**[Updated Pre-Proposal Discussion] DOT Recovery Loan to Hyperbridge Exploit Victims**

Hello, SAXEMBERG,

First of all, thank you for being here and for being able to answer my messages on Subsquare. And especially for your sympathy towards the victims of the HyperBridge hack…

Secondly, I am sorry to hear that Saxemberg is no longer a W3F delegate, but nevertheless your word carries a lot of weight and is important for the participants of this discussion. As I understand it, your message reflects a common opinion shared by other delegates, including ChaosDAO OpenGov .

Your position th at

" cannot be categorical in this context. This is where the issue of responsibility arises. We, the liquidity providers, operate on the basis of documentation approved by you and published in official sources:

Polkadot DeFi Singularity
Hyperbridge Overview - Polkadot Wiki

None of the sources contains any clauses stipulating that, in the event of an incident involving the approved infrastructure, the LPs will bear sole responsibility. On the contrary, the information from these sources clearly suggests that HyperBridge is an absolutely secure solution for operation; the DeFi Singularity program has accepted it, designated it as the sole bridge, and approved funding. The Web3 Foundation CEO publicly stated Hyperbridge embodies "the highest standards of security. "

You cannot ignore this fact simply at your will and from a position of power. All this gives us, the victims of the hack, the right to at least demand a discussion with key figures in the ecosystem to find a compromise solutio n.

As for HyperBridge at the moment, there is no new information from the team – only dry phrases that work is ongoing in this direction. There are no confirmed remaining assets (including undistributed tokens, etc.). They also do not provide deadlines for providing this information. They have not responded to the letters.

I therefore propose that we put our discussion on hold. Until new information is received, or, in its absence, until May 20, 2026.

Thank you again for your feedback.

No doubt about that. For now the communication has been meh and too high horsed but that is an ill that plagues all Polkadot at all levels. But sure, let’s give it a few. As far as it’s known they are getting ready for a relaunch of Hyperbridge which in theory would allow for repayments after audits according to the last meaningful message on Telegram.

How about this for a compromise. After this date and if other people in this discussion agree, specially affected parties.

Saxemberg will be launching a WFC referendum on the Hyperbridge chain using BRIDGE to vote to ask for an immediate disbursal of the funds granted by referendum 1439 to LPs if no refund plans are given yet, no changes and no significant updates to the current status have been given either. Same way if that still needs to be done for some other unforeseen reason. In that way, no Polkadot vote is launched for now as it’s not really needed under the current circumstances.

And this thread will be monitored for future changes and future needs.

Saxemberg, sincere thanks for engaging so constructively on this. The fact that you are willing to actively launch a WFC Referendum if Hyperbridge fails to deliver carries real weight and is genuinely appreciated.

A few thoughts and questions on the framework:

1. Broader engagement
   Would you be open to bringing this proposal to other voters and delegates? In particular, the Web3 Foundation deserves direct engagement. W3F initially funded Hyperbridge as their inaugural funding initiative, the W3F CEO publicly endorsed it as embodying “the highest standards of security,” and the protocol is documented on the W3F-copyrighted Polkadot Wiki. Their involvement in this discussion should not be optional. Active outreach from a respected voice like Saxemberg would carry significantly more weight than from affected LPs alone.

2. BRIDGE Token voting power
   A practical question: do you (or coordinated parties) hold sufficient BRIDGE to pass a WFC Referendum on the Hyperbridge Chain? The voting power distribution between Polytope Labs, Hyperbridge Foundation, and external holders is not fully transparent to me. If Polytope retains majority voting power, they could block the WFC against their own interests. Understanding this helps us assess whether the May 20 deadline creates real pressure or primarily symbolic pressure (both have value, but they are different strategically).

3. Bifrost’s role
   This is an important question that has not been addressed in the discussion so far. Bifrost was co-proponent of Referenda 1439, was the technical issuer of vDOT through SLP/Slpx, and operationally controls a portion of the Singularity allocation. Where does Bifrost actually stand on this? Who currently holds the undistributed vDOT/DOT? Are they on Bifrost, on AssetHub Hyperbridge Sovereign Account, or somewhere else? Bifrost should be drawn into this conversation directly. They cannot remain on the sidelines while the campaign they co-proposed is in this state.

