Some $16 million in cryptocurrency was pilfered in an exploit of a decentralized finance (DeFi) protocol last week, and the victims believe they know exactly who did it.
Despite threats from the team, however, the alleged attacker – a Canadian teenaged graduate student – is refusing to return the funds, potentially setting the stage for a groundbreaking legal confrontation.
On one side of the conflict is a child math prodigy and an outspoken champion of DeFi’s self-regulating “code is law” ethos. On the other, a pair of DeFi developers and their advisers who felt forced to make an unprecedented series of troubling ethical choices on behalf of a DAO community.
At stake in the fight are a number of thorny issues that have so far been successfully obscured by DeFi’s explosive growth: What is the role of law enforcement in an unregulated $220 billion sector? When, if at all, should the gendarmes be summoned? And, most importantly, is the notion of “code is law” sufficient to grapple with all of DeFi’s ethical complexities?
An analysis from exploit-focused publication Rekt shows the error was in fact an attack launched from an Ethereum address funded by privacy mixer Tornado Cash. From that address, an attacker used flash loans to knock the balance of the pools out of kilter and buy out component assets at a heavily discounted rate.
In the days since, the Indexed team and an ad-hoc “war room” of industry experts convened to mitigate the damage and gather information. And in the course of their investigation they believe they have found the attacker’s real-world identity: It’s an 18-year-old mathematics prodigy who goes by “Andy.”
Both the Indexed core team and DeFi community members who claim to have spoken with Andy say that he has refused to return the funds, and that he intends to face any criminal charges resulting from his exploit in court – arguing that he simply executed a fully legal arbitrage trade.
A tweet thread from an account claiming to belong to Andy thanked well-wishers for their comments over the past week and asked for lawyer recommendations on Thursday. Likewise, in an email exchange with CoinDesk, Andy did not confirm he had conducted the attack, but did say that he was seeking legal counsel. (Andy has since stopped returning CoinDesk’s emails, though other attempts have been made to contact him.)
If the case does go before a judge, it could be a test of “code is law” – a popular phrase in DeFi circles referring to a common mindset. In the absence of regulation, the thinking goes, the DeFi ecosystem is purely adversarial and anything permissible by code is also by nature ethically permissable. Where one man might see an exploit, another may just see “crypto trading.”
A number of legal experts who spoke to CoinDesk dismissed this notion, however, and said that while a case might be complex and perhaps novel, a court will not necessarily cede to DeFi’s unofficial ethos.
Shortly after the attack was discovered, the core Indexed team found a number of clues leading them to believe that they had identified the hacker: a young developer who had been speaking with team member Laurence Day for months.
“It was perfectly affable, friendly, smiles, lots of emojis. A perfectly normal dude,” Day said of Andy in an interview with CoinDesk.
While Day did not write the code for the protocol, he maintains it and, as a result, “understands it pretty deeply.”
“I don’t feel like I got catfished or something because I was discussing information that was publicly available, but this did take me by surprise,” Day added.
Once they had a suspect, the team assembled its online “war room.” Members included Curve contributor Julien Bouteloup, Rotki founder Lefteris Karapetsas and pseudonymous Yearn.Finance core contributor “Banteg,” among others.
In an interview with CoinDesk, Banteg said the decision to join the war room was an easy one.
“I don’t turn these invitations down because I know how it feels when you find yourself in a situation like this, and I believe I can provide meaningful support and the needed outside perspective to help handle it gracefully and avoid stupid mistakes caused by stress no human should endure alone,” Banteg said.
Once the team had information on the attacker, they decided to issue an ultimatum: Return the funds or be reported to law enforcement authorities.
In the past, threats of doxxing have proven to be effective. Following a $3 million exploit of a non-fungible token (NFT) drop in September, developers successfully intimidated the attacker into returning the stolen funds after, among other negotiation tactics, ordering miso soup to the attacker’s house.
Actually following through with the threat is perhaps novel, however, and the decision prompted significant internal debate among the team.
According to core Indexed contributor Dillon Kellar, the nature of Indexed’s DAO structure played heavily into the team’s thinking.
