Review of the Seizure of Japan's Giant Whale Token by Juno: Defects and Improvements in DAO Governance

Author: jiyue, Wu Says Blockchain

With the official release of Juno Network's Proposal 17, the ongoing Juno whale sanction incident, which has lasted for two weeks, seems to have reached a new turning point.

The coordination negotiations between the Juno core development team Core-1 and the Japanese whale CCN, the high-intensity lines drawn on Twitter by various factions, and influential figures in the crypto space joining the discussion, have left ordinary viewers anxiously watching this Netflix-like drama (a pioneering on-chain governance democratic experiment) with popcorn in hand.

A trusted validator node of the Juno network, @polkachu, provided a precise explanation of the whale incident and its behavioral landscape: https://twitter.com/polkachu/status/1502880775460450305

On October 1, 2021, during the Juno genesis airdrop, most of the initial supply was allocated to ATOM holders (the native token of the Cosmos ecosystem), with $30 million worth of JUNO distributed at a 1:1 ratio to 46,137 unique ATOM addresses. To avoid a large concentration of airdropped tokens in a single address, which could lead to network insecurity and the risk of dumping, the team set a written "whale cap" of 50,000 JUNO per address.

Source: Juno Network Official Website

Even with the "whale cap" in place, a Japanese whale (Twitter @takumiasano_jp, address starting with "juno1aeh") exploited a loophole in the genesis airdrop to acquire a large amount of JUNO at a low cost.

Background investigations revealed that the whale is a Japanese fund that manages the ATOM wallets of its Japanese clients (reportedly involving elderly individuals trading cryptocurrencies, somewhat akin to a cx nature), thus accumulating a large amount of ATOM assets. The whale circumvented the Juno airdrop rules by splitting a large amount of ATOM assets into 50 wallets, thereby evading the 50,000 JUNO cap set for the airdrop, ultimately collecting 2.5 million JUNO tokens into a single address from 50 addresses. A series of operations by the whale on-chain address: https://docs.google.com/spreadsheets/d/1McQE3Ot-QkAElou6_Qs1TS9ZaCHeTVp0dYRAWZ7TOYM/edit#gid=0

This behavior was quickly detected by the Juno Core-1 team, which subsequently initiated Proposal 4: https://www.mintscan.io/juno/proposals/4. The proposal explained that the address had violated the rule of "each entity can receive a maximum of 50,000 JUNO" and proposed to reduce the address's JUNO balance by 90% to avoid issues of token centralization and dumping. However, during the voting period for the proposal, the whale contacted @wolfcontract (a core member of Juno Core-1), claiming to be a Japanese fund and promising to stake the illegally obtained JUNO airdrop to support network security.

The bizarre aspect of the entire incident was that the Juno team accepted the whale's verbal commitment (there is currently no strong evidence to prove any collusion between the whale and the team).

This attempt to establish a "tacit contractual relationship" surprisingly had an effect in the trust-deficient web3 world. Wolfcontract accepted the whale's apology and expressed opinions on Twitter, and the entire community accepted the whale's commitment. Proposal 4 ultimately failed with a 56.4% opposition rate, and the community gradually forgot the potential threat posed by the whale.

However, in recent months, the whale began to dump JUNO in large quantities. Before Proposal 16, the whale sold 17,000 JUNO daily for OSMO, then exchanged OSMO for ATOM, and sent ATOM to new addresses. The whale's behavior on-chain clearly betrayed its initial commitment, causing panic in the community once again.

This prompted Wolfcontract and the Core-1 team to initiate Proposal 16 on March 11 to re-litigate against the whale: https://www.mintscan.io/juno/proposals/16. The proposal suggested reducing the whale's 52 account holdings from 3 million tokens (valued at $120 million at the time) to 50,000 tokens and transferring an equivalent amount of funds to the community treasury.

The release of this proposal ignited discussions among Juno token holders, causing Juno to gain traction and receive heated discussions on Twitter, with many people becoming aware of the Juno whale incident. I compiled a list of key opinion leaders in the Juno proposal events: https://twitter.com/i/lists/1509897211739799552?s=20.

On March 11, the first day of the proposal's release, the support rate exceeded 90%, with support rates crushing opposition rates;

On March 15, the Juno Network development team Core-1 tweeted, hoping community members would vote against Proposal 16 regarding the removal of the whale's account assets and would draft a new proposal to provide more alternative solutions;

In the early hours of March 16, the Juno Network, a smart contract platform in the Cosmos ecosystem, finally passed Proposal 16 regarding the removal of the whale's account assets, achieving a historic voting participation rate of 98.58%, with 40.85% of voters agreeing to the proposal.