4. May 20 deadline and beyond
   Fully agree to wait until May 20 for a substantive Hyperbridge post-mortem with concrete numbers, deadlines, and refund mechanism. That is fair.

However, even in the best case, a significant portion of the losses will likely remain uncovered by Hyperbridge alone. For that residual amount, a Polkadot Treasury referendum for a structured recovery loan should still be on the table. A loan, not a grant. Repayable from bridge fees, BRIDGE treasury, recovered funds, and Polytope contribution.

The reasoning is straightforward: Hyperbridge was not a third-party protocol that built on Polkadot. It was funded by Web3 Foundation, designated by the DAO as native bridge, promoted through the 795,000 DOT Singularity campaign, and listed on the W3F Wiki as official Polkadot infrastructure described as secure. Holding LPs 100% accountable for engineering failure in this kind of officially endorsed infrastructure does not seem proportionate. At minimum, partial ecosystem responsibility seems reasonable to consider.

This does not contradict your WFC strategy. It complements it. WFC Referendum extracts what Hyperbridge can pay. Polkadot Treasury referendum addresses the residual that Hyperbridge realistically cannot cover.

Thanks again for your time and constructive engagement. Looking forward to coordinating further.

You can’t really talk about numbers as long as the recovery process is not over i think.

Last update:

I think this is most important to address for now - somebody needs to reach out to Bifrost and Hyperbridge to request the distribution of the around 400k unused vDOT from DeFi Singularity Campaign referanda 1439.

Then a post morten is required plus the amount frozen on Binance. After that we should work together with major voters on a compensation plan / recovery loan as stated in the pre-proposal. Other ideas of how to structure it are welcome, there are plenty of mechanisms that can be copied from similar cases

Don’t expect any kind of engagement from W3F.
They have nothing to do with the current case.

That’s not because you fund a given protocol that you are responisble from the hack/exploit of these protocols.

It’s a fantasy here.
Have you seen any VCs being help responsible for any hacks on any chain ?

There’s literally no link between W3F, the exploit and the consequences.
Just put them out of the equation, there is no time to waste here.

I’ve pushed this to the team, but you have to know that so far Polytope is holding responsability to deal with the current law enforcement/recovery process and so on.

Bifrost is just a user of Hyperbridge’s services, with obvious consequences on vDOT users.
So the team is monitoring the situation with Polytope, but Polytope is the active player in the recovery process.

ETA:
We’re pleased to share that the MEV frontrunner from the MANTA exploit has returned the profits (net of validator fees). Based on Polytope’s calculations, Bifrost was entitled to 4.12120682 ETH.

Swap transaction: Ethereum Transaction Hash: 0x1016a9b5eb... | Etherscan

Funds returned: Ethereum Transaction Hash: 0x58ce810356... | Etherscan

Thanks for the perspective, I would like to counterargue on this point:

The VC analogy actually argues for engaging W3F, not against it. Look at recent precedents:

Tether had no equity, no governance role, no marketing relationship with Drift. Yet they committed $147.5M to make users whole.

Mantle, Lido, EtherFi, Golem, LayerZero coordinated through Aave’s “DeFi United” for KelpDAO. None had formal endorsement relationships with KelpDAO. They still acted.

These are not legal liability cases. They are ecosystem stewardship cases. And in both, the ecosystem partners had less direct connection than W3F has to Hyperbridge:

• W3F led Hyperbridge’s seed round (their inaugural funding initiative)
• W3F’s CEO publicly endorsed it as embodying “the highest standards of security”
• DAO designated it as native bridge with 795,000 DOT to actively recruit LPs
• Documented as official Polkadot infrastructure on the W3F-copyrighted Wiki

LPs accept impermanent loss and price risk but not hacking-risk, otherwise there is no use-case for DeFi if every user has to accept a 100% loss risk for a few % APY per year. Mature ecosystems are showing this with coordinated action.

