DAO Weekly Meeting #64

March 30, 2023
0:00 Intro • 0:25 Operation update • 3:14 Design update • 4:16 Engineering update • 7:12 Publius update • 7:58 Analytics on Chain presentation • 28:30 Questions for the Analytics on Chain team • 35:11 What happens if the destination of funds is detected? • 43:15 Is the team focused on the deposit or the withdrawal side? • 47:04 What information is Analysis on Chain trying to find? • 59:26 Who should the DAO reach out to? • 1:03:01 What should and should not be public? • 1:08:10 Closing statements
DAO Meeting


Meeting Notes

Operations update

  • There will be a document coming out that updates everyone on timelines for the Mayflower update. Hypernavtive is interested in supporting what Seraph would have covered. Guy is also trying to find auditors who will retain Bean exposure. An operations report for the end of this month will be live soon and Guy encourages people to take a look and give feedback.

Design update

  • Working on the Wells interface, and the UX for deploying Wells. Also working on polishing the Claim and do X in the UI

Engineering update

  • Cyfrin gave a final report from the Wells audit and the team will be updating the code base. Working on merging all of the code branches within the Beanstalk repo. Wells UI is making significant progress. The Sunrise BIP UI changes are being worked on as well.

Publius update

  • Working on the Wells integration

Analytics on Chain presentation

  • Sync reached out to their team to see if they wanted to present during the DAO meeting. Analytics on Chain is a new company that is looking into different on-chain protocols. Jason, the founder, has been doing this type of work for around 18 months. He built a community around his work. The Beanstalk exploiter used Tornado Cash, and this makes tracking down the stolen funds very hard, but it is not impossible. Jason says you have to look for withdrawal patterns to see where the funds might have gone. The smaller Ether transactions will be extremely hard to find but the larger 100 Eth transactions will be a bit easier to find. Jason shares a product that he uses to analyze Tornado Cash transactions. The graph shows the volume in Ether of the Tornado Cash pool. Jason goes on to say it is hard to see what the backend of Tornado Cash looks like until you start digging. Jason thinks this will take 2-3 months to go through all of the data. If the funds are still in Tornado Cash, Jason has a real time script that can notify users. Jason has direct and indirect contacts in the FBI and the UK equivalent. The team would like to look into the deposit side of the exploiters wallet.

Questions for the Analytics on Chain team

  • Jason is open to negotiations on the cost of their services, it depends on how long the DAO wants to put them on a retainer. For 2-3 months of full time work it would cost around $40,000-$50,000. If the DAO wants a longer retainer like a year it would cost $110,000. If the team comes to a result faster then they will prorate it. The monthly automation cost would be minimal. Jason does not know how long it will take to confirm the funds are still in Tornado Cash.

What happens if the destination of funds is detected?

  • If the funds are found the Analytics on Chain team becomes advisors and will give all the information needed. If funds are found Jason said this is how it will go. Someone will have to contact their local law enforcement then the law enforcement will contact the FBI and the FBI will start working on the case. If the exploiter used a non-KYC exchange it would be very hard to find them. Analytics on Chain has a team of white hat hackers that will track down the exploiter.

Is the team focused on the deposit or the withdrawal side?

  • Mainly on the withdrawal side but they will look into the deposit side.
  • Publius mentions there was only one wallet to fund the amount of the initial deposit to Tornado Cash in the month before the exploit. They go on to mention lossless connected this wallet to a Kraken wallet.

What information is Analysis on Chain trying to find?

  • For Jason, he wants to personally verify lossless claims. They want to find as many links as possible. Jason wants to maximize the amount of information the DAO has. The FBI will not give Jason any updates. Publius doesn’t think the DAO should spend good money to go after bad but they would love to find who did this and recover the funds. Sync thinks it is worth looking into this a little bit more and give people closure.

Who should the DAO reach out to?

  • Jason says it all starts with your local law enforcement. Then the law enforcement will bring it to the people who will look into it. This can come from any victim.

What should and should not be public?

  • It is up to the DAO on what they want to share publicly and what to keep private.