“Once he made it clear that he’s not gonna give up, that he doesn’t care we’ve found this damning evidence on him, at that point we had a difficult decision because if we just go to law enforcement, if we keep that information to ourselves, we’re effectively taking ownership of the situation ourselves, and we couldn’t do that,” Kellar said.
Other DAO members may wish to individually or collectively pursue remuneration in civil court, and if core team members withheld Andy’s personal information, it could prevent them from doing so – ultimately prompting a moral argument in favor of doxxing.
“We’re not comfortable with the idea of publicly doxxing, but Indexed is not a legal entity – it’s a DAO. And Dillon and I don’t have the right to solely own this information, or to take ownership of the legal battle. This is a cornered response,” said Day.
Banteg likewise expressed discomfort with the decision, but backed going forward with it.
“It’s unprecedented. Ethics-wise, as you can imagine, all this feels quite uneasy. I believe Indexed gave the hacker more than enough ways out, but he thinks he’s invincible.”
In the end, the war room had a full consensus.
“There’s no one in the room that’s given serious pushback to the route that’s been taken. We know we’ve done everything we can,” said Day. “I don’t care for the edgelords and the frogs. Anyone who has something valuable to say on this is with us.”
However, as the team’s deadline passed with no word from Andy, Banteg made a surprise discovery: The attacker isn’t just “immensely talented” – at just 18 years old, he’s a teenage genius.
According to a cached version of his now-defunct personal website, Andy will soon complete his master’s degree in applied mathematics from the University of Waterloo in Ontario (also Ethereum co-founder Vitalik Buterin’s alma mater); he has authored papers on smooth Schubert varieties and Riemann spheres, among other complex subjects; and according to a 2016 article from Canada’s Globe and Mail, he completed high-school math at just 13 years old.
His online presence also indicates a vainglorious streak. On a Wikipedia forum in 2016, Andy referred to himself as an “expert in mathematics and theoretical physics.” He even entered himself in a game show wiki as a “notable mathematician.”
The claim is now a “dark joke” in the Indexed war room, Day said: He’s become exactly that, though not for his scholarship.
“I guess he out-manifested all of us,” Day added.
This discovery presented the war room with yet another ethical conundrum, as many felt that reporting a teenager carried additional weight. The new information prevented them from “dropping the hammer” immediately, as Kellar put it.
“I taught computer science and I never had someone quite of Andy’s level, but I know the type. When you’re this particular type of person – look, 18 is a man in the eyes of the law, but mentally you’re still a child,” said Day. “I don’t know if that comes off as denigrating to him or whether I’m sounding excessively sympathetic, but I think this is a case of vast, vast skill at the expense of almost everything else.”
Likewise, Jason Gottlieb of U.S. law firm Morrison Cohen framed the situation in paternalistic terms. Gottlieb was retained by Day and Kellar to represent Indexed in reporting the crimes to law enforcement.
“I think the fact that he is only 18 is something that could be some cause for empathy. I have a son who is close to that age, so from a dad’s viewpoint I have some empathy, knowing that teenagers can do stupid things. I know I did stupid things as a teenager,” said Gottlieb.
However, the new information led the team to new leads, including the discovery that Andy had allegedly been frequenting extremist circles online. During the investigation the team found he was part of a data leak from a web service hosting alt-right communities.
There are also a host of other clues suggesting hateful ideologies: the calldata for Andy’s attack included a racial slur; the attacking Ethereum address starts with “BA5Ed1488,” a numerological reference to a neo-Nazi slogan; a bizarre tweet thread from ZetaZero included bracketing certain words in triple brackets, a popular anti-Semitic dog whistle.
Additionally, the ZetaZero account recently retweeted a post referring to Andy as “the Dylan Roof of Balancer pools,” a reference to a white supremacist terrorist who killed nine black churchgoers in 2015.
While members of the war room said they could not identify a particular moment where they made the firm decision to release Andy’s information despite his age, the ties to extremism played into their thinking.
“The frustrating thing is, until he had made all these ugly parts of himself known – the white supremacy, the anti-Semitism, the general, unbearable dickish nature of him – if he had returned 90% and kept a bounty, we would have at least asked him to audit code. And had he disclosed this stuff with us, we would have given him $50K to $100K and had him join the team in a heartbeat,” said Day.