The voting result distribution is as follows:

Validator node voting is as follows:

Source: mintscan.io

The split opinions in the community regarding the proposal to reduce and confiscate the whale's assets meant that Proposal 16 was not immediately executed after its passage. After the release of Proposal 16, the whale continued to apologize and explain, still using the "trust me bro" verbal commitment to seek community forgiveness, and appealing to the innocent interests of its fund's clients. (In reality, the whale had already profited significantly from the JUNO airdrop staking rewards and was fully capable of compensating its clients with the profits obtained.)

However, as more and more off-chain behaviors of the whale were uncovered, the essence of the whale's actions gradually came to light. Credible investigations indicated that after the whale received the airdrop, it did not inform its clients about the JUNO profits, and most clients were unaware of the existence of the airdrop. The JUNO tokens actually belonged to the Japanese clients entrusted to this fund, but they became the whale's own windfall. The whale essentially operated a business that concealed important information from clients and kept the Juno airdrop profits for itself, which is unfair.

Such behavior sparked community outrage, and the previously held views of the proposal opponents, such as "robbing the rich to distribute to the poor is unjust, private property is inviolable, and the airdrop loophole is a mistake," gradually shifted to "this is a just reclamation action; the whale manipulated the system and deceived clients; burn the Token."

The Juno C1 team worked tirelessly on the whale incident, and negotiations with the whale continued for over two weeks, attempting to find a safer and cleaner way to handle the situation. Millions of eyes are watching how this drama will conclude and how the price of JUNO tokens will perform.

On March 28, C1 issued a statement proposing an upgrade through Proposal 17, which includes performance improvements, governance module instantiation, and the implementation of smart contract calls. The proposal details indicated that this upgrade would not take direct action regarding the ongoing whale issue.

The upgrade includes: security fixes; performance improvements; upgrading to CosmWasm/wasmd 0.24.0; moving Juno to the mainline CosmWasm/wasmd instead of a fork; upgrading to Cosmos SDK 45 and Tendermint 0.34.16. Crucially, the upgrade to the CosmWasm module allows governance to execute smart contracts.

On March 30, the voting for Proposal 17 officially began:

https://www.mintscan.io/juno/proposals/17, with voting ending on April 4, and the proposal passing with 98.53% in favor. From the voting results, it seems that the community's will regarding the whale incident has reached a high degree of unity, with everyone eagerly anticipating the actions of Core-1 after the first phase upgrade of Lupercalia. Although Core-1 has not yet provided detailed explanations for this upgrade, it is speculated that C1 may want to sanction the whale through code and mathematics as community law.

The voting result distribution:

Node voting distribution:

Source: mintscan.io

Subsequently, the Juno community initiated Proposals 18 and 19.

Proposal 18 proposed a compromise solution regarding the CCN issue:

https://www.mintscan.io/juno/proposals/18

Voting in favor would mean that the "community" (50%) and "CCN clients" (50%) would split all JUNO, including the staking rewards in the address. The "community portion" of the funds allocated to JUNO would be used for smart contracts, while the "CCN client portion" allocated to JUNO would be distributed by CCN to client addresses at a rate of 5% per month over 20 months. However, Proposal 18 was rejected by community voting.

The voting result distribution is as follows:

Source: mintscan.io

After Proposal 18 was rejected by the community, Proposal 19 proposed that a neutral third-party auditor confirm the identities of CCN clients through a standard KYC system and verify the appropriate amount of JUNO allocated to each address. Voting in favor would mean agreeing to distribute tokens to CCN client addresses, while voting against would mean disagreeing with the distribution to CCN client addresses, even if the client addresses had been verified by a neutral third-party audit. Proposal 19 will close on April 24, and the current voting distribution is as follows:

Validator node voting:

Source: mintscan, 2022/4/21

Even though the whale started a giveaway of JUNO tokens on the 11th, giving 50 JUNO to 10 lucky winners daily: https://www.mintscan.io/juno/txs/D3B59A483117173E3FD41FC7CCE2C55197D79C5F558AAD79B1CA6AB82A33DF86

The community's opinions have already turned extreme. One of the main participants in the Juno incident, @JoeAbbey, initiated a proposal draft (updated on April 18):

https://commonwealth.im/juno/discussion/4044-softwareupgradeproposal-stakedrop-remediation-for-gameccndebo

JoeAbbey discussed the Japanese "Payment Services Act" and the registration location of the whale CCN, pointing out that CCN was actually not qualified to participate in the genesis airdrop for the following reasons: the whale CCN's business fits the definition of "cryptocurrency exchange service" under the Japanese Payment Services Act, CCN acts as an agent to receive clients' Bitcoin deposits and exchanges them for $ATOM. CCN has indicated ownership of the validator nodes GAME (formerly CCN) and DEBO, so these two validator nodes are actually operated by an exchange, and the airdrop rules state that tokens staked on exchange nodes are not eligible for airdrops.