Jim, everybody. How do we keep it going in the past? So I think that Jason, from the analysis on Sinn Fein is here to give a little presentation a few minutes into the DA meeting and for setting it up a couple minutes. But we'll just quickly run through a couple updates from a few different contributors. So on and you know, a couple of weeks ago dropped a bit of a anticipated timeline for what we're calling now the Mayflower update, which is kind of an early three set of reports to summarize improvements that the sale of the that and then the deployment of wells. And there's a bit that has changed there. And I think that it'd be helpful to get everyone on the same page with a document in writing. So hopefully going to put out a blog post of sorts related to that sometime in the next week or so. A couple weeks ago, hibernated presented to the Dow at one of the Dow meetings, which is a security monitoring solution. And they seem great. They seem really hungry and are interested in supporting what we are intending to implement with Holborn by SRF, essentially having, you know, a third party review transactions that are submitted via by the multi Sirkin hopefully to I think a lot of the value from that would come from once on chain governance is re-implemented so continue the conversation there and we'll keep everyone posted on that front. And I guess also on the security front, just continuing to try to find and retain auditors that want to retain their exposure. I think that it's certainly an ideal scenario to have partners that we work with who have significant incentive alignment. And I think it's worth reminding everyone with regards to, for example, the Syphon audit for partners of ours who retain that the exposure, you know, whatever services they're providing in the case of saffron audits basically comes at no cost to the DA. So that's something we're trying to optimize around. Last thing I'll add is that, you know, the end of the quarter coming around and normally being part of our budget will be recomposed around. And of course, the last go around we proposed a budget for two consecutive quarters, but hopefully that doesn't diminish the amount of conversation had around the efficacy of our spending. And so I would encourage everyone to keep their eyes out for the operations report that we publish at the end of this month. Believe that the ones for February and January already available and those are logs of all the transactions, even the multi so and what they're what they're being used for. So when I heard I wanted to check that out and always open to criticism and feedback on the front on the design front red beans mentioned that were troubling. So I'll just briefly read the message they dropped in the our chat, which is that I believe they're sending most of their time on the world interface. So I'll just read this out. It's a getting excited thinking about what the U.S. should be for deploying, well, in particular the deployment design and deploy your own oracle. You're still thinking through the implementation that makes sense. The most sense to optimize around moving friction in deploying a well at the pump, being farms as designed while also making it easy to fork and tune the Oracle parameters and the design to scope up or down definitely makes minor UI changes to the use claimable assets flow to preserve view space and reduce clutter. I believe with the referring to in the last paragraph is the chain transactions together a UX in the end of the insight UI which we're hoping to ship in the near future. So I'll turn it over to you so that any updates you want to get on the engineering front? What's up everybody? Yes, a couple of things. So first of all, we got the report back from in about the state of wells. And so we've got to be having the state of sort of discussions and code to go through and get that all wrapped up. But overall, you know, had a great experience having having the code audited with them. And I feel like this code base in particular is in a pretty, pretty good spot. And so definitely we'll keep everybody posted on any changes we make. With with respect to that. The main other thing on on my end and for sort of the contract side of things is we're spending some time this week getting all of the active branches resolved on, on the Bienstock repository. So given that these branches have been in development for a while, there's a lot of changes come across a couple of different places that need to need to get all sort of merged together. And so we're we're spending some time on that. It's a pretty involved process. And so going to take a little bit of time. But once completed, it will be will be really great because it will allow us to keep using all the code that we've worked across, across all of the branches. And like, for example, some of that code is going to be used in the instance styles integration with Google. This has already begun work on. And then also just want to make sure we, you know, do this type of merging process safely, given how much, you know, have codes been changing. So that's that's the main focus on my side right now. And beyond that, I think the you know, it's it's, you know, pedal to the metal I guess, and all of the other aspects of front end and full stack engineering at this stage. Alex and Marshall have been working very hard on a well that's sort of the base for, for a while as you age, which is making significant progress. The insight as you're entering the end of his work on the claim to do X stuff after red beans is updates and his next task will be to implement the Dutch documentation on the lines for the sunrise that we should be coming out soon. And otherwise just, you know, continuing to move forward so that it's really specific questions. If folks well, anyone should feel free to unmute and interrupt me if you want to ask any questions or ask them in their driving under the bar chat as well. But otherwise we'll turn it over to see if they have anything that they wanted to to bring up. Nothing on this and in particular and this. And either you're just trying, you know, working with everyone, we may make sure all these agencies are, you know, going to be able to be deployed safely and securely, you know, focusing on routing up the last of the wells integration. On top of that. Great. So I think then I can move on to Jason's presentation. I know. I think you had initially reached out to Jason and their team. Do you want to set up a scene a little bit as to what what prompted your outreach and their offering and then we can turn it over to Jason. Sure. Thanks. Yeah. So as everybody is probably aware, whether financed or exploited for nearly $200 million a few weeks ago and they made significant progress on their recovery, they kind of went head on with an aggressive investigative approach. And that's how I discovered that analysis on Change team through actually a tweet from officers who knows where he initiated to the midst of recovery heard. And I saw analysis on Chad reply to one of his tweets and so I reached out to them going to Jason very good you know communication solid team and I asked them if they'd be interested in presenting on a Dow call for for the stock community to consider how their investigative services might be potentially helpful for, you know, reigniting the spark under the stock recovery effort, if you will. So, you know, Jason's here. And again, thank you, Jason, for making the time and I'll just turn it over to him. Awesome. Thank you. SINK Yeah, I'm out of the UK and right now it's sort of early evening and my kids have got a friend round. Yeah, I'm just at home at the minute because it's Yeah. Evening. But so I just want to apologize upfront if you hear any sort of background noise, if it gets you know to but I'll just pop on mute for a