Armor Finance Insurance Payout Refused: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/armorfinanceinsurancepayoutrefused.php}} thumb|Armor FinanceArmor Finance offers insurance for smart contracts, however there was a dispute over whether the policy applied to staked assets. The affected user understood one thing, and was not covered when they expected they were. The payout of $1.6m remained with the Armor Finance team. This is a global/international case...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/armorfinanceinsurancepayoutrefused.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/armorfinanceinsurancepayoutrefused.php}} | ||
{{Unattributed Sources}} | |||
[[File:Armorfinance.jpg|thumb|Armor Finance]]Armor Finance offers insurance for smart contracts, however there was a dispute over whether the policy applied to staked assets. The affected user understood one thing, and was not covered when they expected they were. The payout of $1.6m remained with the Armor Finance team. | [[File:Armorfinance.jpg|thumb|Armor Finance]]Armor Finance offers insurance for smart contracts, however there was a dispute over whether the policy applied to staked assets. The affected user understood one thing, and was not covered when they expected they were. The payout of $1.6m remained with the Armor Finance team. | ||
This is a global/international case not involving a specific country. | This is a global/international case not involving a specific country.<ref name="rektnews-3907" /><ref name="rektnews-3908" /><ref name="pastebin-3909" /><ref name="kferretcryptotwitter-3910" /><ref name="armorfi-3911" /><ref name="sourceforge-3912" /> | ||
== About Armor Finance == | == About Armor Finance == | ||
| Line 41: | Line 42: | ||
Don't Include: | Don't Include: | ||
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | * Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed. | ||
* Anything that wasn't reasonably knowable at the time of the event. | * Anything that wasn't reasonably knowable at the time of the event. | ||
| Line 62: | Line 62: | ||
!Description | !Description | ||
|- | |- | ||
|February 13th, 2021 | |February 13th, 2021 | ||
| | |Main Event | ||
| | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
|- | |- | ||
| | | | ||
| Line 74: | Line 70: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost | The total amount lost has been estimated at $1,600,000 USD. | ||
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie? | ||
| Line 87: | Line 86: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
There do not appear to have been any funds recovered in this case. | |||
What funds were recovered? What funds were reimbursed for those affected users? | What funds were recovered? What funds were reimbursed for those affected users? | ||
| Line 93: | Line 92: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== General Prevention Policies == | |||
These types of exploits can be avoided by not storing funds in smart contract hot wallets. In our industry-based insurance model, all claims have the opportunity to be covered through a vote of 3 members. Where assets are lost due to a hack, they would generally be covered. | |||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
[https://www.rekt.news/under-the-armor/ Rekt - Under the Armor] (Sep | <references><ref name="rektnews-3907">[https://www.rekt.news/under-the-armor/ Rekt - Under the Armor] (Sep 28, 2021)</ref> | ||
[https://www.rekt.news/armor-rekt/ Rekt - Armor - rekt] (Sep | <ref name="rektnews-3908">[https://www.rekt.news/armor-rekt/ Rekt - Armor - rekt] (Sep 28, 2021)</ref> | ||
[https:// | <ref name="pastebin-3909">[https://pastebin.com/dW5ZG2Kd armor.fi official response - Pastebin.com] (Oct 19, 2021)</ref> | ||
[https://twitter.com/kferretcrypto/status/1358255724594253824 @kferretcrypto Twitter] (Oct | <ref name="kferretcryptotwitter-3910">[https://twitter.com/kferretcrypto/status/1358255724594253824 @kferretcrypto Twitter] (Oct 20, 2021)</ref> | ||
[https://armorfi.gitbook.io/armor/ Armor.fi Living Documentation - Armor] (Nov | <ref name="armorfi-3911">[https://armorfi.gitbook.io/armor/ Armor.fi Living Documentation - Armor] (Nov 7, 2021)</ref> | ||
[https://sourceforge.net/software/product/Armor.Fi/ Armor.Fi Reviews and Pricing 2021] (Nov | <ref name="sourceforge-3912">[https://sourceforge.net/software/product/Armor.Fi/ Armor.Fi Reviews and Pricing 2021] (Nov 8, 2021)</ref></references> | ||
Latest revision as of 11:50, 2 May 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Armor Finance offers insurance for smart contracts, however there was a dispute over whether the policy applied to staked assets. The affected user understood one thing, and was not covered when they expected they were. The payout of $1.6m remained with the Armor Finance team.
This is a global/international case not involving a specific country.[1][2][3][4][5][6]
About Armor Finance
"Armor is a decentralized brokerage for cover underwritten by Nexus Mutual's blockchain-based insurance alternative." "Armor is a smart cover aggregator for DeFi which provides Pay as You Go coverage for user funds across various protocols." "Protect your investments against smart contract risks across popular protocols such as Uniswap, Sushiswap, AAVE, Maker, Compound, Curve, Synthetix, Yearn, RenVM, Balancer and more." "Armor insurance is underwritten by Nexus Mutual, with added features: Permissionless (No sign-up required), Pay as you go coverage across various protocolsFlexible amount/ duration coverage, only pay what you owe."
"Where there is no regulation, reputation is key, and we were too quick to judge the events based on previous stories involving certain characters."
"I am certainly not happy with how Armor has handled the situation. I think it is totally unacceptable that the CEO of Armor would make statements in order to induce people to stake valuable assets, promising us that we get to keep the benefits of the cover NFTs and could withdraw and claim at any time during this phase of the project. I deposited my cover NFTs relying on this information. All of a sudden after my cover NFT became very valuable, they suddenly decided that the CEO's words don't have any effect."
"If the CEO's words don't have any effect, and they can secretly upgrade the staking contract to allow the admin to transfer my NFT out to his personal wallet (this actually happened), and the documentation doesn't reflect the working system but they decide they will selectively enforce a few phrases in their favor that are never presented during the staking process… Well, I don't know how you could describe this as anything other than a scam."
"They stole $1.6 million belonging to me."
"[T]here is on-chain evidence that Armor stole the insurance NFT from kferrret before restaking it using their own contracts and submitting the claim for themselves."
According to Azeem from Armor, "He claimed to rely on my ambiguous (and definitely not meaning what he wants it to mean) messages in discord, when in fact he staked a day before the messages he claimed to rely on. Completely discredits his claims."
"We have stood firm against a social media storm that would have taken weaker people down. Surely that shows character and should instill confidence in the team behind Armor."
"It's not about morality. The system is designed specifically to prevent his kind of actions and he knows it, so he tried to create a social media storm to pressure us into breaking protocol. You are missing a key point. He claims to have relied on ambiguous statements before he staked, when in fact he staked a day before the statements. This discredits his entire argument as he did not in fact rely on those statements at all for staking. When staked the coverage is assigned to Armor. This is made clear in the documentation. If you want to retain coverage then don't stake. There are several other NFTs who were not staked and successfully claimed with no issue."
"We are not far from the old world where one should always make sure to read the fine print before taking out an insurance policy..."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| February 13th, 2021 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $1,600,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
These types of exploits can be avoided by not storing funds in smart contract hot wallets. In our industry-based insurance model, all claims have the opportunity to be covered through a vote of 3 members. Where assets are lost due to a hack, they would generally be covered.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Rekt - Under the Armor (Sep 28, 2021)
- ↑ Rekt - Armor - rekt (Sep 28, 2021)
- ↑ armor.fi official response - Pastebin.com (Oct 19, 2021)
- ↑ @kferretcrypto Twitter (Oct 20, 2021)
- ↑ Armor.fi Living Documentation - Armor (Nov 7, 2021)
- ↑ Armor.Fi Reviews and Pricing 2021 (Nov 8, 2021)