JoeAbbey also proposed remedial measures for the airdrop incident, stating that voting in favor of this draft would mean agreeing that CCN should not have received the genesis airdrop and agreeing to conduct a software upgrade to adjust CCN's JUNO balance. Adjustments would include: revoking all current authorizations of CCN, unbonding all delegations (bypassing the 28-day unlocking period), and sending the balance of the CCN address to an address with a public key of 0.

The Juno whale incident has lasted for over a month, and the community still has not found an optimal solution. The views of the Juno core team and participants like JoeAbbey are that after the passage of Proposal 17, the distribution of whale assets should be conducted based on the software upgrade.

"On April 24, voting for Proposal 20 began,

https://www.mintscan.io/juno/proposals/20. This proposal was released after three testnets conducted by the needlecast node, Abbey, and other nodes for Juno. The proposal content includes the execution of the 16th community proposal, specifically adjusting CCN's JUNO balance and sending its available JUNO to a smart contract controlled by the Juno Network community."

C1 approaches the whale incident from a coding perspective, choosing to address it during the upgrade period, seemingly heading towards a fork. It is necessary to review the various forks and upgrades of Bitcoin and Ethereum, as well as the differences between POW and POS mechanisms in on-chain governance, and the history and pros and cons of DAOs. Finally, the direction of on-chain governance and possible solutions will also be discussed in the following sections.

I believe that even someone who has just learned about the crypto world for a week would have heard of forks. Forking is one of the ways blockchain systems evolve, but it can weaken consensus. After a fork, it takes time to recover vitality, and of course, it may never recover.

Many early forks of Bitcoin were primarily due to technical differences leading to community disagreements, motivated by the "Bitcoin scalability issue." Under the POW consensus mechanism, the community reached consensus through computing power, resulting in many derivative blockchains. The first Bitcoin fork occurred in October 2011, creating Litecoin. In 2017, Bitcoin also experienced a hard fork, ultimately forming two independent blockchains: the original Bitcoin and Bitcoin Cash (BCH). Here is a summary of forked coins: https://forkdrop.io/.

DAO users advocate for designing virtual-centered organizations with more decentralized, autonomous, and technology-driven solutions. DAOs represent an innovation in organizational design, emphasizing computerized rules and contracts, with community members managing based on consensus, unaffected by centralized structures.

After the initial popularity of blockchain, the concept of DAOs gained more attention with the introduction of Ethereum's "The DAO" in 2016. In 2016, the well-known ICO project "The DAO" on the Ethereum platform was hacked, resulting in the theft of ETH worth over $60 million. The Ethereum community decided to roll back the transactions via a hard fork to recover the stolen losses for investors:

https://ethereum.org/zh/history/#dao-fork.

In the Ethereum hard fork incident, some community members believed that rolling back transactions violated the fundamental principles of the blockchain world, and investors should bear their own risks. They remained on the original Ethereum chain, which later became known as "Ethereum Classic (ETC)." Now, Vitalik Buterin leads the Ethereum (ETH) that emerged after the fork.

With the birth of the POS mechanism, many public chains transitioned from POW to POS. The POS mechanism emphasizes community autonomy, and the DAO concept has once again become a trend.

The POS mechanism supports on-chain native token delegated staking. Early projects often distributed tokens to early participants through airdrops to ensure network protocol security with decentralized assets and high staking rates. This method of using blockchain native tokens to validate the blockchain decouples the relationship between mining and network security.

On-chain governance through DAOs (by community proposals) greatly reduces the likelihood of blockchain hard forks (code modifications) because the passage of each proposal requires community member voting (not just a minority vote from validator nodes). On-chain governance also provides economic incentives for nodes participating in the voting process through the use of rewards.

It sounds very nice and democratic, but the recent Juno whale sanction incident has exposed the flaws of the POS mechanism and the issues of DAO on-chain governance to the greatest extent.

1. Uneven Distribution of Governance Weight

Protocols based on the POS mechanism often distribute tokens through genesis airdrops to incentivize early users to stake to protect network security, but this allows early participants to easily acquire large amounts of capital. As more investors enter, the demand for tokens exceeds supply, leading to an increase in token prices. Since user participation in DAO governance occurs through a series of proposals, members vote on them via blockchain, and having more governance tokens usually translates to greater voting power, gradually concentrating governance power in the hands of a small number of wealthy individuals/institutions/project friends who effectively control the entire system.

