[MRC-164] Update on Exploit Response and Action Plan

Proposals MRC (Mars Request for Comment)
1

Dear Mars Protocol Community,

We want to provide an update on the exploit response and clarify the concrete actions we are preparing to execute, including how the USDC market accounting will be reconciled on-chain and which funds will be used to reduce the shortfall.

Background

As previously communicated, the exploit resulted in bad debt concentrated exclusively in the USDC lending market.

Proposed Actions

1) USDC Market Accounting Reconciliation (v2.3.3 Migration / “Haircut”)

We are preparing a v2.3.3 migration that reconciles the USDC market’s accounting by rebalancing the market liquidity index to match underlying assets.

This is the on-chain mechanism that applies the USDC-market adjustment in a transparent, deterministic way (i.e., aligning accounting with the current state of underlying assets).
Code PR: https://github.com/mars-protocol/core-contracts/pull/49

2) Deploy Remediation Funds to Reduce the Shortfall

In parallel, we plan to apply available remediation resources to reduce the USDC shortfall before finalizing the USDC market adjustment:

  • Safety Fund (community-approved resources)
  • MPF funds currently available (e.g., MPF credit account balance)
  • CPV funds owned/controlled by MPF

Current Estimate (Subject to Final Accounting)

Based on the latest consolidated calculations, the current target adjustment for affected USDC deposits is ~27%, assuming the remediation sources above are applied as planned.

These numbers remain subject to final accounting and execution details, and we will only publish the exact final value once fully confirmed.

Next Steps / Timeline

  • Forum update & review: now (this post)
  • Governance proposal: to be posted once the final haircut parameter and funding breakdown are confirmed
  • Execution: following proposal approval, we will execute the funding movements and the v2.3.3 migration as soon as governance execution and verification allow

This process is focused on resolving the USDC market shortfall with the most straightforward path possible, using available resources to reduce user impact while keeping the protocol safe and operational.

Implementation

If this proposal passes, the Mars Protocol Foundation (MPF) will execute a contract migration on Neutron to apply the approved USDC market accounting rebalance (“haircut”) via the Red Bank migration.

The migration will be executed with the following message:

{

"@type": "/cosmwasm.wasm.v1.MsgMigrateContract",

"sender": "neutron1edprq6jhpu3dkm6neyxhqwgmm6f9ekg4yfrfyk",

"contract": "neutron1n97wnm7q6d2hrcna3rqlnyqw2we6k0l8uqvmyqq6gsml92epdu7quugyph",

"code_id": "TBD",

"msg": {

"v2_3_1_to_v2_3_3": {

"haircut": "TBD",

"market": "ibc/B559A80D62249C8AA07A380E2A2BEA6E5CA9A6F079C912C3A9E9B494105E4F81"

}

}

}

Copyright

Copyright and related rights waived via CC0.

Disclaimers/Disclosures

This proposal is being made by Mars Protocol Foundation, a Cayman Islands foundation company. Mars Protocol Foundation engages in research and development of the Mars Protocol. Mars Protocol Foundation and certain of its service providers and managers own MARS tokens and have financial interests related to this proposal. The aforementioned persons or their affiliates may also have financial interests in complementary or competing projects or ecosystems, entities or tokens, including NTRN. These statements are intended to disclose relevant facts and to help identify potential conflicts of interest, and should not be misconstrued as a complete description of all relevant interests or conflicts of interests; nor should they be construed as a recommendation to purchase or acquire any token or security.

This proposal is also subject to and qualified by the Mars Disclaimers/Disclosures. Mars Protocol Foundation may lack access to all relevant facts or may have failed to give appropriate weighting to available facts. Mars Protocol Foundation is not making any representation, warranty or guarantee regarding the accuracy or completeness of the statements herein, and Mars Protocol Foundation shall have no liability in the event of losses or damages ensuing from approval or rejection or other handling of the proposal. Each user and voter should undertake their own research and make their own independent interpretation and analysis of all relevant facts and issues to arrive at their own personal determinations of how to vote on the proposal.

2

How to Nuke your protocol in three easy steps.

  1. Force USDC lenders to eat the entire loss.
  2. Only offer “potential contributions from the Counterparty Vault.”
  3. Tell users who borrowed in a timely fashion to protect their capital, that they’ll get punished via snapshots.

Nothing about this is fair, yet there’s now a procedure to “ensure fairness”. It absolutely blows my mind that there is no public commitment from Neutron regarding this exploit. Of course, the problem was not of their making, but Mars is [a/the] cornerstone protocol on Neutron. If USDC lenders are eating a 25% haircut, it’s game over for both Mars and Neutron imo.

