ogle@cryptogle
TLDR: Across Protocol/Bridge ($ACX) team used secret votes to extract ~$23m from the Across DAO’s treasury for their own private company's benefit.
Background: I’ve many times posted about DAOs that are DAOs “in name only” - that is, organizations that pretend to be run by “the people” but where in reality all decisions are made by a very few select insiders, often team members. Across Protocol - although a relatively well-respected entity in the crypto space, backed by true chads and OGs - appears to be one such faux DAO.
Across is a crypto bridge that ostensibly runs on a DAO structure. The token holders of $ACX are led to believe that they are the stewards of the destiny of the protocol, and that those leading the project are acting to the benefit of the $ACX holders. However, if you look more closely at the governance proposals (and who votes on them, and how), it becomes clear that the DAO serves more to benefit Risk Labs, a separate for-profit company by the same team as Across, than it does to serve the Across DAO members themselves.
On information and belief, it seems the Across/Risk co-founders and insiders orchestrated governance proposals that let them secretly subvert the “democratic” process of the DAO, and extract ~$23m (at today’s value) from the treasury they were meant to protect. In doing so, they directly harm the current and future $ACX holders by creating significant amounts of potential future token sell pressure.
FYI/disclosures/disclaimer: Over the past few months I have spoken at length with Kevin Chan (Treasurer of Risk Labs) and Hart Lambur (CEO) about this upcoming post, both of whom were very responsive. I also spoke briefly with the head of marketing, James Richard Fry, to try to help coordinate their disclosure of what has happened, but he was almost completely unhelpful and was (at best) dismissive of the issues. My hope was that what I’d found on-chain was incorrect, but unfortunately it doesn't seem it was. I gave a lot of time to the Risk Labs / Across folks to let me know if any of my points were inaccurate and to let the public know about what they’d done themselves, but they decided not to do so, so unfortunately I’m having to spend my time writing this post. There is a non-zero chance that I've gotten something incorrect in this post - but I did as much due diligence as I reasonably could before going live with this information.
I currently hold a long position in $ACX, have done a very large OTC with the Across team before, and hold long positions in virtually all of Across’s competitors. So, in a sense, I’m “fudding my own bags.”
What Happened (Part 1): In October 2023, Across project lead Kevin Chan submitted a public proposal to the DAO requesting 100 million $ACX tokens, valued at around $15m at the time of this X post, to be transferred from the DAO to Risk Labs, the Across founders’ private, for-profit company. snapshot.org/#/acrossprotoc…
This proposal was framed as a strategic investment in the future of Across Protocol, and for those who worried what would happen with the massive amount of distributed tokens, the proposal explicitly stated that tokens won’t be sold for 2 years. The proposal did not guarantee the money would be used for Across, there were no formal agreements between the two companies, and in fact Risk Labs does or has worked on projects separate and apart from Across, such as Oval. But the Across DAO should pay for this work?
When the vote went live, it looked like it had a lot of DAO voter support - but this was illusory. On-chain analysis shows that the proposal was, in fact, being secretly pushed through by Kevin and his crew. While Kevin used his public “KevinChan.Lens” address to propose the grant itself, he cast a massive “yes” vote in secret from a separate wallet: maxodds.eth. The wallet was somewhat easily linked to his friendtech account, as well as to named addresses of family members of his.
Kevin didn’t act alone, though: it seems that several folks from the Risk Labs team worked together to vote this massive grant through. Another team member, Reinis FRP, also used millions of $ACX across several secret wallets to vote “yes” on the proposal. And the second largest voting wallet in the entire proposal, accounting for almost 14% of the total vote, was initially funded by Hart Lambur, who founded both Risk Labs and Across.
So, it seems the team made a proposal for a huge treasury grant “in the open,” then used a web of hidden, insider-controlled addresses to make it look like there was “community approval” for the vote to pass. It looks like a staged vote, orchestrated by insiders, to benefit their private business to the tune of tens of millions of dollars.
What Happened (Part 2): A little less than a year later, and after the first vote went through without consequence, the team came back for even more money.
This time, they asked the DAO for “retroactive funding” of 50m $ACX, worth $7.5m at the time of this post. And once again, Kevin’s secret wallets did much of the heavy lifting: maxodds.eth and a new wallet funded by it contributed 44% of the total “yes” votes.
There was more to this second proposal that was problematic, though. In the discussion forums for the new grant, the team said they had been selling token options agreements (in simple terms: selling the rights to the tokens) from the first proposal to “strategic investors.” If you remember, the first proposal clearly said there would not be any selling done for 2 years - and it was on this basis that supposedly the community (although in reality the leadership) had made the initial grant.
And one more thing of note: had the team not voted on this proposal, it wouldn't have reached quorum - meaning that it wouldn't have had enough votes to pass at all.
Why It Matters: In any other industry - be it publicly traded companies, non-profits, governments, whatever - there are strict rules against what’s called “self-dealing,” and others that tell us how we should act to prevent other breaches of duty.
These ethical and legal guidelines have been established for a few hundred years in order to prevent the erosion of trust in the entities that have outsize influence on our lives. In government, politicians are supposed to not vote on laws they will personally benefit from, or if they do, they have to do full disclosure. In business, if an insider of a publicly traded company is selling their shares or there is an arms-length deal that will benefit them, this has to be disclosed to the public. Even in non-profits, there’s a concept called “private inurement” where a non-profit can lose its tax-exempt status if its board members use the funds of the non-profit to benefit insiders without disclosure.
The goal of a DAO is to mitigate principal-agent issues - so if one or a few voters who are also management are able to pass a proposal that benefits themselves elsewhere, then it goes against the principle of DAO governance in the first place. If they do it surreptitiously, secretly, in my view this shows us that the purpose was to mislead the public, which is a far worse violation of ethics, and maybe laws. Otherwise why not disclose the conflicts of interest, and/or use wallets everyone knows are yours to do the voting?
More directly, the extraction of these $ACX tokens directly harms the current and future holders by not only draining the treasury, but also creating significant future potential sell pressure during the “unlocks.”
Final Thoughts: If the team members of crypto protocols feel they absolutely must vote on their own proposals to siphon funds from the public to their own private businesses, at the very least they should provide clear disclosure statements saying so, such as: “the team will be voting for this, and they are benefited personally by the $x that is being asked for. There is no guarantee that the team will do anything at all on behalf of the DAO, there are no agreements in place saying so and won't be, and the team will be voting affirmatively for this proposal with their own personal wallets.” Then, at least, the public can know that there are conflicts of interest, and vote/sell/buy their tokens accordingly.
But really, team members just shouldn't be voting on their own DAO proposals, and should exercise good governance, as has been done across the world for hundreds of years, to eliminate even the perception of bad faith and/or self-dealing.
Almost all DAOs in crypto are total scams or at least facades. Frankly, I think that the “insider” threat to investors in crypto is quite a bit larger than the threat of the “outsiders” (hackers etc) who I usually work to recover money from. We can do better, and should, if we want to be taken seriously as an industry. Until then, if you yourself are running a project and thinking about doing some underhanded activities, remember: the blockchain is forever. 🙂