quick second. But yeah, I just want to say upfront, I apologize for, for that. I don't have a sound studio or, you know, soundproofing or anything like that. So apologies from. Yeah, I think just credit to yourself. I thought you represented the Beanstalk community really, really professionally in your approach and everything like that. So I just want to recognize that sometimes you can get, you know, people who have a real sense of entitlement come to a, you know, coming to approach you about particular topics. And that was like the complete opposite of what you did. He was really, really professional. It came across really nicely. So thanks for reaching out. So I guess, first of all, let me just give you a quick introduction into what we do and who we are and whatnot. So I'm in fact, it was just last week or the week before, I've just literally registered as a limited company here in the UK under Unchained International. You can look it up. You'll see me there as the officer in the company and this is on the back of 18 months of doing this. All day, every day in terms of the research, the analytics and the investigation side of things where where I stepped into Defi, it was like everyone was getting reported left, right and center and being fresh into the space. At the time, I could see a bunch of red flags that other people clearly could not see. And this is just looking at the contract, asking of questions and called for it because I was asking genuine questions right. But questions that nevertheless were uncovering some secrets that perhaps the team didn't want you to know. So I recognized this early on and from I think it was January 20, 22, So about 14, 15 months ago, something like that. I started a small community myself, literally started with 002 followers and all of that. And I just started posting the research that I did very objectively. I'm not interested in causing fraud. I'm not interested in, you know, emotional content. I really like it to be a it has a motive or not, right? Yes or no, black or white binary. So that's an ethos that I've carried all the way throughout and I've never done any marketing, never been paid for any marketing or anything like that. I've got real high sort of ethical models. And so that's led me to where I am today starting the company based on those morals. Now we will be changing the name as of next week. It will be intelligence on chain. I think, you know, we've got fellow Americans in the room. AOC doesn't quite sound too great and we certainly don't want any political affiliations or that, you know, to be perceived as any political affiliations. So we're rebranding just as we start to grow, really start to get some traction in the recent weeks. And, you know, I'm glad to be here communicating with you all. But I'm just it's always a shame when it's under these sorts of circumstances. Right. So I just want to want I would just say that and just reflect what you've been through. But I will say this as well. There's not many people that can go through like a, you know, what was it, a $74 million hack and still be here a year later. So five people and yeah, okay. So let's get into it in terms of what's on offer. So you probably know that this is a pretty complicated case in the fact that tornado cash is being used. Right. And this is this is something that's quite common, as you'll know. But you'll also know that tornado cash was shut down while at least it was what's the word I'm looking for anyway? You know, websites, not that you can still interact with a contract, so it's still there. It's still available to use, but you can interact with the website. Now, does that mean that you can't track things through tornado cash? It depends. It depends on a number of different variables. And one of the things that you got to look out for is pattern recognition. Now, what we do know from your particular hack is that, you know, you lost 24,849.1 F and that translated to around 247 transactions of 108 going into tornado cash. And so the pattern that we're looking on the withdrawal side of tornado cash is, again, 247 lots of 100 day transactions. The problem with that is you don't necessarily you can't necessarily guarantee that these things are going to come out into the same wallet. Right. They could be split amongst different wallets and and that poses a problem. So I'm just going to show my screen. I'm going to pull up some information just to, you know, take you through what I can see just off the cuff. And hopefully it'll just help you to understand the current position and what's required. I think, to get you into a position where you at least have an idea of where the funds may have gone. Right. And I don't think anyone can guarantee anything at this stage. You know, I think I'd be doing myself a disservice if I was to come here and say, Look, I can fix this for you. I can recover all of this. And actually, I think the chances of a recovery are pretty slim. And I'll explain why in just a second. But still, I think the fact that the sum of money is pretty large, $71 million at the time, obviously 24,000 or maybe 25,000, both, That is, I would say, if anything, your beacon of hope and it's at 247, lots of commodity transactions, that's what you really need to be looking for. So this is a this is a software that's called alchemy intelligence. Real great piece of kit. And in here is given a breakdown of the tornado cash 108 withdrawals. So so when funds go into tornado cash, they go into the router first and then the router splits them out into the right sort of amounts. So, like I'm telling you what, if whatever. Now what we can see is the current balance. You can see it's hundred and $73,000. And we know what's happened with the price of beef since then. I think at the time it was 2800, something like that. And what we're looking at here on the graph is on the 17th, which is just here. This is when obviously your hack took place right on the flashlight. So that big increase there, that is the attack on you guys. This is only the 100th. Okay. We know that there's another 1420 transactions and nine one is transactions. The truth is, those two and the point one, if they're going to be really hard to track just because the volumes of transactions and I'll show you exactly what the volume of transactions is. So the 100 ETH transactions I think is the key to all of this. You've got to go and figure out where or the possible locations where this may have come out. Any questions so far? Okay. QUESTION And but realize this is this is also not your product, but would be interesting to see a chart like this that is just that a number of ethe rather than the value. Yeah sure. But but no question so far. Yeah. I mean the number of ether right now today is 97,000. So you know, you're looking at I don't know what's that going to be. It's a quarter of if your funds are still in here, it's going to be like a quarter of the amount of that's in here. Right. So a couple of things I wanted to point out here is where we've got this big increase here, which is your particular hack, where if you've got a down sort of trend that obviously money being withdrawn from the protocol from trade or cash. Right. So all it needs to analyze in here, the increase is not finished quickly. Is that true, though? That does sort of I would assume, because given that is so important, voice is a little bit crack. But I was trying to ask, given that the y axis here is dollar value, can it that it increases in the charges due to the value dropping rather than more data withdrawals? Yeah, it could be, absolutely. The point is, though, you've got to go through and understand, right. You've got to go and look at the ether transactions and thankfully that that's all available and I'll come on to how we would do that in just a second because