Kellar also said that age alone could not distract from the gravity of Andy’s actions.
“For a regular 18-year-old, I would have concerns about releasing his information. And it’s not to say I still don’t, but the fact is he’s a very advanced 18-year-old. He has a master’s degree. He finished high school at 13. And he has taken the action of stealing $16 million. And if he’s going to be adult enough to do those things, he’s adult enough to face the legal consequences,” said Kellar.
In the eyes of some members of the DeFi community, however, Andy didn’t steal anything at all.
A popular rallying cry for many DeFi die-hards is “code is law,” often derisively referred to as “codeslaw.” This view, perhaps best elucidated in an essay by pseudonymous e-Girl Capital intern “Odette,” holds that there is no such thing as a “hack” or a “rug pull” in DeFi, and that it’s the responsibility of each actor to thoroughly vet all on-chain actions – if you lose money to a hack or a faulty contract, it’s on you.
Because all information is freely available on-chain and actions on-chain are immutable, DeFi is ultimately then a self-contained and deterministic environment operating outside of normal regulatory and ethical parameters, or so the thinking goes.
Day worries that a faction of the DeFi community who believes in code is law is now egging Andy on.
“I think he’s listening to a legion of frogs. They’re calling him based, and asking him for money, and hailing him as a hero,” he said.
Admirers flocking to successful hackers isn’t unusual. In the wake of the $613 million Poly Network hack, panhandlers and admirers used messages on the Ethereum network to cheer the culprit on.
However, in practice, the notion of “code is law” may have already been disproven.
“Frankly, it’s tiring,” Lefteris Karapetsas told CoinDesk. “We had this fight five years ago.”
Back in 2016, Karapetsas was the technical lead for Slock.it, a startup that spearheaded The DAO – a notorious early investment experiment whose failure led to a chain split that led to the creation of Ethereum Classic.
“The ‘code is law’ version of Ethereum was born out of that. It’s called ETC and it still exists. The coleslaw proponents can just go play there,” Karapetsas said.
The current, canonical Ethereum chain is the result of the community reaching social consensus to effectively “undo” The DAO hack rather than let code be fully deterministic – and that’s a good thing, according to Karapetsas.
Read more: The DAO Hack Is Still a Mystery
“No builder in this space in their right mind believes that code is law. It’s just a meme that is perpetuated by anon on-lookers who just like to see chaos unfold,” he said.
He added that if the community were to embrace such principles, the end result would quickly turn dystopian.
“If code was law then this field would just be a playground for hackers who will be continuously trying to steal funds out of protocols. They would be eponymous and idolized. While the users would be blamed for ‘not reading the code well enough.’ Which is essentially what every coleslaw proponent says,” he said.
The question now turns to whether “code is law” will hold up in a court of law.
Gottlieb confirmed to CoinDesk that he has turned over all relevant information to multiple law enforcement agencies, but declined to specify which ones.
While it’s an open question as to if those agencies will have the technical expertise to analyze the case and issue an arrest warrant, Gottlieb suggested they’re further along than some DeFi-natives might think.
“I wouldn’t assume that the authorities are not familiar with these sorts of things,” he said. “I’ve already reached out to contacts that I have in various agencies in law enforcement, and there are folks in law enforcement who deal with cryptocurrency hacks and thefts.”
Gottlieb noted that the individuals he’s spoken to are “very sophisticated” in their understanding of the space and that they are “interested” in the case.
Regardless of whether he’s arrested, Andy may also have grounds to file counter-charges.
Matt Burgoyne, a securities and crypto lawyer at Canadian firm McLeod Law LLP, said that even before the case gets before a judge there could already be complications. Burgoyne told CoinDesk he is not representing Andy.
“Doxxing can be illegal in Canada and the extent of legal consequences depends on the circumstances. Doxxing can give rise to charges of criminal harassment, invasion of privacy and stalking. I don’t believe this will go to court and if it did, I’m sure there would be damages on both sides,” he said.
Erich Dylus, a legal engineer for the oracle network API3, voiced personal discomfort with doxxing and also said it may lead to counter-charges.
