Camille A. Hanard
AMA Recap: Lossless
Speaker: Gytis Trilikauskis, Head of marketing @ Lossless
Date of the event: October 20, 2021
DeFi Teller
Welcome to today's AMA event! This AMA is very timely and probably one of the most relevant in terms of how many questions we've received, I should say!
So, without further ado, I want to introduce our guest - Gytis Trilikauskis, head of marketing in the world's first crypto hack mitigation tool Lossless! Gytis, how are you doing? We are happy to see you here today!
Gytis Trilikauskis | Lossless
Great to be here! I am doing great, this past month has been insane. Not a lot of sleep, but the whole team is powering through.
DeFi Teller
And we really can see that! Huge success for LSS, I see that it is up 65% just today!
Gytis Trilikauskis | Lossless
Yeah, the price went x15 over the last month or so. Volume is getting scary too, someone is paying a lot of attention to Lossless. We are very excited to see the work we’ve been doing is paying dividends.
Also, a huge amount of new community members.
DeFi Teller
That's always great! So you're really having a great start guys! Congrats!
Gytis Trilikauskis | Lossless
Excitement all over the place here at Lossless.
Our eyes are on the prize though. Want to launch the protocol in full as soon as possible.
DeFi Teller Community
So, don't want to waste your time, cause we really got a lot of questions for you, Gytis!
As is our tradition, we'll start with a couple of introductory questions to refresh the memory of those of our subscribers who have forgotten or maybe haven't heard of Lossless.
So can you please describe, briefly, what exactly the protocol does, what are its main objectives?
Gytis Trilikauskis | Lossless
In short, Lossless is about providing an actionable tool for tokens, protocols and liquidty pools to stave off and prevent hacks or exploits. It’s an on-chain solution that works in real-time. As we talk between each other in the team - security audits and trust scores are nice and all, but offer little protection when hacks are happening. And let’s be real, audited protocols do tend to get hacked too.
The main objective is to monitor the blockchain for fraudulent activity, try to flag suspicious transactions and if needed, temporarily freeze them.
How do we do that? We insert a few lines of code into token contracts which allow us to set certain rules and thresholds upon which we can determine which transactions fall under the ‘suspicious’ category and which ones do not. I guess that sums it up pretty well.
DeFi Teller
Thank you, Gytis! Clear and simple!
And let's go over the project's roadmap - tell us, what have you already achieved, at what stage the protocol is at this moment and what can we expect from you in the near future?
Gytis Trilikauskis | Lossless
Up until now, we’ve came out with:
* MVP - a demo of the look and feel of the upcoming platform;
* Token Minter - a free tool to deploy and issue tokens for anyone in the industry which currently supports ETH, BSC, and Polygon;
* We’re gathering a network of whitehats and security experts to first of all test-proof our product and try to help protocols that are hacked, which consists more of manual detective work rather than is product oriented.
For the immediate future we are planning to release Lossless Vault & Treasury protection tool - a b2b solution for protocols to secure individual vaults with large amounts of funds inside such as company treasuries, development funds, liquidity reserves, and etc. It should see daylight in the end of November/early December.
And then - full focus on the platform deployment, the full code should be submitted to the auditors before the end of the year, followed by a public bounty campaign. We’re targeting the end of Q1, 2022 for the protocol release with full functionality.
DeFi Teller
Great! A lot of work ahead!
And now let's move on to the questions from our subscribers. So, the first question is about Token Minter.
One of the highlights recently was the launch of the Lossless’s Token Minter but you said that the Platform will not guarantee Hack Protection. So, what's the reason behind this? Is the Token Minter program just temporary or permanent?
Gytis Trilikauskis | Lossless
The token minter is a simple UI for anyone to deploy token contracts for free. Inside deployed tokens there is the Lossless Plug-in already installed, but as long as the Protocol is not fully launched, it offers no security parameters Today.
However, once we launch our product, this plug-in will activate and tokens will enjoy Lossless protection. Otherwise, teams will be required to redeploy their tokens with Lossless code if they want to take advantage of Lossless security.
It helps us to streamline our ecosystem onboarding, save our tech guys time walking project teams through token creation or Lossless integration process.
