Armor - rekt

Sometimes armour is not enough.

A protocol that offered protection has stabbed its users in the back.

This is a story of centralised corruption and personal greed interfering with what should be the binary decision making of insurance policy.

The Armor team decided to throw away their reputation and put their greed on public display when they refused to pay one of their policyholders after last week's Yearn arb attack.

Constant contradiction by team members and ambiguous statements in the official documentation make Armor appear to be either totally incompetent, or an intentional scam, as they try their hardest to avoid a $1.6 million payout.

While the CEO of Armor; Azeem claimed that staked arNFTs would continue to provide the staker with insurance against hacks, the fine print seems to say otherwise, as one user had the unpleasant surprise of finding out.

In addition to the lies and deception detailed below, there is on-chain evidence that Armor stole the insurance NFT from kferrret before restaking it using their own contracts and submitting the claim for themselves.

In September 2020, the user @kferretcrypto purchased cover #1804 from Nexus Mutual.

Following the advice of Armor CEO Azeem, kferret staked the token representing #1804 in Armor, believing that if needed, the token could be unstaked and used to claim the insurance payout.

When the Yearn v1 DAI vault was compromised and 11M DAI was lost, this policy gained a value of 1,000 ETH.

Azeem and the Armor team then stated that as the policy token was staked, kferret was not able to claim the 1,000 ETH payout, and that the funds would instead go to the “Armor Treasury Reserve”.

Armor have released an official response to kferret (named as x7044). We asked kferret if they were happy with the official response.

"I am certainly not happy with how Armor has handled the situation. I think it is totally unacceptable that the CEO of Armor would make statements in order to induce people to stake valuable assets, promising us that we get to keep the benefits of the cover NFTs and could withdraw and claim at any time during this phase of the project. I deposited my cover NFTs relying on this information. All of a sudden after my cover NFT became very valuable, they suddenly decided that the CEO's words don't have any effect.

If the CEO's words don't have any effect, and they can secretly upgrade the staking contract to allow the admin to transfer my NFT out to his personal wallet (this actually happened), and the documentation doesn't reflect the working system but they decide they will selectively enforce a few phrases in their favor that are never presented during the staking process… Well, I don't know how you could describe this as anything other than a scam.

They stole $1.6 million belonging to me."

The following screenshots are taken from the private chats between kferret and the Armor team.

The following response from umadbruhh can be found here with comments from kferret.

Following that discussion, Armor issued an official response in which it seems the team backtracked on their initial stance, pictured above. We asked kferret to comment on the official response.

The text in bold is taken from Armor's official response.

"If successful, what do we plan to do with the funds? Just last week, Armor launched an industry first Coverage for Coverage Providers, collateralized by the Armor Treasury Reserve. This provides an added layer of protection to the users of the arNXM yield vault to secure it against losses from successful claims at no additional cost."

kferret: "I have never even heard of this. This is an example of how Armor, without the consent of stakers, decided to change the rules about what they can do with our funds. At no point was I ever informed during the staking flow that I would have a risk of loss of benefits during this phase or that the benefits would be used to provide protection to users of another yield vault. Azeem explicitly stated that since arCore Protect is not active yet, if we need to claim we can claim as normal and the benefits still belong to us."

"The 1,000 ETH received will flow into the treasury reserve where they will be used to acquire NXM to replenish the burnt stakes in the arNXM yield vault to fully compensate the stakers of the vault. This will replenish any impacts to arNXM:wNXM ratio"

kferret: I originally offered to set aside a contribution of $100,000 for the purpose of reimbursing some of the losses in this vault. I think this is quite generous. Azeem agreed to this and seemed quite satisfied, directing his co-founder Robert to start the transfer of the NFT back to me. This never happened. Hours later, “Umadbruhh” delivered the letter to me basically saying nothing the CEO says is binding. When is it acceptable that the CEO can just make a deal, and later on decide that nothing he said applies?

The following is taken from the official letter delivered to kferret from Armor team member “Umadbruhh”

"Dear x7044, I’m Umadbruhh, co-founder of Armor and responsible for maintaining protocol health. Having discussed this with the team and following the rules as described in our technical documentation, we offer the following resolution."

kferret: "It is important to note that the technical documentation does not reflect the current state of the product. Many, if not most, of the documentation pages at the time contained information that did not reflect the actual working product. Given the complete mismatch, it would be hard to rely on any of the information there. Therefore, I think any reasonable person would expect to be able to rely on the CEO’s statements about how the system is presently working especially if the documentation is largely inaccurate."