“I think public doxxing can be extremely dangerous and often leads to undesirable misplaced vigilantism or trial by public opinion. Not to mention potentially opening avenues of liability for the doxxers,” he said.
In a tweet on Thursday, Kellar said Andy and his family have been receiving threats, and called on the community cease with the abuse and to pursue other “legal remedies.”
Stealing from the collection plate
Once these grievances have been parsed, however, the question then turns to whether a court can grapple with the complexity of weighted automated market makers (AMM), flash loans and so-called “economic exploits.”
Geoff Costeloe, an associate at Canadian firm Lindsey MacCarthy LLP and LexDAO member, said that Indexed’s DAO structure could lead to hiccups.
“I’m going to be following the recovery side of the matter,” he said. “Because Indexed is a decentralized DAO, I am curious to see how they file their claim and how they describe their relation to the protocol and other DAO members. Will they say it is a partnership or a corporation? Or will they say they are individuals?”
Gottlieb, the Indexed lawyer, brushed these concerns aside. He compared the exploit to a church congregation which had raised funds for some cause: if stolen, it’s no less of a crime just because it would be difficult to track precisely who owned what at a specific time.
Of the half-dozen lawyers CoinDesk spoke to, all agreed that while the potential case may seem as if it will set a number of precedents at first blush, the reality is that a court will likely evaluate the exploit in simple terms.
Crypto attorney Stephen Palley warned that if the case does make it to court, it could be a moment that definitively ends DeFi’s fanciful notions of self-regulation.
“It’s the height of stupidity to say ‘code is law’ in this situation. It’s a magical incantation that means nothing,” the Anderson Kill lawyer told CoinDesk.
“There’s nothing terribly new here,” he added. “Old wine, new bottles; self-serving human greed. Is robbing a bank an ‘economic exploit?’ Saying that is frigging stupid. There’s nothing about this, if handled properly, that is groundbreaking precedent.”
Multiple lawyers and Indexed core team members pointed in particular towards signs of Andy’s intent that might erode his defense.
“This wasn’t some case where there was a contract that just had a simple mistake, what some people are calling an economic exploit,” said Kellar, the Indexed core team member. “He didn’t pull a lever that spit out too many coins, it was a sophisticated attack that exploited a very specific vulnerability that nobody found for a year.””
A sequence of actions leading into the attack will undermine any attempt by Andy to frame the exploit as a “happy accident,” Kellar added.
“If a [bank] teller or system makes an error and someone gets unjustly enriched, that certainly doesn’t impose criminal sanctions on the individual who received a boon,” said Costeloe, the MacCarthy LLP lawyer. “They may have been unjustly enriched but they were also innocently enriched, with no intention on their part. The situation with Indexed is a bit different than that because the hacker wrote code and attacked the protocol in a way that shows clear intent to enrich him or herself.”
In the end, multiple lawyers dismissed the “code is law” argument, referring to it as “delusion” and holding it as “delusional.”
On Thursday morning, Andy’s alleged ZetaZero Twitter account posted a short thread in which he framed the forthcoming legal battle as a “duel.”
Despite the seeming inertia tilting towards a legal confrontation, both Gottlieb and Palley noted that if Andy were to return the funds there’s a chance the incident might not have to be litigated.
Palley said that returning the funds “doesn’t undo the crime,” but it could lead a prosecutor to decline to pursue charges.
The core Indexed team, however, has reached a point of “grim determination,” according to Day.
“I’ve had the time to process all of this now, and there’s going to me a maelstrom that kicks up on Twitter, but on the balance of things I know this was the right thing to do. Dillon [Kellar] and I will be pariahs in parts of the space now, but it was the right thing to do,” he said of doxxing Andy.
Kellar made it clear that they’re also viewing court as an increasingly likely outcome.
“Some people have said he might move to Venezuela or some place without extradition – I don’t think that will happen. It really seems like he wants this to be a precedent-building case, so if he doesn’t returns the funds I expect this to go to court,” said Kellar.
“He’s trying to stamp his name in history, and he’s going to get it, but ruinously so,” said Day. “It’s a little bit heartbreaking. A colossal waste of talent, time and money. And for what? I just want to say to him, ‘God damn it, Andy, why have you made us do this?’”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.