$36 million in JUNO tokens lost forever due to a typo
A typo caused $36 million worth of cryptocurrency to be sent to an unreachable address on the Cosmos-based Juno blockchain
By Shashank Bhardwaj
A community vote supposed to seize JUNO tokens worth millions of dollars from a whale mistakenly sent $36 million worth of JUNO tokens to an unreachable address on the blockchain last week. The mistake was a programming mix-up on the part of a developer, which caused the funds to be sent to the wrong address on Wednesday.
In the world of blockchain governed by codes, a simple community vote is enough to move tokens from one blockchain address to another. But code-centric governance is yet to transcend the failure of human-controlled safeguards. JUNO blockchain continues to remain a case study for this kind of failure.
Takumi Asano is a Japanese investor accused of gaming the Juno airdrop worth $120 million tokens in February. Juno Proposal 20 was passed to alter the token balance of Asano. This proposal is the first example of a community proposal to alter the token balance of a user who has been accused of acting maliciously.
Asano ran an exchange service that gave JUNO tokens to stakers on the Cosmos blockchain. The wallets for the so-called Juno ‘Stakedrop’ wallets should have been rendered ineligible as per the community vote.
Suppose the community vote had gone as planned. In that case, it should have revoked the transaction and transferred the JUNO tokens–now worth $36 million–into a ‘Unity’ address that the Juno community controls. But things took a wrong turn.
During the code execution on Wednesday, a programming error caused the JUNO tokens worth $36 million to be sent to the wrong address on the blockchain. The address is neither accessible by Asano nor by the Juno community. The mishap resulted from a copy-paste error, as told by Andrea Di Michele, called by the name ‘Dimi’ and a member of Juno’s ‘Core-1’ founding developer team.
The developers mistakenly copied the transaction hash instead of the wallet address, which ended up moving the seized funds to an unreachable address. Dimi said, “When I gave the [Proposal 20] developers the address of the [Unity] smart contract, I pasted the address of the smart contract and just underneath put the transaction hash. But I didn’t write ‘the transaction hash is this,’ I just put the transaction hash.”
Validators are responsible for conducting due diligence on on-chain upgrades like Proposal 20 before implementing them on the Proof-of-Stake blockchain. More than 120 validators responsible for the task failed to notice that the address had been pasted incorrectly. Daniel Hwang, head of protocols at stakefish, said that it was more the fault of the validators than the programmers who copy-pasted the wrong address into the Proposal 20 code.
Shashank is the founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist. Twitter: @bhardwajshash