Engaging W3F is not asking for legal liability. It is inviting the foundation that funded and actively promoted this infrastructure to participate in the conversation about its consequences. That seems reasonable and consistent with what every comparable ecosystem is currently doing.

Agreed there is no time to waste. That is exactly the argument for engaging W3F now, not later.

Also thanks for pushing this to the team and for the transparent update

Regarding the statement “Bifrost is just a user”. I dont have a full picture yet, but looking at Referenda 1439, Bifrost was actually co-proponent alongside Hyperbridge, the 795,000 DOT allocation flowed through Bifrost’s vDOT minting infrastructure if I am correct? And the campaign was co-marketed by both teams.
I also saw there is a Bifrost Referendum #237 (moving vDOT back to Interlay Sovereign), just in case this relates to the DeFi Singularity Campaign which I am not sure about yet.

Three friendly questions to the Bifrost Team:

1. Where do the undistributed Singularity vDOT funds currently sit? Per the 6-month report of Hyperbridge, only 336,593 of 795,000 DOT was distributed. The remaining ~$600-800K equivalent must be somewhere - AssetHub, a Bifrost multisig, or a pool. Could you help ?

2. Would Bifrost support redirecting those undistributed funds to affected LPs through governance? Saxemberg has indicated openness to a WFC Referendum on Hyperbridge Chain by May 20 if Hyperbridge does not deliver. Bifrost’s parallel support would meaningfully accelerate that.

3. Could Bifrost engage Polytope (and potentially W3F) directly on the recovery framework? As co-proponent of Referenda 1439, Bifrost has a standing that external LPs simply do not have.

Aave coordinated KelpDAO recovery in days through “DeFi United.” Bifrost and Hyperbridge would be ideally positioned to drive equivalent coordination here.

And thanks again for the engagement, genuinely appreciated.

Yes but i have more counter-examples, and especially in the Polkadot ecosystem:

• Nomad’s hack
• Multichain’s hack

Moonbeam never bailed out the impacted users for instance. These bridges were “official” bridges endorsed by Moonbeam.
Is moonbeam responsible for these hacks? No.

• 190M$ for Nomad that killed Moonbeam’s DeFi in the early stage of the chain
• Another 10M$ for Multichain on Moonbeam+Moonriver (and around 80M$ over multiple chains)

Every hack/exploit is specific.
Some protocols can cover the losses (Wormhole did for their 300M$ hack), some can’t (AxieInfinity didn’t).
KelpDAO couldn’t support the losses too, they are “lucky” that their unsecured configuration had systemic DeFi repercussions on Ethereum.

Otherwise no one would have helped KelpDAO…

Nothing to do with DeFi Singularity here.
It was linked to the gov attack on Interlay, Bifrost had to take defensive measures to preserve users in case the malicious ref passed.

I forwarded this one to the team.
This is detailed questions and i don’t want to substitute to any official answer.

Those past examples (Nomad, Multichain, Axie) all happened in 2022-2023, before the new precedents fundamentally shifted what mature ecosystems do.

The 2026 paradigm is different. “DeFi United” was launched just two weeks ago for KelpDAO. Drift happened the same week. The reason these coordinations happen is simple: DeFi cannot grow if those with stronger positions do not protect those who provide private capital to make the wheel turn for a few percent per year. If the strong walk away every time small participants get hit by infrastructure failure, the whole system collapses.

That is precisely why Aave acted for KelpDAO. Why Tether acted for Drift. Not because they had to. Because they understood the systemic logic: DeFi only scales when capital providers feel protected against engineering failures in endorsed infrastructure.

LPs entered Hyperbridge based on direct statements by @gavofyork, also the former W3F CEO, and other ecosystem leaders. LPs invested because the W3F-copyrighted Wiki documented Hyperbridge as secure. They responded to a 795,000 DOT recruitment campaign. None of that exists in the Nomad or Multichain comparison.

I am not asking for full responsibility. I am asking for partial structural support, specifically a recovery loan that can be designed without any principal risk to the W3F or Polkadot treasury. There are well-known mechanisms: staking rewards, bridge fees, BRIDGE token treasury distributions, structured reward flows over years. Principal stays intact, victims get covered, repayment runs in parallel.