you won't be able to just go back and download all the CSP files from Etherscan. It's just too big is just too much data. So yeah, there will be some big slides, especially like when RTX, USB, T and all that sort of stuff happen. There will be a big declines in dollar value. So yes, you've got to go through and analyze the ETH transaction and it will be the ether that we're looking at coming out of tornado cash rather than the dollar value. So I'm looking at the dollar value right now, but this is just for demonstration purposes. Okay. So it's not the case that that's what we're going to be looking at. So one of the other tools with Arcam is you've got this here now I've tuned in to this is like a visualizer, right? So you've got Tony in cash right in the middle of the store, if you like. And then each of the addresses coming out, that's people withdrawing funds. Okay. And then the green lines represent a transaction. Okay. Now, if you look up here, what we've got is I'm showing a thousand of seven and a half thousand for this particular time frame here, which is between the month after this. So 16th of April through to May 19th. So in that time period alone, there are seven and a half thousand transactions with the total value. And again, this is dollar value of 1.3 billion. Okay. So that's why I'm saying this. There's a lot of information to go through. And then if I were to bring this slide all the way up till now, you'd be glad it's not exponential. But, you know, we're still at 2.8 billion in terms of volume and 22,000 transactions. So that's what you're up against. Now, I don't know exactly what work you've had done previously. I don't know if you had, and I know the likes of Chainalysis may have had a look and said that they were still the funds are still in here. I don't know when not was or anything like that, but I think, you know, you have to go back and just start start again. Essentially, I won't like to call somebody else's data without verifying it myself because you can miss some key information. Now, in terms of actually doing this, I think the the best method is we've got a partnership with a company who can run scripts on websites and we can pull huge amounts of data. And so for this one, so transactions, what we propose to do is basically sample all of that data from Etherscan looking for any particular wallets that are taking more than, say, 15 lots of transactions of 100 D And then what we've got to do is look at each one of them and subsequently find out where the funds are going to and do they link up with the remainder. So are you going to have one wallet that takes them all, all of the 274 lots of transactions, or are you going to have five or ten or 15 or 20? And so that's what you've got to do. You've got to try and map it all together like a spider's web and hopefully they all fall into the same place. Now, the difficulty with that is what happens if they don't? So, you know, it could be the case that the the exploiter has taken half of the value of, say, hundred and 23 lots of transactions and put it into a different call. And then the other half, maybe they've taken it out, maybe they've gone to a centralized exchange. So you don't know exactly what the the back end or the tornado cash looks like until you start digging. But you can see here with the volume of transactions that that's going to take time. And I think I think that that's going to be the biggest thing here is time is yeah, it's time. So to help with that, we've got a team of individuals. Obviously we can. It depends on what you guys want to do. If you know, if you wanted to work with us, I think we I don't think it's going to take a year. So I hear Chainalysis did a, you know, once a year retainer or something like that. I don't think you're going to need that. I think you're going to need something like 2 to 3 months to analyze this data, especially figuring out all of the transactions coming out. And then it's about analyzing it right? And for each of these circles that you see on the screen, plus the 21,000 that are hidden, we've got to try to map out where do they go and do they match up to your 247 lots of transactions. And we've got we've got people who have been doing this a long time that can help with that. But it really comes down to a cost. And unfortunately, on a case like this, I don't think it's the case that, you know, we would be prepared to do the work upfront for no return just because of the risk of, as you can see, just by what I'm showing on the screen, how big this haystack is, if we're looking at, you know, for the needle, so to speak, now, even if it's still in tornado cash, what we will then do is we have automation that allows us to alert to immediately in real time. So he's talking to me. We got automation. That alert says as soon as funds start leaving this address here, we can go and check it out real time. Okay. And it could be the same for any subsequent wallet as well. So let's say this one over here that's got a load of transactions we need to keep an eye on that. Well, we can automate the alerts for that and get that in real time. So basically, it's real time investigative work. So I think the at least for me, the sensible approach here would be grab the data, analyze what we've got, rule out wallets as well as I like the ones that we think may contain the funds from being sought. And then of those that stand out as being, you know, of particular interest, we will automate the notifications from then. And clearly if there's any links to any centralized exchanges, actually take it here. But even then, you still can't guarantee the return of all of the funds. But what I will say is that we've got a direct and indirect contacts with the FBI and the NCA, which is the UK version of it. So as soon as we get alerted or we are able to find information that may link to potential identifiable information, then obviously we can work with you guys and escalate that pretty quickly. Given the size of this one, it's no brainer that they would take that one. So I guess that said, I just wanted to highlight, you know, a couple of things that I've seen just at my initial look. We can see the transactions that it came in and you know, it came in from tornado cash, user snaps break, you know, the exploit I need to show you guys there. But the other thing that we'd typically like to do is look on these incoming transactions as well. The downside is there are only two lots of 100. But sometimes what tends to happen is these may have just been deposited and withdrawn straightaway. You do see that from time to time. We could quite quickly roll that out. But if it is the case, then clearly you can follow the deposit side back to wherever they came from. Unfortunately, they could be completely crazy. So the beauties of working with mixes, right, is they do make it really difficult, but it's not impossible, especially for the SMEs that, you know, it was stolen from, from being sold. So I think with, you know, I welcome any sort of questions. By the way, this is on a website. Feel free to go check it out on Channel International. I literally just last week just because we started a business and then has the business as well, that's me. I'm ashamed at my middle name by the way, my great grandad that work don't make fun of me. That. So that's it. That's why we're not That's, I think, the best plan that I can give you right now in terms of tracking these funds and Yeah, welcome. Any questions? Yeah. Anyone should feel free to unmute and speak up there if they. So please. So I'll just leave the flow again for a bit. Hi JPM, Thank you for the presentation. Can you tell us your estimate of the philosophy working so far? Do you think that's what caused the Dow? Yeah, I mean, I'm open to negotiations here. I think let's just say that