Sorry to be so blunt. For me, this Response and Action Plan doesn’t cut the mustard.

2 Likes
3

There is a reason why insolvency and bankruptcy proceedings are governed by established legal principles and due process.

What is currently being proposed does not follow these principles. The approach selectively localizes losses to a single asset class (USDC lenders) rather than treating creditors on a net-asset basis across the platform.

Even absent visibility into individual holdings, this structure creates an inherent and legally problematic conflict of interest: decision-makers are determining loss allocation while also being potential stakeholders in other asset classes that are explicitly protected. This is precisely why insolvency frameworks are designed to remove discretion and apply neutral, creditor-first rules.

Additionally, markets were not properly halted once the shortfall became known, and yield/interest distribution continued. Continuing normal operations after insolvency is recognized introduces significant legal risk, particularly where centralized parameter control exists.

It is not possible to define a fair outcome while markets remain partially active. Creditor balances continue to change through borrowing and yield, making any proposed allocation arbitrary. A full pause and fixed snapshot must come first.

This proposal impacts not only passive depositors but also users who were forced to absorb losses and remain materially underwater.

Clarification on the legal framework being relied upon — and the legal counsel advising this process — would therefore be appropriate.

3 Likes
4

Is this going to be compensated with future protocol earnings?

5

I don’t agree with the narrative here at all

“We are evaluating further steps to reduce user impact even more, including potential use of treasury reserves and contributions from the Counterparty Vault (CPV). We are actively evaluating the extent to which these resources can be incorporated. Details will be shared as soon as they are finalized, but we cannot make firm promises at this stage due to ongoing assessments and dependencies”

Lets pull this statement apart:

Firstly, USDC depositors/lenders should not be taking the entire hit from the exploit given that the protocol is actually insolvent, the entire platform assets should be taken into consideration. The better thing to have done would have been to freeze, snapshot and audit, plan a resolution and execute and reopen. Now that approach is very difficult as positions have moved.

Secondly, the design documents clearly state that the CP vault shoulders the risk, and embedded in the small print (which noone knew, and the team have already conceded is a design issue) is the fact that redbank underwrites that in the event of insufficient USDC assets in the account. For each exploited trade there was clearly enough funds in the CP vault to have shouldered the losses incrementally, and yet the CP vault was not drained. This implies a poor implementation. There should be no discussion around using CP vault funds to offset the losses, this is the purpose of it, to now state that this is under discussion is deeply depressing to read.

My view is that the CP vault, the safety fund and other contributions should offset the majority of the losses, given the design issues we are now seeing.

I’d also like to understand why the approach is not considering whole of platform assets when we are talking about a haircut, why should USDC holders be wholly penalised for a design flaw and a poor implementation ? Its wholly wrong IMHO

“we cannot make any promises” — I’m not asking for promises, I am requesting that you follow your own documented mechanics and apply the full CP vault sums to the protocol losses.

I’m also asking for a full justification as to why platform and protocol losses are being levelled at and only at USDC depositors when this is a protcol/platform exploit and the platform is insolvent, I fail to understand why all asset classes, including deposited neutron are not being assessed.

1 Like
6

The approach does not achieve this in the slightest, actually, since your ignoring all platform assets and focussing on USDC, which is wholly wrong given that this is a platform exploit ….!!!

7

Changelog (Updated Forum Post) 19.12.2025

  • Clarified that the proposal only authorizes deploying the Safety Fund to reduce USDC bad debt.
  • Removed snapshot / equitable settlement language to avoid ambiguity.
  • Updated loss estimates to reflect the post–Safety Fund impact (~30%), subject to final accounting.
  • Clearly separated binding actions (Safety Fund usage) from non-binding context (possible additional MPF/CPV contributions).
8

From the wording of your posts, it seems the team’s top goal is to save the protocol.

Mars is a small protocol, and it is clear it cannot survive an event like this. Not if on your own, your current fixes would cover less than 20 % of the shortfall.

Claiming that “the protocol worked as designed” after the most risk-averse investors in the space have likely lost a large share of their capital does not look good.

No reasonable user will deposit another cent on Mars after what has happened.

As several community members have already advised, the only sensible path is to halt operations and carry out a standard liquidation. There is nothing left to rescue.

Imho also for the team, starting fresh under a new name with a clean reputation, ideally on a chain that can offer some financial support in case of future exploits, would almost certainly be easier than carry on with Mars through a slow death.

