blocksec

The following are two *preliminary* findings regarding the flow of @globiance's XDC. Much more work remains to be done. A conclusive, complete analysis will take time. This isn’t that. But it is a start. 1/n

@nXPEB1FZ5aRfI1B 1) On chain analysis is complete. So not sure what you’re asking for… 2) Legal action can only be initiated by victims. XinFin isn’t a victim. It’s up to you to initiate. 3) Atul never once said he doesn’t intend to help.

@chiiiisensei No, of course not. I meant what I said. Based on your question about the safety of XDC staked in nodes, you don’t seem to know what crypto is - i.e, what a validator node is or what Globiance did with their validator nodes.

When you say “what crypto is,” are you suggesting that scamming is acceptable just because it’s crypto? I can’t agree with that at all. I once served as Head of APAC and Head of Institutional Liquidity at the XDC Network. A&R hired me as a trade-finance expert, not a crypto expert. So I'm not fully aware of the crypto industry, but the idea that “fraud is part of the industry” is unacceptable to me, especially as someone who was asked by both A&R and SBI to promote XDC to institutional and retail investors. No. I know how competent and principled A&R are. Even now, they’ve gone above and beyond—setting up a rescue fund and doing everything possible to protect the ecosystem. I respect that deeply, and I appreciate you supporting them. Which is why it’s disappointing to see so little support around them. It also raises a real question: what are the SBI XDC representatives doing? Investor communication in APAC—especially Japan—should be their job. Even if the issue started with Globiance, Japanese users holding XDC through SBI VCT naturally have concerns.

確かSBIもXDCのノードを持っていた気がするのですが、私のSBIVCTに預けてあるXDCは大丈夫と言う理解で良いのでしょうかね。大丈夫じゃないとは言わせませんけれど。

This is very clarifying, thank you @11ppm11 So, let me just zero in on what I think is the key assumption you’re making, which is this: “Given that it has been discussed in contexts such as “KYC-enabled,” “regulatory compliance,” and “financial institution readiness,” I believe it was reasonable for ordinary investors and participants to expect that at least high-risk actors were not being accepted without review or limitation, and that some level of prior screening and governance was functioning.” This assumption is mistaken for a number of reasons. 1) Above all, KYC is not a background check. It’s simply identify confirmation. That’s all. This is what’s causing confusion here. When you KYC at Binance, for example, they don’t run background checks on you. They simply confirm you are who you say you are. Same here. KYC is in no way an endorsement of someone’s trustworthiness or lawfulness - it’s confirmation of identity, nothing more, nothing less. 2) Even assuming for the sake of argument that XDC did run privacy violating and highly intrusive background checks on all node holders (more on the absurdity of that in a moment…), that a) wouldn’t have prevented someone like Oliver from operating nodes. What had he done that would have prohibited him from running a node? He’s just a bald German guy. Why can’t bald German guys who’ve committed no financial crimes spin up nodes? And even if b) it magically prevented anyone with a remotely checkered past from running a node, it wouldn’t prevent people with squeaky clean histories from making mistakes or doing something criminal, as happens all the time. 3) Anyway, XDC doesn’t run background checks before approving validators, and that’s because no public blockchain on earth can/should run background checks before approving validators. Among other things, who would get to decide who can/can’t run a node? Allowing anyone to decide that would defeat the whole purpose of a public blockchain and render it valueless. It’d be a permissioned, private network in that case without any value because it’d be the plaything of the centralized authority, whoever that is. 4) Now you’re quite right that XDC’s KYC is relevant to “regulatory compliance” and “financial institution readiness,” but not because KYC excludes “high risk” individuals (however that’s defined). It’s relevant because it allows regulatory bodies to quickly identify node holders in the event of criminal conduct. They’re not anonymous. That’s all. TL;DR: So, in sum, KYC has an industry standard, clear, and specific meaning. It doesn’t mean what you said above. Nor could it, in the context of a public blockchain. Someone could rob a bank and then spin up a node tomorrow - and that’s how it should and must be.

First, I would like to make one point absolutely clear: I have never claimed that the existence of KYC means that funds are “guaranteed forever,” nor that the return of funds or permanent ownership is guaranteed. In this regard, I feel that my position may have been misunderstood. What I am questioning is not whether KYC itself constitutes a guarantee of funds, but rather what kind of reasonable expectations and trust were formed as a result of introducing KYC and emphasizing it externally. Given that it has been discussed in contexts such as “KYC-enabled,” “regulatory compliance,” and “financial institution readiness,” I believe it was reasonable for ordinary investors and participants to expect that at least high-risk actors were not being accepted without review or limitation, and that some level of prior screening and governance was functioning. Accordingly, my point is not that funds should have been guaranteed, but whether, once KYC and governance were presented as core features, the actual practices, operations, and the handling of accountability when problems arose were consistent with the expectations that had been formed. If there was a gap, then this should be understood not as a technical design issue, but as a matter of governance and accountability. On that basis, I believe that the question of whether compensation should be provided is not for investors or users to decide, but falls within the domain of XinFin’s own management judgment. The appropriateness and scope of any compensation should be determined by the party that promoted KYC and governance, based on its own assessment of responsibility and risk, rather than being assumed as automatic or, conversely, dismissed outright by external parties. In that context, the fact that Atul prepared a rescue fund itself suggests that this issue could not be addressed purely as a matter of individual responsibility, and that XinFin recognized it as a matter requiring consideration from a governance perspective. Conversely, if one truly believes that XinFin bears no responsibility at all, I personally think it might have been more appropriate, from a long-term perspective, not to establish a rescue fund. If there were absolutely no responsibility, then creating a compensatory framework could itself risk sending misleading signals or setting problematic precedents for the future. With that in mind, how do you view this issue? Do your views align with Atul’s, or do they differ?

So 1a) What in your opinion is the nature of the “broader assurances” “reasonably inferred” by anyone in this case? 1b) What would they be exactly? And 2) how would anyone reasonably infer that the existence of KYC for nodes guarantees their funds would indeed be theirs forever, even after they transferred them to a wallet they don’t control?

@oeeeeup Specifically the guy who threatened me, but more generally those who’ve lashed out at the people doing everything in their power to help, like @B3lle888

この発言は、私人としてのものなのか、それとも XDC／レスキューファンドを代表する公的な立場でのものなのか。 責任の所在を明らかにしないまま進むプロジェクトからは、相変わらず @XDCNetwork のガバナンスの脆弱さがうかがえる。 #globiance @atulkhekade @riteshkakkad @AndreCasterman