The question is not whether this is possible. It is possible! The question is whether the ecosystem wants to discuss and structure it. That is what this conversation should be about.

We will disagree here so i don’t have any additional answer.

Summary of my personal opinion (just summarizing what i already wrote):

• I don’t see any difference with Nomad/Multichain hacks. Any bridge hack sucks and users historically never fully recover.
• Any DeFi user know that this is not risk free (you always have the smart contract/exploit risk, see https://x.com/stacy_muur/status/2049470260672430548?s=20). DeFi or bridging does NOT mean 100% secure. Only time can tell how secure is a protocol.
• DeFi United is a specific case due to the systemic risks on many different actors (LIDO, Aave…).
• W3F has nothing to do with the exploit and the consequences

The recovery plan is not designed so far because Polytope already explained the recovery process is still under progress.
So i guess solutions will be studied once it becomes clearer about what is really lost.
And i do hope that impacted users will recover as much as it’s possible .

NB: I don’t think Bifrost hold any $BRIDGE token, so the support Bifrost could bring to any raised referendum would be minimal or near to zero. But again, there’s no official position so far about what Saxemberg proposed.

Thank you for taking the time to lay out your position so clearly. I respect that we see this differently and appreciate the dialogue.

Three points I want to leave on the record, then I will let the substantive disagreement rest:

On Nomad/Multichain: those hacks happened in 2022-2023, before “DeFi United” emerged as a coordination model or Tether provided a structured loan to Drift (which is not systemic). Comparing today’s situation to outdated precedents will become harder to justify as the new paradigm becomes industry standard - which it should! Otherwise DeFi has not future, and Web3F and Polkadot will be the first to suffer from this. If Crypto and Defi EVER want to become mainstream, there has to be a security net by the strong actors to protect weak private money. Otherwise the whole concept will die.

On smart contract risk: The question is not whether risk exists, but whether ecosystems that funded, endorsed, marketed, and ran treasury-funded recruitment campaigns into specific infrastructure share any (at least partial) structural responsibility when that infrastructure fails. Reasonable people can disagree, but framing it as identical to anonymous protocol risk skips a layer of analysis.

On Bifrost and BRIDGE: thank you for the candid clarification. That is genuinely useful information for everyone evaluating the realistic mechanics of Saxemberg’s proposed WFC Referendum. It also reinforces why a Polkadot Treasury referendum may need to remain on the table for the residual losses, even after May 20.

I appreciate the engagement. I hope Polytope’s recovery process produces meaningful results, and I look forward to seeing the eventual structure. The conversation will continue when more facts are on the table.

Just think about an infra provider.
Polkadot is an infra provider, what people/protocols do on it, this is not their responsability.
This is permissionless by design.

AWS? Not responsible for what happen on the apps on their servers, they just provide the infra.
If they advertise Netflix, and if Netflix got hacked, AWS will never be responsible because they marketed one of their biggest client.

Meta, Alphabet? Not responsible for what what happen on their apps (Facebook, IG, Youtube…), this is their line of defense since inception: we provide the app, users provide content and we’re not responsible for the content.

It’s weird to blame the infra provider, especially in a permissionless environment.
No matter how you market or endorse protocols/dapps, it’s permissionless.
This has a real meaning.

You remind me cases with Fearless, people were blaming “Polkadot” because Fearless was left in ruins with suspicion of hacks with their wallet, and Fearless being listed in the wallet part of the official Polkadot website.
No, “W3G/OpenGov/Gavin/Polkadot” is NOT responsible about Fearless.

They are not responsible for Acala’s human config error too, that burnt the eco years ago. Acala is.
They are not responsible for Interlay and their abandoned app with ghost governance. Interlay is.
They are not responsible for other protocols that raised promises and failed, even if they received grants or gov support. Protocols teams are responsible for their own actions, that’s it.

Polkadot infra is PERMISSIONLESS.

If i follow your reasoning, Ethereum Foundation should be responsible for everything that happens on Ethereum.
Does it make sense ? No.