2. Tedious Governance Procedures

The tedium in democratic arrangements, whether virtual or real, prevents participants from allocating their energy to functional tasks after considering cost-benefit calculations, resulting in low voter turnout.

3. Legal Risks

On-chain DAO governance resembles a general partnership structure in web2 rather than a corporate structure, which exposes participants to unlimited liability. There are terrifying legal burdens in governance, and the underlying accountability structure needs to comply with legal frameworks. However, many development teams are anonymous, posing a constant rug risk.

4. Voter Manipulation

Once one or more parties conspire, bribe, or privately acquire tokens, controlling over 50% of the network's tokens and accumulating sufficient token concentration, they have the opportunity to propose or vote to launch a coup. This can also lead to situations like the Juno whale, where funds are initially dispersed across many small accounts to hide their token concentration, allowing the whale to gradually take control of the entire network or to sell off tokens at once, causing a price crash and triggering panic selling that leads to a collapse of the entire POS system.

5. Tyranny of the Majority

The Juno Network claims to be a pioneering democratic system, but such similar democratic procedures have a low threshold for participation (as long as you hold the protocol's staked tokens and a little gas fee, you have the right to vote on proposals), leading to chaotic processes. This greatly expands the voice of the weak, similar to political elections and corporate governance in the web2 world, but the community voting mechanism makes decision-making more personal, making it easy for public sentiment to be manipulated. For example, the repeated false promises of the Juno whale have sown the seeds for such drama in the future. Democracy as a corrective mechanism needs to maintain moderation.

Here are some DAO governance optimization proposals:

1. Increase Voting Activity and Participation Rates

Set a reward decay schedule, where voting rewards gradually decrease over time until they become 0 at the end. This setup helps proactive stakers in governance earn more rewards.

2. Enhance the Caution and Professionalism of Voting

Further leverage the role of node validators to promote the revival of delegated voting and develop a delegation market, allowing active nodes and independent delegators to earn rewards through proxy voting. Stakers delegate their voting rights to nodes or independent delegators, who receive voting incentives and return a certain proportion of the rewards to the stakers.

Delegated nodes/individuals must pass market review standards to perform delegated proxy work. Review assessments may include multiple dimensions: professional ability (understanding proposals, designing proposals), governance activity, reputation background (whether the operator is compliant and legal), trustworthiness and neutrality, whether they are a centralized exchange, whether they are a zero-commission node (risk of running away), and the level of effective communication between the delegator and the node/individual.

3. Code as Law

Upgrade smart contracts to automate decisions regarding the increase/decrease of tokens for an address, incentivizing/penalizing. Use computer intelligence for decision-making, achieving automation, but this requires regular community review and adjustment. Closely monitor the implementation of Juno Proposal 17 and the sanctions against the whale.

4. Different Rights for Different Shares

Core Team: The soul of the protocol, equity should be larger, but avoid "dictatorship";

Professional Investment Institutions: The source of funds, ensuring the security of the POS network, but avoid "power monopolies";

Node Validators: Individuals, including centralized exchanges, need to hold a significant amount of staked tokens and be proficient in network architecture;

Large Holders: Deeply related to interests, usually have a deep understanding of the protocol and are actively involved in governance, even voluntarily setting up nodes to become validators and contribute value to the product;

Small Investors: Their staking purpose may only be to obtain airdrops and staking rewards, governance is relatively indifferent, and they often vote opportunistically.

The differences in interests, goals, investment horizons, and capabilities among different groups are significant. For the diverse components of the DAO community, governance weight should be adjusted. For example: consider distributing governance weight based on community contribution scores; time weight (i.e., token lock-up time, but not friendly to new players); staking weight (proportional to the amount staked), etc.

The crypto world is rapidly developing along the trends of POS mechanisms and DAOs. Despite the many bugs, it is worth experimenting, striving, and imagining. The Juno whale sanction incident is a great experiment, and we continue to closely monitor the development of the event, hoping to conclude this Netflix-like drama soon.

Citations and Recommended Reading:

GAME-ing Stakedrops?

https://jabbey-io.medium.com/game-ing-stakedrops-d02a826ff791

Whale Drop Compromise

https://commonwealth.im/juno/discussion/4157-whale-drop-compromise

People vs. Juno Whale

https://polkachu.com/blogs/people-vs-juno-whale

The Decentralized Autonomous Organization and Governance Issues

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3082055

Hard Fork Completed

https://blog.ethereum.org/2016/07/20/hard-fork-completed/