Postmortem: Loss of 369,714.5 SILO (Equivalent to 7.955 ETH) from ShapeShift DAO Treasury

Dear ShapeShift DAO Community,

As many of you are aware, we recently experienced a loss of 369,714.5 SILO from the ShapeShift DAO treasury. While this incident is unfortunate, it provides us with an opportunity to improve our processes and ensure the security of our funds going forward. Below is a detailed overview of the incident and the steps we are taking to prevent similar issues in the future.

Incident Overview

Date: May 21, 2024

Summary: An error during a transaction execution resulted in the loss of 369,714.5 SILO, which was swapped for 7.955 ETH. The funds were mistakenly sent to the DAO’s mainnet safe address on Arbitrum. Despite extensive recovery attempts, the funds were deemed unrecoverable.


• Reduction of the ShapeShift DAO treasury balance.

• No impact on user funds or overall platform operations.

Root Causes:

• Hurried execution and context switching by signers.

• Complexity of cross-chain transactions without thorough testing.

• Incorrect multisig safe address usage (using the same address as mainnet).

Detailed Timeline of Events

  1. Request for Expedited Action: On May 17, 2024, the DFC requested an expedited execution to sell 369,714.5 SILO for ETH on Arbitrum.

  2. Transaction Creation: Signer A created a transaction (#931) to approve and swap SILO for ETH on CowSwap via ShapeShift. However, limitations in executing the swap via ShapeShift led to a need for multiple steps.

  3. Discussion and Decision: Signers discussed and decided to use ShapeShift for the swap and bridge, choosing the Hop route for its favorable rate.

  4. Execution of Transactions: Signer A and B executed a series of transactions (#932 and #933) to approve and swap/bridge the assets.

  5. Gas Issues and Simulation: The initial transaction failed due to insufficient gas. Subsequent attempts involved increasing the gas limit and executing new transactions.

  6. Address Error: During the final transaction, Signer B copied and pasted the recipient address for the mainnet instead of Arbitrum, leading to the loss of funds.

  7. Recovery Attempts: Signers attempted to recover the funds by deploying a new safe on Arbitrum, but due to contract incompatibilities, the funds were unrecoverable.

Corrective Actions

To prevent similar issues in the future, we are working on implementing a robust process checklist that will directly address multisig process errors. This includes:

• Enhanced documentation and verification.

• Greater transparency in our processes to ensure the community is informed about how decisions are executed.

• Continuous monitoring and improvement of our processes to increase