12199 | Recovery of Misappropriated Funds

Source from:

• https://station.terraclassic.community/proposal/columbus-5/12199
• https://discourse.luncgoblins.com/t/recovery-of-misappropriated-funds-from-converter-contract-exploit-and-allocation-to-terra-classic-community-pool-with-15-finder-s-fee/221

Recovery of Misappropriated Funds from Converter Contract Exploit and Allocation to Terra Classic Community Pool with 15% Finder’s Fee

Summary

This text proposal signals community support for the recovery of approximately 1,785.93 webETH (equivalent to ETH on the Ethereum mainnet, valued at roughly $6.68 million at the time of transfer) that were illegitimately extracted from the Terra Classic converter contract (terra1emvfel8x7wmvkwjfq3jpa6sq4nsfjjqjm7ucnl) through an unauthorized migration and subsequent Wormhole bridge transfer. Upon successful recovery, 15% of the funds will be allocated as a finder’s fee to the discoverers “$KNEEL Team 6” who identified the exploit and will lead the decentralized recovery efforts. The remaining 85% will be returned to the Terra Classic community pool to benefit the ecosystem. The proposer, who assisted in drafting this proposal, will provide oversight to ensure transparency throughout the process.

Motivation

The Terra Classic converter contract is designed to facilitate the conversion and burning of bETH in exchange for releasing locked webETH, supporting the network’s bridging functionality. However, a series of transactions exploited a vulnerability in the contract’s migration process, resulting in the unauthorized transfer of significant assets out of the network. This incident represents a loss to the Terra Classic community and undermines trust in the protocol’s security.

Recovering these funds will restore substantial value to the community pool, enabling critical investments to maintain and enhance Terra Classic as a robust Layer 1 blockchain. These funds can support essential activities such as core protocol development, node infrastructure maintenance, validator incentives, security audits, cross-chain interoperability enhancements, and community-driven initiatives approved via governance. The 15% finder’s fee incentivizes the discovery and resolution of such issues in a decentralized manner, aligning with blockchain principles of community-driven accountability. The discoverer will oversee the recovery process without requesting upfront funds from the pool, ensuring no additional burden on the community, while the proposer ensures transparency through oversight.

Proposal Details

Background on the Exploit

The exploit occurred through the following sequence of transactions on Terra Classic:

1. Store Code (Transaction: 884DD10DF19B4D0A3B7F02A03644C88DFF9A86B0623D2A1EF60633ADEBD2DFDA)
   Date: June 18, 2025 This transaction uploaded new contract code under ID 10150, which included a malicious migration handler capable of arbitrary state changes, including extracting balances.
2. Authorization (Transaction: 341A8FFEF05832CF9F03688F25254B56108915412D8339175F2AABC6ED2EBAAF)
   Date: July 1, 2025
   This granted indefinite migration execution rights to the grantee address (terra12jpf48ctwyfv05qr5q4knvvcua38vqq64ql4m8) on behalf of the granter (terra1gufrav46pnpwf03yu7xz76ylkmatsxtplrxnmc), the owner of the converter contract.
3. Migration (Transaction: 6F32E7899E9F44AED86F3CD7D98FF5909F260FDCF9304E45F30968FF1A868AB9)
   Date: July 2, 2025
   The grantee executed the migration to code ID 10150, triggering the handler to transfer 1,786.02980355 webETH from the converter contract to the granter. This action deviated from the contract’s intended behavior of burning bETH to release webETH.
4. Wormhole Transfer (Transaction: 1A329188F31068BCEABA350D671823F5FBDEAF0C9BB900EAAEA2BCEEFC735EFC)
   Date: July 2, 2025
   This initiated a Wormhole bridge transfer of 1,785.92980355 webETH to the Ethereum mainnet. The recipient address, encoded in the Wormhole message as base64 (“AAAAAAAAAAAAAAAAa2cbUSWNsDFt2JvAB11hE0iL5eg=”), decodes to 0x6b671b51258db0316dd89bc0075d6113488be5e8.
5. Arrival on Ethereum Mainnet (Transaction: 0x949600fc8bf2cbb6fae555f3e9cf1f9187d2e57eac12dcd302059f78727f3a25)
   Date: July 2, 2025
   The bridged funds (1,785.615 ETH) were released to the recipient address 0x6b671b51258db0316dd89bc0075d6113488be5e8, where they currently remain.
   These transactions indicate an unauthorized extraction, likely not aligned with the converter contract’s purpose, resulting in a direct loss to the Terra Classic ecosystem. For this process we need the use of blockchain forensic experts to decompile the deployed contract code, trace transaction flows across chains, identify and correlate involved addresses, recover on-chain evidence, and coordinate with exchanges and legal authorities to maximize the chances of locating, freezing, and reclaiming the misappropriated assets.