1 Like
9

This was not clearly stated anywhere. Can you point to any posts or documentation showing that this is how the protocol was always intended to work? Specifically, is there anything that states USDC lenders are meant to backstop perpetuals losses? There is not a single mention of perps in the lending and borrowing section here:

Money markets have traditionally been treated as safe havens, where collateral does not exceed debt. Had this risk been clearly disclosed, I’m confident the resulting losses would have been far smaller. Lending USDC was consistently framed as the most risk-averse strategy, yet the design of the Money Market and the lack of disclosure around its use effectively made it the riskiest option. This would be like if a Money Market fund covered futures or options traders in case of default. It doesn’t make any sense.

As the post is currently worded, it appears that USDC lenders in the Money Market will bear the full loss, while the CPV, which was supposed to be the higher-risk vehicle for USDC exposure, is not impacted at all. This raises a fundamental question: why does the CPV exist if losses ultimately pull from the Money Market? What is the actual benefit of connecting the Money Market to the perps product? From the outside, it seems to introduce significant additional risk without any clear upside.

These contracts were audited, correct? If so, did the audit identify this risk or the way losses would be socialized? If changes were made to connect the USDC Money Market to perps after the audit, were those changes communicated anywhere?

At its core, this is a protocol design and communication failure. If USDC lenders are expected to absorb the full loss, it’s difficult to see how Mars can recover. It’s hard to imagine why anyone would lend USDC on Mars again or trust the protocol going forward.

If there is no viable path to meaningfully reduce or eliminate these losses, Mars should consider an orderly shutdown and use remaining assets to address bad debt. The alternative is a slow erosion of trust and liquidity. This situation also reflects poorly on Neutron as a chain, where one of its leading products has been exploited and visible support appears limited.

That said, there is still a potential path forward. The losses are currently lower than they could have been, and decisive action now could allow Mars and Neutron to emerge stronger. The two communities are small but tightly connected; harm to one ultimately harms the other. With many projects exiting or consolidating in the Cosmos ecosystem, this could be an opportunity for restructuring or consolidation, similar to what we’ve seen with projects like Kujira and Thorchain.

I hope the leadership takes this into serious consideration.

2 Likes
10

There is been little interaction from the team, whatever neutron has said they will do to support is behind closed doors, the mars team are unresponsive aside community type people. I can only conclude that they have been told to remain quiet, the reason for this is obvious, they have not got a leg to stand on in relation to everything you’ve said in your post. The protocol design flaws are evident and my view is the whole of the platform should be taken into consideration and its whole platform assets and dealt with as a platform haircut post activity to transfer funds out of treasury/cp vault etc to lessen the impact. The current proposal does nothing to encourage longer term usage of the platform, simply allows it to limp on with a total erosion of userbase and trust.

11

Looks like this is just the first step in a multi-step approach to solve this problem. The fact that we are even getting 70% of our funds back is a good start, I am keeping my fingers crossed that the Mars and Neutron teams are going to work together to backstop at least some of the 30% loss, whether it be from the CPV vault or other funds. While democratizing losses across all markets would have been nice for us USDC lenders, that wont be possible since withdrawals weren’t halted for all other markets and people who remained in them would be getting hit worse if that was done now.

As much as this sucks to lose $, I would encourage everyone giving feedback on this plan to focus on what can actually be done NOW rather than what should have (and didnt) happen in the past, especially if its no longer possible. That way we can actually come up with a solution to hopefully make us all whole.

Lastly, I think the naming of the markets needs to be re-explored, bc atm, CPV vaults are named in a way that makes most users probably think they this vault is the “counter-party” to all trades on Mars. Since that doesn’t appear to be the case, maybe re-naming, or more clear docs on which markets are exposed to trader PnL is in order…

12

Changelog (Discussion → Proposal Update) - 25.12.2025

What changed compared to the initial forum discussion:

  • Shifted from discussion to execution:
    The post now describes concrete on-chain actions that will be proposed and executed, rather than exploratory mitigation options.
  • Added explicit on-chain implementation details:
    Included the planned Red Bank migration (v2.3.3) and the exact MsgMigrateContract structure used to reconcile USDC market accounting.
  • Clarified scope of remediation funds:
    Explicitly lists which remediation sources are intended to be applied (Safety Fund, MPF funds, MPF-owned CPV), instead of describing them as potential or exploratory.
  • Updated loss estimate:
    Refined the estimated USDC adjustment to ~27%, reflecting consolidated calculations after applying remediation funds (still subject to final confirmation).
  • Removed non-binding settlement language:
    Removed non-binding language to keep the proposal strictly scoped to on-chain execution.
  • Separated forum review from governance submission:
    Clarifies that the on-chain proposal will be posted after the forum review period (3 days) and once final parameters are locked.
13

I’m feeling increasingly powerless here, while the damage being created is significant and irreversible.