Also, it’s a good tool for people who just want to test and play around with token contracts.
DeFi Teller
Can you describe your Out-Of-The-Box token relaunch toolkit?
Gytis Trilikauskis | Lossless
As I mentioned, for already existing tokens to implement Lossless security, they’ll need to redeploy token contracts. It takes time and effort for crypto projects to coordinate all of the efforts between retail holders, VCs, large backers, CEXes, DEXes, and farms and do that across multiple Layer 1s.
We’re working on an algorithm and documentation to make this process as easy as possible and to make all the stakeholders incentivized for the transformation as we want as many protocols to adopt the ‘Lossless standard’. The token relaunch toolkit will be exactly that. Process guide for token relaunch.
DeFi Teller
Like a kind of SDK?
Gytis Trilikauskis | Lossless
Exactly, something similar will also be prepared for ‘finders’, users which will help us monitor the blockchain activity of Lossless-integrated tokens and flag potentially fraudulent transactions.
DeFi Teller
In your whitepaper you mentioned the developing interest of banks and other institutional investors in DeFi and that this could be a motivation for hackers. Are you planning to collaborate with major companies, or do you already have one? How do you plan to protect them?
Gytis Trilikauskis | Lossless
Development things should come first and that’s where our focus is at the moment. The Vault protection solution mentioned above will be the first step towards this direction. We’re receiving a lot of attention lately and have been talking with multiple digital asset banks and vault protocols, but nothing has been finalized yet.
We’re not rushing in this direction either. With our solutions, we carry a lot of responsibility and want to be sure that our products/services are truly battle-tested. Mistakes in our game cost millions, sometimes hundreds of millions of dollars. We have to be pitch perfect and sometimes it means that we have to sacrifice speed for security.
DeFi Teller
Is it safe to say that your focus will still be on DeFi or is it unclear yet?
Gytis Trilikauskis | Lossless
Right now, 100% on DeFi. The market is huge, the need for actionable hack protection is there and this is what we’re working on. Some people are inviting us to join the NFT game and offer some protection for those assets as well as safeguarding NFT drops, but at this moment it’s only informal discussions, we have not seriously considered this yet. Don’t think it’s happening anytime this year.
DeFi Teller
Please provide more details about the decision making body when a hack occurs. In particular, are the cybersecurity specialists of the three parties independent of lossless?
Gytis Trilikauskis | Lossless
So the decision-making body consists of three parts:
- team members from the project which is being hacked;
- Lossless team members;
- independent committee of security experts, whitehats and other high ranking executives of DeFi industry.
Once our finders or ourselves, or anyone else flag a suspicious transaction and initiates a 24 hour freeze, that time window will be used to determine whether the frozen transaction is truly a hack or not.
We don’t want to assume centralized power over that decision and do not think that anybody should. Therefore we set up a threefold structure in charge of making that decision. Two-thirds majority will be needed to make a decision. So yes, the independent committee will be independent.
And also, the team of the token involved will have a say too as they’re closest to the activity of their token and probably will have the most information at any given time.
DeFi Teller
But in any case, is it possible with this approach to say that Lossless itself will ever become fully decentralized? Or do you plan to change this decision making body in such a scenario?
Gytis Trilikauskis | Lossless
It’s actually a very good question. We’ll have to wait and see. First of all, we do need to set up some rules on how people can flag suspicious transactions and how these transactions can be frozen. What we do not want is people taking advantage and just randomly freezing transactions or blocking competing projects from regular activity or something along those lines. It’s crypto afterall, we have a trollhouse behind every corner in this market.
So the first phase of the platform roll out focuses on a three-part decision making body, there is food for thought to introduce a fourth & fifth part of that body consisting of community members who’d serve a fixed term period and get compensation for their activity, similar to elected parliament members.
There is a thin line between decentralization and chaos and we do not want to cross it. Adequate decentralized governance is a still unveiled beast. It’s gonna be a process.
DeFi Teller
Lossless is praising Tether’s ability to freeze users’ funds in its whitepaper. But for many DeFi enthusiasts such level of control leaves no room for decentralization. Can you elaborate more on how Lossless ensures no central entity can take control over its protocol?