Proposed Action

• Recovery Process: The discoverer will lead efforts to recover the funds in a decentralized and transparent manner, coordinating with legal experts, blockchain forensics teams, or relevant authorities (e.g., law enforcement or exchanges) to trace and reclaim the assets. No community pool funds will be used; any costs will be borne by the discoverer and deducted from the finder’s fee if recovery succeeds.
• Finder’s Fee: Upon successful recovery and return of the funds to the Terra Classic community pool (via Wormhole bridge or equivalent mechanism), the discoverer will receive 15% of the recovered amount as compensation for discovery, research, and execution of the recovery.
• Return to Community Pool: The remaining 85% will be deposited into the Terra Classic community pool for future governance-approved uses.
• Transparency: The discoverer will provide regular updates on progress via the Terra Classic Discourse and Commonwealth forums or X. If recovery fails after reasonable efforts (e.g., 12 months), no fee will be claimed.
  This proposal is a text/signaling proposal, as recovery involves off-chain actions on the Ethereum network. Passage will demonstrate community consensus and may strengthen legal or collaborative efforts.

Oversight

To ensure transparency and accountability, the proposer, who assisted in drafting this governance proposal, will serve as an oversight coordinator. The proposer will monitor the recovery process led by the discoverer, ensuring that all actions are documented and communicated to the community. This includes verifying that updates are posted monthly on Terra Classic’s forums or X, reviewing any public-facing reports, and confirming that the process adheres to ethical and legal standards. The proposer will not handle funds or legal proceedings but will act as a community liaison to maintain trust and clarity throughout the recovery effort.

Payment

Payment will be made only after the recovered funds are successfully delivered and deposited into the Terra Classic community pool. Upon successful completion of the recovery and confirmation of funds in the community pool, the discoverers (“$KNEEL Team 6”) with wallet add: (terra1fnyfl8dmyudmn8qlcwmfwj3dfw9akh9gye287z) will receive 15% of the recovered amount as a finder’s fee. The remaining 85% will remain in the community pool. Any costs incurred during recovery the discoverer is responsible for. All this process will be disclosed and documented; no upfront payments will be taken from the community pool.

Risks

• Recovery Uncertainty: Success is not guaranteed, as funds are on a separate blockchain and may be controlled by an unknown party. Legal or technical challenges could arise.
• Time and Costs: Recovery may take months and involve expenses, though these are covered by the discoverer.
• Market Volatility: The value of the recovered ETH may fluctuate by the time of return.
• No Precedent Guarantee: While similar off-chain recovery proposals have passed in Terra Classic governance (e.g., reclaiming multisig wallet assets), outcomes vary.

Timeline

• Proposal Passage: Immediate signaling upon vote approval.
• Recovery Initiation: Within 30 days of passage.
• Progress Updates: Monthly reports until resolution.
• Completion Target: Within 6-12 months, depending on complexities.

Conclusion

This proposal is draft and open for discussion, please share feedback so we can collaboratively refine it into a final, actionable plan.

This proposal addresses a critical exploit by enabling the recovery of lost assets in a fair, incentivized, and community-backed manner. Voting YES supports restoring value to Terra Classic, rewarding proactive security contributions, and ensuring transparency through proposer oversight. The discoverer and proposer commit to ethical, legal compliance throughout the process.