Cheers.

Risking that this is becoming circular, so let me clarify one final time what is actually being discussed here, because I think we are talking past each other.

No one in the affected LP group has ever claimed legal responsibility for W3F, Polkadot, or Gavin. Not in the forum, not in this thread, not in any communication. Permissionless infrastructure logic is well understood and accepted.

The AWS/Meta analogy actually breaks down on the same point: AWS does not run treasury campaigns recruiting users into specific Netflix products. Meta does not designate specific apps as “official native infrastructure” on a copyrighted Wiki. Those companies provide infrastructure neutrally. W3F provided infrastructure plus seed funding, plus CEO-level public security endorsements, plus DAO-funded recruitment campaigns. That combination is different from neutral permissionless hosting.

But again, this is not the legal liability question. It is the ecosystem trust question.

DeFi only works if ecosystems create trust around what they actively endorse and market. Smart contract risk is accepted. What is up for discussion is whether ecosystems that go beyond neutral hosting, into active promotion and capital recruitment, share any structural role when that promoted infrastructure fails.

Drift, KelpDAO, and the “DeFi United” coalition show one answer. Nomad, Multichain, Acala, and Fearless show another. Both are valid models. The question for Polkadot is which model defines its future.

That is the substantive disagreement. It is not about responsibility for hacks. It is about ecosystem positioning.

Happy to leave it there. Thanks for the engagement.

Risking that the arguments become circular, it has to be made clear:

No one in the affected LP group has ever claimed “legal responsibility” for W3F, Polkadot, or Gavin.

The AWS/Meta analogy actually breaks down on the core argument victims are making: AWS does not run treasury campaigns recruiting users into specific Netflix products. Meta does not designate specific apps as “official Meta infrastructure” on a copyrighted Wiki. Those companies provide infrastructure neutrally. W3F provided infrastructure plus seed funding, plus CEO-level public security endorsements, plus DAO-funded recruitment campaigns. That combination is different from neutral permissionless hosting.

But again, this is not the legal liability question. It is the ecosystem trust question.

DeFi only works if ecosystems create trust around what they actively endorse and market. What is up for discussion is whether ecosystems that go beyond neutral hosting, into active promotion and capital recruitment, share any structural role when that promoted infrastructure fails.

Drift, KelpDAO, and the “DeFi United” coalition show one answer. Nomad, Multichain, Acala, and Fearless show another. Both are valid models. The question for Polkadot is which model defines its future.

That is the substantive disagreement. It is not about responsibility for hacks. It is about ecosystem positioning.

Happy to leave it there and again thanks for the engagement.

Read the room. I’m sorry about the loses, but everyone who loss money knew very well the risks they were taking.

End of conversation.

launch a ref.

you can expect zero broader engagement from other parties and anything will be a massive plus. Members of the web 3 foundation are definitely reading this and their silence already express their position. More than pointing out to PR/marketing lines on past announcements, a real connection is the founding partnership announced a few months back.

Lead investors usually have a close connection to said investments so probably they are already in touch with Polytope and it is most certainly a deliberate choice not to participate in public conversation or it might actually be what Thomas said that they are not interacting with the issue at all. Both of which are likely options. In any event we could attempt some further communication now that the April 30th window has closed and real figures can emerge.

Recoverable amounts should already be known despite of them being recovered or not.

As for Bifrost, Thomas already mentioned that they are a user and it’s not in their responsibility to engage or bail out anything from this event though they definitely will suffer from the reputational fallout.

Hopefully these parties can emerge or are already engaged significantly.

It should be possible to pass such vote unless the BRIDGE treasury votes against, something that shouldn’t happen as it’s meant for distribution. If the vote were to be blocked then the only parties that hold enough BRIDGE to veto it should be developers and lead investors (refer to the linked article). In which case you can know for sure and which party wouldn’t want that to happen. Until then, all these parties should have weighed their opinion one way or another.

The self-imposed April 30th window has already passed so all these numbers should become known as well as a realistic plan for refunds of the existing tokens. Large portions allegedly remain recoverable so hopefully this realistic plan comes in time.