains can implement our technology for higher security standards. Integrating our protocol provides this:
- Transaction feed of the protected cryptocurrency on the Lossless dashboard to track the movement of tokens
- Ability to report a spotted hack with a stake of 2500 $LSS and freeze the transaction in question for 24 hours
- Investigative work by a Decision-Making Body that votes on the report’s validity
- During the investigation period, opportunity for $LSS holders to stake a fixed amount of 200 $LSS on top of a report in order to earn their rewards
- Return of the stolen funds to the owner if a hack is verified
Hack-Spotting and Fund Retrieval Process
There are three key players in the whole process: Finders, Community Stakers, and the Decision-Making Body.
Finders are a community of security enthusiasts, white-hat hackers, developers, experts, auditors, and more, i.e. people that are able to read crypto transactions and spot malicious intent when they see it. They stake 2500 $LSS to flag up fraudulent transactions they suspect originate from exploits, malicious activity, or social engineering. Reports freeze the addresses of allegedly malicious actors for 24–48 hours.
Community Stakers put their weight behind the reports they deem credible, expressing their vote of confidence through staking 200 $LSS to increase the report’s visibility and be rewarded if a hack is verified. This they can do while the report is still active, in the investigative phase.
The Decision-Making Body employs proprietary exploit identification tools and fraud parameters to make rulings on open reports. It is structured by the token owner, the Lossless technical team, and the Security Committee. The Security Committee is a 9-member integral structure, comprised of blockchain industry professionals and key figures that provide trusted and unbiased decision-making when investigating reported hacks.
Each Decision-Making Body member of the three has a single vote making a total of three. If, for example, the token owner votes that the reported transaction was a hack but the Lossless tech team and the Security Committee do not find any evidence through their investigation to support that, they will vote “no”. To verify a report you need 2/3 “yes” votes. If that is not reached, the reported transaction is unfrozen and the funds follow through as they were supposed to.
If a hack is validated, after the Decision-Making body’s investigation and vote, frozen funds are retrieved by Lossless and the token owner is asked to propose a wallet for the refund. That wallet address then undergoes a 3-day dispute period when Decision-Making Body members can object and ask for a new wallet to be proposed. If no such thing happens, after 3 days the wallet is confirmed and it can claim the retrieved funds with an automatic 7% deduction (Lossless recovery fee) which is distributed as rewards to Finders, Community Stakers, and Security Committee for their investigative work.
Here’s a video tutorial on how to generate a report for a Finder and how to stake on one if you’re a Community Staker:
Rewards
Every successful retrieval will experience a 7% recovery fee which will be deducted automatically from the returned fund amount. It is used as a budget to distribute rewards to Finders, Community Stakers, Security Committee, and a piece is kept by Lossless. Here’s what the structure looks like:
With reward distribution and retrieved assets going back to the owner, the hack-spotting process is complete.
About Lossless
Restoring trust in web3 security. Lossless incorporates a new layer of blockchain transaction security, protecting projects and their communities from malicious exploits and the associated financial loss.
Lossless protocol implements an additional layer of blockchain transaction security for ERC-20 standard tokens, mitigating the financial impact of smart contract exploits and private key theft. Lossless protocol utilizes community-driven threat identification tools and a unique stake-based reporting system to identify suspicious transactions, providing real-time protection.
Twitter | Platform | Telegram | Discord | Website | Documentation | Github