[Proposal: 74] Fast-Track Proposal to Secure 159K GLMR in Response to Potential Parallel Finance Chain Exploit

Dear Moonbeam Community,

We need to inform you about an urgent situation on the Parallel Finance chain and request your immediate attention and vote on a fast-tracked proposal.

What Happened:

• Recently, 140K xcGLMR was minted via a call from an Externally Owned Account (EOA, general wallet). This was possible because the asset Owner was changed to this account, possibly through an on-chain governance proposal via the technical committee or similar. This action is highly unusual and is against standard security best practices.
• Parallel Finance has completed a fast-tracked upgrade on its end in the last hour, raising concerns about its system’s integrity and the security of funds on both chains.
• We’ve also observed that the RPC endpoint for Parallel Finance has been intermittently going offline, which has made monitoring the situation more challenging and raised our concerns about the chain’s security.

Why It Matters:

• The Parallel Finance sovereign account on the Moonbeam side currently holds 159K GLMR, the maximum amount at risk of liquidation due to this potential exploit.
• In addition, Moonbeam currently has 86175.8 xcPARA tokens. These tokens are not listed in any of the main DEXs, minimizing the potential impact on the Moonbeam ecosystem.
• To protect the Moonbeam ecosystem and prevent further actions by potentially malicious actors, we propose fast-tracking the closure of the XCM channel between Moonbeam and Parallel Finance.

Next Steps:

• Once the XCM channel is closed, the 159K GLMR and the 86175.8 xcPARA tokens will be frozen. The GLMR assets will remain in the Parallel Finance sovereign account. At the same time, the xcPARA assets will stay in the accounts on Moonbeam, and still be transferable within Moonbeam but not to Parallel Finance.
• However, an additional governance vote will be required to return the frozen GLMR and xcPARA to the rightful end-users.

Call to Action:

We urgently need your vote to pass this fast-tracked proposal, ensuring the security of funds on Moonbeam. The steps we are taking are a critical precaution to prevent any further loss and protect the ecosystem.

Proposal Overview:

• Fast-track the closure of the XCM channel to prevent any additional risk to the 159K GLMR.
• Freeze the GLMR assets in the sovereign account, and xcPARA transfers to Parallel Finance, with plans for a future vote to return them safely to the end-users.

Link to Proposal: Moonbeam Dapp: Proposal 74

Your participation is crucial in helping us take immediate action to protect Moonbeam from this security issue. Thank you for your support and quick response!

Best regards,

Moonbeam team

aye–for sure in support of this

I fully agree with this proposal. We must do everything possible to protect the Moonbeam ecosystem. The accelerated closure of the XCM channel and the freezing of assets are necessary steps to prevent further losses and ensure security.

thank you, Sicco, for bringing forward this proposal

I fully support the swift action to close the XCM channel with Parallel and safeguard the Moonbeam ecosystem

voted aye - in full support of the proposal

Voted Aye, another win for whitelist track.

Just wanted to let everyone know that the governance vote is now complete (https://polkadot.subscan.io/block/22968088?tab=event&event=22968088-58) and the 159K GLMR are safe in the sovereign account: (https://moonscan.io/address/0x7369626cdc070000000000000000000000000000)

We will figure out over the next few days how to return these funds to users.

Missed the vote but I want to express my gratitude to the MB Foundation team for handling this situation so quickly.

Absolutely the same here, amazing TEAM, as usual!!!