Gytis Trilikauskis | Lossless
I’d not say we praise this ability, we just say that it’s there. Tether’s solution is completely centralized, there is no transparency on the decision making structure and who has the authority to freeze funds or for what reason. In the recent $600M PolyNetwork hack, Tether instantly froze USDT in the perpetrator’s wallet and I guess the victim was very glad in that case so there’s some benefit to this feature in USDT, even though the Lossless team don’t really think it is the best approach.
As already described, our solution is to be transparent about the process of decision-making in the first place and have distribution of power within the system so that no actor has authority over the decision.
Also, if project teams and communities feel that the structure is unfair and centralized, they will simply opt-out of the Lossless standard. This will be the ultimate testimonial whether the system is decentralized enough or not.
DeFi Teller
Okay, back to the protocol. Coming up, there's a batch of questions about whitehats. I think they're all connected, so maybe it'll be easier for you to answer them all at once.
You often talk about white-hats, who help detect fraudulent movements and who are motivated by rewards. Tell us more about the algorithm, it really is similar to the pool of validators or am I wrong?
Usually whitehats receive 10% from the funds they have returned or prevented a loss of. Why should they be interested in working on Lossless’s conditions?
It seems Lossless is going to be a whitehat club where the most successful hacker to write a quickest bot will earn fees for themselves and the whole protocol. What if someone outwit the team and the defense - how will the suffered project be compensated?
Gytis Trilikauskis | Lossless
When we talk about white-hats, right now we talk about individual people who help us to become experts in DeFi security. These guys have deep technical knowledge in how cyber attacks are carried out and which vectors are being used.
On the platform, ‘finders’ who will monitor and flag suspicious activity will most likely be bots and computer software written by white hats or in cooperation with them as if the Lossless ecosystem is truly extensive, manual monitoring will be out of the question.
Regarding the 10%, the bounty is rewarded after the funds are retrieved, but trying to follow the hacker after he has already drained the funds requires extensive detective work spending countless hours on it, analysing patterns, recreating the attack, and etc. On Lossless protocol, the fraudulent transaction will be frozen and will never get to the hackers’ wallets, so the amount of work will be way lower and that work will most likely be done by programmable software.
Regarding the last question, there is always the risk of the known unknown - the realization that since smart contracts are rather a new concept, they have not been researched in full and there’s always a risk that someone will find a vulnerability to exploit. Quantum attacks might be a good example. If they ever occur, Lossless will not save project funds, but we also cannot take responsibility if that happens.
We try to document clearly what security options we do offer and what attacks we can prevent but there will always be something that’s out of our reach.
DeFi Teller
How exactly is Lossless' L-ERC-20 token standard different from ERC-20? Would it still be compatible with Ethereum after its mainnet upgrades to 2.0? And what about L2 chains?
Gytis Trilikauskis | Lossless
L-ERC20 is basically ERC20 with a few lines of code that integrates the Lossless security parameters and rules on how we recognize and stop hacks. It will be fully compatible with the Merge. L2s and L1s will be integrated one by one, EVM-based will be easier and should flow pretty rapidly. Then for other cases such as ADA - the amount of required effort will be bigger.
DeFi Teller
Okay, thank you, Gytis! And one last question for you, as we have to wrap it up.
How do you think the architecture of flash loans should be improved so that they are not such a handy tool for hackers?
Gytis Trilikauskis | Lossless
I think it’s not the flashloans that have to be improved, it’s the security of DeFi protocols. Flashloans are a very revolutionary concept empowering to do large volume financial transactions without collateral, that’s a very strong tool.
Protocols first of all should decide whether they want to implement some measures to limit the use of flashloans on their platforms or to be sure that their platforms cannot be exploited, the oracles corrupted and pools cannot be drained. One of the parameters that token teams will be able to integrate using Lossless will be flashloan attack prevention and it’s going to have a pretty simple logic behind it: the team will be able to limit the amount of tokens that are allowed to be withdrawn in a single transaction. If the transaction is >$X, then it is stopped. Simple as that.
This will raise no issue for regular people moving money around, but when an attacker wants to drain the whole pool in one sweep, he/she will not be able to do it.
DeFi Teller
Thank you so much for your time, Gytis!