first and foremost, right? The it depends on how flexible you guys want to be. If, for example, you think this is only a short term thing like a week or two weeks, right. We can accommodate that. There will be an upfront cost associated to that and it probably will be followed by an hourly cost per hour. You know, just for the first few weeks. I'm not sure that sensible in this case. I think 2 to 3 months would be sufficient. And and I'm thinking here full time is what's required. Right? So you get responses and get the analysis done really quickly. I think that's going to be of benefit. It's been long enough already and obviously there's a lot of transactions going through tornado cash each day. So I think with something like aa3 month contract, I would be looking for somewhere around 40 to 50000. And then if you're looking to get sort of a year's worth of contracts, I'd look to obviously provide a bigger discount somewhere in the region of 110,000, and that's full time investigative work, all the automation included and everything I've just spoken about as well. But then if you go obviously weekly or daily, obviously that cost is much smaller as an outlay. But if you do that over a long period of time, that's going to be significantly higher. It just depends on what suitable for you. I have no idea what your budget or anything like this is. Just, you know, something that I've been working through. Okay, I'm speaking here personally, so these are my thoughts. So how long will it take until we know if this is worth pursuing or not? Say, said a few months or maybe a year is your thinking when you say like a year is that we know, which I think is a year and also is a. So if we have if you have a year, the contract is what you're thinking is that we check if the money is still on tornado cash and then afterwards we'll be paying for you to continuously monitor it. Is that the same thing? I'm glad you brought that point up. Yeah. So thank you. So let's work off the assumption that there is 2 to 3 months required. Right. And that's to analyze everything that we're at today, including those 2000 transactions. Right. And however many wallets that is, if you get to a position where that's done by the hard work he's done, the rest of it is then left up to automation, which clearly wouldn't charge that much for. It's just about being on standby, right, if we get an alert. So the the initial those costs have you spoken about that's full time working on this, analyzing everything that comes through. If we get to a position after, say, two months where we're now just sat back and we're waiting for the automation to alert us, clearly that we can pro-rata things, I wouldn't want to charge you guys for the full three months, you know, if we've got a result pretty quickly. I'm flexible there and I'm pretty respectful of, you know, time that we put into it and and the cost that it will be to you guys as well. Now, at that point, the monthly cost is, I would say, minimal, probably 4000, 2000, something like that per month. Rhinoceroses continuously monitoring it 24 seven with alerts in place and things like that. And then obviously as soon as this we've had this with the recent case, soon as there is a movement, something that you suspect could be, you know, related to the case, then it's just a case of all hands on deck. And we can talk about the cost of that after. But again, I'll make some I'm open for negotiations, but I realize that this is is a just for the time element alone is a pretty big job. So yeah, I hope that answered your questions. Okay. And my last question is, how long do you estimate until you confirm that the funds are and through the cash of. So, for example, this is just me working on this, just one person I think you're talking I want to say at least two months is a lot of data to go through. Having said that, if we scalp all of that data from ETHERSCAN and it transpires that there is only a limited number of addresses that could have taken these funds, then clearly that shows things down. So I'm not interested in lock in a particular date in with you guys. Obviously the time requirements depends on the cost and obviously the longer that you want to work with us, more discount we can get. But it for me it could be two months. If I get three four of my guys working on this, you could have it, you know, in a few weeks, maybe. But the real truth is, I don't know. And until we start digging and I don't want to give any sort of false presumptions here or anything like that, these cases are pretty difficult to crack. AJP But we appreciate your candor on that front. Sorry. Thank. Hey, Yeah, thanks. Thanks, guys. Yeah. Jason, thank you again for the presentation. I'm just going to read off the question. Mr. Moss. Yes, in the bar, in your chat, can you run through what happens if the destination of funds is possibly detected? I know in our conversations you've mentioned that you know your firm and your team has contacts at various exchanges, etc.. So I think if you could probably give some clarity on what would happen if funds were detected, how your your team would be able to act in such a situation. Yeah, sure. So in that particular scenario, we basically become advisors, right? So we we can give you all the information that you need include full written reports and all the evidence documented which have been recognized prior already by the likes of Binance and FBI. So where these cases really need to start is where the local law enforcement. So that's the first thing. So I don't know whoever is at the helm of that would have to report something locally or, you know, a designated person. The team then assuming that person is American, obviously the FBI could then be contacted. The the FBI, we could get working on this pretty much straight away. The contacts that we have, I believe, are in Seattle and Chicago. And and so if you know, if whoever is at the helm of this, who wants to report this locally, depending on where their location is, depends on, you know, who they're going to communicate with in terms of their local FBI representative and so our full report will give you all of the information that you need to go to the FBI and we can communicate with the FBI alongside yourselves as well. So we're almost like partners there and we can answer any questions that they might they might may or may not have. And yes, but I propose that if that does become the case, we really need to batten down the hatches and remain completely silent publicly, because the moment that something gets out, you know, where the hackers potentially caught wind of where we're up to in terms of the investigation, then that could scope any sort of recovery efforts. So at that point, like we don't have cases as soon as we've got. In fact, we've always done it pretty privately, to be honest, with like, say, the leadership team. But at that point in particular, that's a really important time to stay quiet and just to work through it and validate everything that you've got, every piece of evidence that you've got, and make sure that that is absolutely nailed down so that you can just hand it over as a package to the FBI. And, you know, if the funds head out to the likes of Binance or Kucoin or whoever it is, you know, this is opportunities that, you know, they have and store things like IP addresses, obviously KYC, but we know KYC can be faked as well. So they have much more information than we have in terms of the exchange. They themselves will also work with the FBI. But I'm referencing Binance here, right? This could be any exchange Coinbase led it right. I'm just using it as an example. One of the issues that you may also come across is, well, what happened if they used something like a okay X or x, Y or z. So if you saw basically non KYC exchanges and that's a