"The informal yet caveated conversation you have had with az does not represent the final decision of Armor as it must be subject to the agreement of the team during the governance grace period or the DAO under normal circumstances. Furthermore, the official technical documentation supersedes any informal discussions or statements that may or may not have been misconstrued."

kferret: "This is just another way to say that we can’t rely on anything they say, everything they say can be false or invalidated whenever they feel like it. Does that sound like the practices of an organization you really want to trust with staking your assets or buying coverage?"

"You are fully aware that the way the system works is that users like yourself acquire and stake arNFTs with Armor as suppliers. Once staked, the arNFT does NOT provide coverage to the user as it is now leased to the system in return for compensation in the form of token rewards and/or revshare. (ref - https://armorfi.gitbook.io/armor/products/arnft-coverage-pool/staking-into-arcore) “Note: Staked arNFTs do not provide coverage to the user who staked them.” Azeem unequivocally clarified that during this stage of the product, while cover brokerage is not active, this is not true and stakers retain coverage and can claim. He confirmed this multiple times."

kferret: "This part of the product isn’t launched, they are selectively extracting text related to unlaunched parts of the product and adding arbitrary terms and conditions to justify them doing whatever they want at my expense. No one has bought coverage from Armor. It is also unclear if anything resembling a DAO exists at all at this point."

"Armor is the sole stakeholder in this decision because: Armor retains all rights to the arNFT when staked, so all claim submission rights and payouts belong to Armor during the period the arNFT is being staked. This includes the 7 day cooldown period after the unstake request has been triggered, which was included to address instances similar to this and to allow Armor DAO to determine the appropriate course of action. If the arNFT is allowed to be withdrawn, Armor DAO stands to lose a significant amount of its stake on the yearn contract which will be paid to someone who did not own the rights to this claim. You will appreciate that this is neither ethical nor payable in the circumstances."

kferret: "Just remember, the next time Armor is going to make a decision about your assets, this is going to be their mantra: “Armor is the sole stakeholder”. Armor only looks after Armor. They have clearly demonstrated that now."

"The normal course of action would have been the claim is made and paid out to the Armor treasury. But since we realise that no material loss has resulted to users of arCore Protect in this hack or anyone covered by this specific arNFT, it is imperative for Armor to determine the best decision for the protocol and community that is fair and justified. Therefore, Armor will claim the payout and use it to provide coverage to stakers in the arNXM yield vault."

"At the same time however, we would like to come to an amicable understanding with all parties. You are a supporter of Armor for which we are grateful and honored. This is simply one of the reasons we feel you will agree that any decision must be made transparently and should not be made unilaterally or without the existence of any duty, in order to benefit any one specific user at the expense to and indeed of the community."

kferret: "Armor’s definition of coming to an amicable understanding with all parties must mean agreeing to a deal, then totally reneging, then informing me all of the final terms of a completely different new deal in which only Armor got to select all of the terms and I had no say at all. Yes, this certainly sounds like it’s not “made unilaterally”. This is full of meaningless words from “Umadbruhh” that almost seem like taunts given how far from the truth they are."

Armor and Azeem came back later with a tweetstorm that emphasized Armor's right to retain staked arNFTs, and announced that 500,000 ARMOR was offered to kferret in order to mitigate what is claimed to be a misunderstanding.

rekt can confirm that this offer has not been accepted by kferret, who told us the following

kferret: "I have not been in direct conversation with them since that negotiation one when it escalated to a dispute and they delivered to me that letter saying they have the final say on everything. I connected then with my attorney when they started sending me the legalese."

"If they have sent me anything directly since I connected them with my attorney, I haven’t looked at it or responded to it since once they started using legal language against me I didn’t feel comfortable negotiating directly with them anymore. I believe they also banned me from their Discord so if they announced something about me on there I haven’t seen it since then."

"I don’t know if “Umadbruhh” is a lawyer but I am certainly not a lawyer, and that letter they sent me had language that sounded like lawyer speak to me, so I think it’s better to let the lawyers talk to the lawyers."

Offering to return less than a third of what you stole before banning the person from your community is not a "generous offer of goodwill".

Decisions on insurance policies cannot be subject to personal desire, and this is a clear case of the Armor team trying to avoid a payout.

This story has shown a centralised entity misleading users about the fate of their funds, while taking unilateral decisions to misappropriate them.

Neither Azeem nor Armor can be trusted.

Armor have a lot of work to regain the trust from their stakeholders.

Do the words of a CEO hold no value? When trying to build a community, this is problematic.

"Don’t trust, verify" must be applied when it comes to working with either Armor or Azeem.

We are not far from the old world where one should always make sure to read the fine print before taking out an insurance policy...

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.