USDC lenders did not knowingly underwrite the perp platform. Neither the UI nor the documentation made it clear that Red Bank USDC deposits would absorb perp losses without any upside. A retroactive haircut reframes a disclosure failure as a market outcome.

It has now also been shown that the Counterparty Vault generated ~40k on the day of the exploit, directly sourced from Red Bank. If the CPV exists to backstop counterparty risk, those funds should be deployed immediately and equally. It is deeply disappointing that the CPV is not being fully used, and that Neutron is allowing unequal treatment to proceed while waiting for liquidations to run.

Proceeding with an accounting “reconciliation” while markets remain open and hedged users are being liquidated with a 10% bonus is not neutral. It finalizes loss allocation under centralized control and compounds harm to USDC lenders.

This is a governance choice, not an inevitability. Localizing losses onto USDC lenders for a product they did not opt into sets a very dangerous precedent, for Mars and Neutron as a chain. Especially considering the same product being deployed on two chains with vastly different, unexpected risk profiles.

3 Likes
14

Sharing below a valuable community contribution to this discussion posted on twitter:

1/
Mars Protocol suffered a perps exploit (~$960k) on 14th December. Exploits happen.

What matters now is how losses are resolved: transparency, stopping ongoing harm, and equal treatment of creditors - should be front and centre.

@mars_protocol @neutron_org

2/
Trust is built over years and lost in a day.

A resolution that singles out one creditor class, especially users who reasonably believed they were taking the lowest risk, while others appear structurally protected sets a dangerous precedent.

3/
Minimum steps for credibility remain straightforward: pause markets, halt ongoing redistribution via interest and liquidations, fully and transparently deploy backstop funds, disclose who controls risk parameters, and ensure equal treatment of all depositors.

4/
A core concern is unequal creditor treatment.

Losses are being localized primarily to USDC lenders, not because they took more risk, but because protocol design and discretionary governance choices pushed the shortfall there after the fact.

5/
Asymmetric risk vs reward.

Before the exploit, upside went to borrowers, traders, perps users, protocol revenue, and token economics.

After the exploit, losses fall primarily on USDC depositors.

6/
USDC lenders absorbed tail risk without tail risk compensation.

In traditional finance terms, they unknowingly acted as junior risk capital, not senior lenders, treated like risk capital only once something went wrong.

7/
USDC lenders were effectively treated as the insurance fund for perps counterparty failures after the fact.

Nothing in the UI or documentation made this risk transfer explicit, prominent, or unavoidable for users to understand.

8/
It is also not clear to users that the Osmosis outpost and the Neutron deployment carry fully distinct risk profiles.

Absent clear, prominent differentiation, users reasonably assume comparable risk.

9/
Meanwhile, large positions appear to be actively withdrawing collateral.

This changes the loss surface in real time and raises fairness concerns when markets remain open and loss allocation is still being determined.

image
image1344×482 34 KB

10/
The market is still not fully paused.

Interest accrues and liquidations continue, meaning balances and losses keep changing, making a fair resolution harder with every block.

11/
Mars is moving toward an on chain accounting “reconciliation” via a migration.

While framed as technical, this step irreversibly locks in how losses are allocated, leaving little room for later, neutral redistribution or restitution.
https://x.com/mars_protocol/status/2004118342131478707

12/
The current approach risks liquidating hedged portfolios, including liquidation penalties, while a haircut is applied.

This compounds harm and penalizes users who managed risk responsibly.

13/
The Counterparty Vault raises serious fairness questions.

On chain data suggests it generated ~40k on the exploit day, sourced from USDC lenders, yet it has not been fully deployed to reduce the shortfall.

14/
If a Counterparty Vault exists to absorb counterparty risk, partial or delayed deployment, while USDC lenders bear the dominant share of losses, demands a clear explanation.

15/
Risk parameter changes and market interventions appear centralized in practice.

Where discretion exists, accountability and a transparent, creditor neutral process are essential, especially during a loss event.

16/
On chain data shows USDC borrowing was highly concentrated and heavily dATOM backed.

Regardless of identity, concentration risk reinforces the need for neutral resolution standards, not discretionary loss assignment.

17/
Insolvency of the money market has not been clearly acknowledged.

If liabilities exceed assets, continuing discretionary operations while finalizing selective haircuts risks irreversible creditor harm.

18/
The chain’s handling is deeply concerning. Unequal creditor treatment and discretionary loss allocation without neutral resolution standards sets a dangerous precedent beyond this incident.

Neutron’s role raises serious questions about neutrality.

19/ I am a large Mars USDC depositor and have suffered significant losses from this handling. I actively use Cosmos DeFi that exists today because I want to see this ecosystem thrive & succeed.

Seeing conservative users treated this way is deeply discouraging.

1 Like