real risk as well, which you guys need to be prepared for. But even then, you know, even if funds go into a non KYC exchange and there is a friend that when he's got to go somewhere and we certainly won't be able to find that information out, but the law or the authorities, they will, especially for this amount of money. So imagine from a FBI perspective, right, they've got a $74 million. It's not worth it now. But at the time it said $4 million bank. With all of the evidence presented to them on a plate. You know, these guys will move pretty quick, I would say. But again, it depends on the evidence. And I'd hate I would hate to give any sort of false hopes. That is, there's still a lot of things you guys need to work through and and and get clarity on and and building out that evidence is going to be key, which is why I wouldn't want to start from somebody else's work and not want to start from from scratch with, you know, myself and and the if needed. So yeah, how about this question? Oh, great. That's very helpful. And I think that also provides some context and consideration of the order recovery and a lot of questions that and posed as a lot of the team has been kind of quiet despite a very successful recovery. They had to that that house connected us. Yeah I will say on I as well you know there's a lot of really smart people who helped I think think that we contributed as well as some information to you actually we looked to think that we was looking at necessary specific amount of transaction that came into flow, was able to identify some key component excuse me, coin finance. And I think there's one of the where it was, you know, with the very fixed story, very with a certain amount of ether that was coming in or whatever it was at the time, remember now. But, you know, when you start again, still thinking outside the box in terms of I mean, I look at investigations like almost where the hacker is looking at the code was the vulnerability. I mean, looking at the the blockchain and I'm looking at the different transactions that happened and I'm looking where the vulnerability, where going to be the, you know, key information, where does it come from that can help identify who or where the money goes to. The other thing is, you know, we've got a team of ethical hackers as well. We've got a pretty amazing team, actually. There. And who will be more than willing to help and maybe find that those things are in tornado cash or if we find that we have a particular wallet, there's obviously things you can do to. Well, there's a couple of different tactics, right? You can I know you guys worry been more than sort of accept I want to say acceptance is the wrong word. But, you know, you've put that big offer out there with the 40% to the, you know, the exploits are in the not return that back. So I don't think that's going to be an option. But if if some piece of information leads us to something like an IP address like I don't know the particular transaction that goes into an exchange, there's ways and means that we can use that information to try and and I mean this in a professional way, intimidate these people, right? So, you know, in a way that they they know that we know more about them than actually they perhaps thought as well. So there's a way to do it that way. But again, probably something right now, unfortunately, I can't sit here and say we're going to find an IP address or we're going to find personal information or exchange information. I just can't do it. I can't stand hear from people say that's that's what's going to happen. I just don't know. But what I do know is the data is there. The blockchain doesn't lie. And then if there is a vulnerability, we should be able to see that. And if there is vulnerability in terms of the exploit and where weapons have gone and things like that. Sorry, just clarify that. Yeah, we should be able to see that and we'll work with the team here to to work quietly, diligently to make sure that we can try to at least get something back. So are you guys focused on the withdraw side of the service or even if you were not working and if all of the positive came from? Yes. I mentioned earlier on, I don't know if you seen when I pulled up the chart. So mainly on the withdrawal side. Yes. The deposit service to transactions of 100 ether. And of course, we're going to check them out. That's that seems to be a sensible first place to start. The problem is. Well, actually, it depends what because there's only two it's kind of hard to say explicitly that it was a particular address, the deposit in the funds, whereas 247 is a different ballgame. There's not going to be many wallets that take out the 247. So yes, we will look at it. But again, I don't think we can promise anything. I think I think it was one transaction and one transaction 20. But if I'm not mistaken, it was my understanding also that there was only one wallet that had the deposited 101 ether in the month and a half prior to the exploit. Just put this up here. So this is what we're talking about, right? You've got two transactions here. Okay? You've got one that happened on the 15th at 1111 and then another one that happened on the 27th, 1127. This is where you took time, I think. But they all go into this wall and it goes through Synapse Bridge and then, you know, it is what it does. But yeah, there's two lots of two cash transactions that come in here. I mean, we even need to look at, you know, this wallet and see what what this is. Is there any more information this does anything else branch off here? So there's a lot of information to go through even before the hack as well. But like I mentioned earlier, we will be looking at this instance. There was only one this month. And if they had done done it does has it in terms of how that one one fits in one order. Do you have that address? Yeah. And did this kind of look and feel like just feeling. It's more to remind everyone that this this was recorded by Lost was they connected this wallet to the coin? So it seems like some kind of government funded crackdown. Excuse me, somebody of crack and funded the tornado cash, uh, to the 101. And the FBI already knows all this, and now we're waiting to hear back from that. So what is it that you're hoping to learn that would assist with that investigation beyond, you know, is the goal to have other exchange accounts that you're linking the attack to? You know, we're we're not we're we're not sure what more there is to do to assist law enforcement in the process other than having, you know, here's the account that it looks like funded the attack. So what is the work that you're hoping to get paid to actually do and what is the information that you want to uncover? Well, for me, as I mentioned before, I want to try and validate those claims. Again, it could be loss losses. You know, do not maybe the FBI vehicle information. That's okay. And all that would be would be a violation of I guess if you've already got that and you think that's a waste time, fine. You know, move on. I'm worried that might be a waste of time. We're asking what what you think is the value of your services, given that this information is about finding the information. Right, that links to a particular. What you are ideally looking for is links to centralized exchanges, as we already know, looking for. And so we believe we have one link. Is the goal to get other links or confirm that link? Yeah, other links. That's what I was saying in terms of the withdrawal side of things. Right. And let's say we find another link. Then what do we do? We report that other local law enforcement and then we wait again, or what can we hope to achieve with additional links. So what you're looking for is a common pattern of who the individuals are behind the links, you know, even the same. But how do we find out who the first? We don't know who the individual is behind the first link. That's the that's why the FBI step in. So if you're asking me to provide you names of I'm just trying to understand. So that's already where we are. We have a centralized exchange being provided to the FBI, and now we're waiting for we don't know exactly what. So are you suggesting that if we find additional links, that other centralized exchanges that that will help the FBI or what is the goal here? $100,000 is a lot of money at this point. Yeah, well, for a year. And I don't think you need a year, right. For one anyway. So. Yeah. What is the thing that you want the data to pay for? Look for me. I the particular work here that's required is to understand where the funds have gone. Now, where are the funds now? That's the question. The important thing is they may still be in tornado cash if they all are going to be close to sort of 50% of what's in there. If they're not, you need to know where they are. Right. So that if the FBI does have some money or at least their account frozen is that way they're going to offer them. I don't know. You don't know either until we look at it. And and so the risk is, even if that person gets caught, where the funds. So what? Well, I'm proposing is a way to look at and understand where these funds currently are through Pat and if that leads to decentralized exchanges, then so be it. Does that link to your original one? Maybe. Maybe not. There's a lot of unanswered questions here, and all I'm looking to do is maximize the information that you guys have that helped you to recover some of these funds. GPP You mentioned using some mechanisms before going in for more money. I am in the news today that we know that if there's someone potentially this in was from a G6, maybe you can get someone at the what you as a citizen and this nice target this for us the FBI don't talk to anyone besides the victims so they won't go there even even with our connections they will not give us an update on this particular case because we're not the victims. But they also don't talk to the victims. We've been interviewed by the FBI. They won't tell us anything. Okay. So it's but just to suggest that is like seems a little disingenuous anyway. Well, you're telling me you're proposing to the Dow that you're going to get us the information. Then we can show the FBI or tell the FBI, and then I will help them talk to us and explain to us what's going on. We've already done this and we now express that. We've already gone through that. We have exactly what you say. You're going to be looking for a connection to a centralized exchange. And now now someone in the down meeting saying, well, can you check up on that? You said, well, they'll only talk to you guys, but, you know, they don't talk to us. So it's hard to know what it is that we're supposed to be like hoping to gain from from this in particular. And frankly, we've dealt with a lot of, you know, we members of the Dow that have been dealing with the recovery effort over the past almost year have dealt with a lot of, you know, on chain security services that want to charge a lot of money to do this sort of an initial investigation when we already have people who have done this one investigation. We only have the thing that you're saying we should try to get. And so it's it's a little bit disingenuous to suggest that, oh, the thing that we only we talked to the FBI when we the victim talked to the FBI, then we would have the information that we need. So it's like, yeah, this not a fan of the way that that has been plot like we're out here and you know to your point not sure at what point you know that stuff had been discussed a lot of stuff had been discussing. It's a very long time. I don't think that it's new information for the Dow, but the the the point is, you know, that a lot of money has been stolen, but it doesn't mean that we should spend good money after bad and send, you know, I got to pay someone full time for three months to go get the information that we already have. From our perspective, you know, it's a it's very tricky because on the other hand, we would love nothing more than to have the funds recovered and to figure out who did this. You know, we see in the general chat, there are still people saying sounds like an inside job. And so obviously there is some benefit to everyone in finding out what happened and where the money is. And whether or not we can recover or not is a separate question. But it's like let's be rigorous about this. Getting an additional connection to another centralized exchange that then will go tell the FBI that will put us in exactly the same position that we are in right now. So, you know, really try to understand. I'm sorry for perhaps coming off too aggressively. JP, appreciate your candor very much, but try to respond with candor like what? What is it that we're hoping to gain here? It's still unclear to me. But for me, if you've already got the FBI involved and you've already begun to make changes, it's the right question to ask. You know, all the value can we have can we add, you know, your you said that that's some of the deposit side of tornado cash. Okay, That's fine. And perhaps because you've already got that information, you don't lose. Maybe just wait for the FBI to finish. And I'm okay with that as well. And by the way, I'm not suggesting that you guys need to take me up on anything. I just come here to try and help. Okay. But I'm not prepared to do anything but what I think is going to take a long time to withdraw, to look at these transactions that are being withdrawn from tornado cash in the excess of 22,000 of them just on 100 days. By the way, you know, I'm not prepared to put in the work with with the risk of, you know, no compensation for that. So and to be honest, I didn't know that you'd already got the FBI involved and things like that. So if you're already in that position, then perhaps you don't need me. Yeah, I just want to chime in here real quick. So, Jason, thank you for your presentation again. First, I want to say that I think part of it is cause the first time in our hearing and now that that there is a confirmed deposit from cracking, to my knowledge, I've never heard that before until this call. So that's helpful. That's clarifying. But, you know, I think an investigation doesn't start with the first deposit. You have to keep looking at where all this money is at right now and where it potentially could be going. And, you know, I invited Jason here to present because of the fact that, you know, the responsibility forms assistant and from Chainalysis from Lane analytics is that, you know they can dig in deeper without a recurring fee. That's just not even from my own experience. This is a career that would be open to, okay, everybody. So I just want to be clear what Jason is not an exclusive company When analytics and analysis or being something that they're not leading in the year without an ongoing trade and a formal arrangement with the project. So if you look at the estimated cost and I'm sure, Jason, if I were to proceed with this, you know, you say we're going to have to negotiate and I think be asking him would be more than welcome. We would consider doing analysis one on $300,000 for a one year retainer based off of the numbers that Jason has thrown out here during this call, his numbers seem to be a lot more digestible and at the cost of a lot of money and a lot of purposes, other things. And I think one more comments, $74 million and it's all people. I think people have a right to know more information on that, even if it doesn't mean anything. Give the community and give the user some closure. And if that's what the dominant stakeholders are open to, then that's why I invited Jason here. I'm not saying that we're going to get any money back or that we're going to pinpoint who that letter was. I think we owe it to everybody that was a part of this project before the escalate and suffered a big loss for me to at least try try to get some information, try to do something. If it costs 2 to 3 months, 30 or $40,000, whatever the arrangement is, I think that's a cost that is worth bearing, all else considered. And I see on behalf of many people that have spoken to that have sought to return this so give people closure does doesn't mean that we're very we're located at a serious investigation of closure and then say, hey, you know, we tried that's what this is all about. So today I want to thank you for coming on here and I want to thank you for your time. And I know this was like joining. So so I appreciate everybody's kind of like, you know, short notice comment on this session. And I hope that offers some clarity, Jason, as to why we invited you here. So thank you so much. Yeah, no problem. Thank you for the time today. Really appreciate it. And, you know, regardless of you know, if this if this comes to anything or not, you know, hang around. If you guys got any questions, you give me a general chance. Or if you just reach out to me and I'll see what I can do. Give me one more question. With regards to law enforcement, I just want to understand more from your experience that we need to resolve or, you know, there are other law enforcement agencies that kind of look up and what exactly do things look like? You know, they control what's going to blow the scene or what. Yeah. So basically what happens is it all starts with local law enforcement, right? So your local police, your local office, the town next to you, right? That's right. All starts with and then and to be honest, if you're in a position where you've got the document, which is like the the investigation package, you can essentially say to everyone in here in this whole discord, because they're all victims. Right. Or, you know, they told me it was all you can say to each one of them, go and escalate this to your local police authority. Now, here in the UK, what that means is you'd report to the police. We'd I've got contacts at the NCA unit and what they recommend is that you also reach out to we've got the FCA here in the UK, the financial conduct Authority and the serious fraud always. Oh I forgot the oh stands for serious fraud SFO. Anyway, I remember their stands for. So not only is it your place that's really important, obviously the FBI or whoever as well, but also any fraud related regulator. Three organizations as well. On top of that one that can be from any country. So you know, there's a spectrum in the UK that reports from. Yeah so anyway clearly the matter of well I say why not right. The worst that can happen is it gets turned out but if you've got $74 million it's been stolen and you're all victims of that, why wouldn't you. And if the. Yeah right. Maybe we're not going to get more information than what you've already got. I don't know. And I've said that all along. I've been really truthful about that. You know what it will what you will have is a full documentation if you don't already have it to go and talk to each one of these that I don't face in any country that anyone's at, whether it's, you know, Eastern or Western or whatever, it doesn't really matter in my eyes. You're all victims. And so I just say, why wouldn't you? Thank you, Jeff. Yeah, and efficient your responses. Yeah. I also just want to thank you for for coming in presenting to the Dow. I made an interesting point earlier about perhaps some of these discussions or processes not happening in public. Like ideally we could continue the conversation in the public discourse about what you suggest in terms of while striking up a deal or what do you mean sorry. Yeah. Where where would it be appropriate to finish the conversation on or I respect for specific question when you were referring earlier to what should be public, could you outline what exactly should be shared publicly? Absolutely. And yeah, let me just clarify here. So I did a case three weeks ago. We was in real time selecting a developer from a particular project who'd stolen $370,000, obviously small in this context, but was tracking in real time. So 20 47434 days, something like that. And the team was on that. Now, during that time we knew exactly what was looking for and we was waiting for that signal to be reached, for it was 13 sets of 100 BNP in that particular case and a particular pattern where hundred Bay would be sent back into tornado cash because that's exactly what it did coming in as well. Now when you have that kind of information. So the apologies about my dog, I need to take him for a walk. When you have that kind of information, what you don't want to do in that moment is show that the guy's just come out a tornado cash. And the reason for that is because, well, you know, if he was just going to go to Coinbase, for example, well, now you've just spooked them and now he's probably going to send it through the tornado cash again or send it into some defi or decentralized exchange. Right. So that's the risk if the actual details of the ongoing investigation. All right. In the open and to be honest, that's your call. If you want to share that, that's fine. I don't mind, but there's risks associated to that. Think that's a that type of context. So I know every 10 minutes or just one somebody cognizant of a particular but maybe a thank you and I can touch base out of this and I don't know I just wanted to say thank you very much for coming in presenting to this is a contract text. No problem. Yeah. Feel free to reach out. You should be able to describe my, you know, just kind of details and friend requests and then we can start chatting whether it's in group chat or I don't mind. Yeah. Thank you so much, JP. And I'm sure that you and Guy get connected, but the question, what's the outcome here? We're going to continue the conversation, but a decision will be made or not made. And will that decision be made as of now or just by some select people? I don't know. It's a good question. Yeah, I yeah, that's an the question at this point. I'll just say that depending on if and even if it if an arrangement were to be agreed upon, get a preliminary sentence, you know, depending on the budget, it could either be voted on by ABC or may require a dollar. Right. So the budget is the kind of the number we have to keep in mind here, given the dominance of the dominant earth. So, you know, well, I prefer to die on that. And, you know, you can we can talk to Jason about this and see where we're going to go from here. So but this was a very insightful call. I think we all learned a lot. Thanks for coming by. And I don't know. I mean, those are those, you know, it's like anyone anyone is not opposed to anything, anything. But otherwise, if they're qualifiers are out of farm, I would be happy to see AFC as to which path we should go down. I don't, I don't I don't have an answer. Every other economic book. So can we at least get to the spot where we know the cost of this thing that will form a decision? Any negotiations happen? You really think that we're going to get an answer on this? I'll feel like, you know, I didn't even want to ask. I didn't mean on this call. It's just meant as a next step of the process. Yeah. I mean, not going out the expecting. Sorry, I was going to ask a very reasonable I might add up. Yeah, I was just going to say the same thing. So we'll talk to Jason on that and we'll see where we go from here. So. Well, I'll keep everybody posted. I definitely will. But do my best to make sure everybody's aware of where things stand. Awesome. Appreciate it. Thank you. All right. Thanks, everyone. In an early next week.