Overview
SharedStake was effectively rugpulled in June 2021. The protocol is dead for practical purposes.
SharedStake launched in early 2021 as one of the earliest Ethereum liquid staking protocols, offering vETH2 as a liquid staking derivative token. The concept was straightforward — users deposit ETH, receive vETH2 representing their staked position, and SharedStake manages the validator operations. The protocol aimed to democratize ETH 2.0 staking for users who couldn't meet the 32 ETH minimum validator requirement.
The rugpull occurred in June 2021 when a developer with access to the protocol's multisig treasury drained approximately $500,000 worth of SGT (SharedStake Governance Token) from the treasury. The developer, who had privileged access to the protocol's smart contracts, minted and sold SGT tokens, crashing the token price and draining the treasury reserves that were meant to fund protocol development.
The community attempted to continue operations after the rug, with remaining team members and community volunteers trying to maintain the protocol. A governance transition occurred, and the protocol limped forward in a diminished state. However, trust was irreparably damaged, TVL drained to near-zero, and the protocol never regained meaningful adoption.
SharedStake serves as an early cautionary tale about the risks of concentrated control in DeFi protocols — particularly the danger of giving individual developers administrative access to treasury funds without adequate safeguards.
Smart Contracts
Original Architecture
SharedStake's smart contract architecture was relatively simple — a staking pool contract that accepted ETH deposits, a vETH2 token contract representing staked positions, and governance/treasury contracts. The staking mechanism itself functioned correctly — ETH was properly staked on the Beacon Chain and vETH2 was properly minted.
Vulnerability
The critical vulnerability was not in the staking contracts but in the governance and treasury contracts. The developer who performed the rugpull had excessive administrative privileges — specifically, the ability to mint SGT tokens from the treasury without multi-party approval. This single point of failure enabled the treasury drain.
Post-Rug State
After the rugpull, the staking contracts continued to function — staked ETH remained on the Beacon Chain, and vETH2 holders' underlying staking positions were not directly affected. However, the protocol's governance, treasury, and development capacity were gutted.
Security
Catastrophic Failure
SharedStake's security failed at the most fundamental level — insider access control. The rugpull demonstrated that the protocol's treasury was not adequately protected against malicious insiders. Basic security practices like multi-signature requirements, timelocks, and separation of duties were either absent or insufficient.
The Rugpull
The developer exploited their privileged access to mint approximately 800+ ETH worth of SGT tokens from the treasury, then sold them on DEXes. The attack was executed over a short period, crashing SGT's price by over 90%. By the time the community realized what was happening, the damage was done.
Lessons Not Learned in Time
SharedStake launched during a period (early 2021) when many DeFi protocols were built with insufficient access controls. The rugpull occurred before the industry had fully internalized the necessity of rigorous multisig requirements, timelocked operations, and transparent treasury management for all admin functions.
Decentralization
Centralized Control
The rugpull proved that SharedStake's governance was effectively centralized in the hands of a small team with disproportionate access. The "governance" token (SGT) provided theoretical community control but practical power resided with those holding admin keys.
Post-Rug Community Governance
After the rugpull, the remaining community attempted to implement genuine decentralized governance. This effort was admirable but hampered by the absence of treasury resources, destroyed reputation, and the technical complexity of managing a staking protocol without the original development team.
Adoption
Dead
SharedStake has effectively zero adoption. TVL is negligible. No rational user should deposit new ETH into SharedStake when established alternatives (Lido, Rocket Pool, EtherFi) offer vastly superior security, liquidity, and operational track records.
Historical Context
At its modest peak, SharedStake held several million dollars in staked ETH. Even before the rugpull, it was a small player compared to Lido (which was already growing rapidly in 2021). The rugpull eliminated what little adoption existed.
vETH2 Holders
Any remaining vETH2 holders face an illiquid, trust-damaged liquid staking derivative. The underlying ETH is staked on the Beacon Chain, but the protocol's ability to manage withdrawals and conversions is compromised by the lack of active development and treasury resources.
Tokenomics
SGT Token (Worthless)
SGT, the governance token, collapsed in value after the rugpull. The token was the direct target of the exploit — the developer minted and dumped SGT tokens, destroying its value. Any remaining market price is purely speculative and near zero.
No Economic Model
With no TVL, no development, and no treasury, there is no functional token economy. SGT has no utility, no governance power over a meaningful protocol, and no value accrual mechanism.
Risk Factors
- PROTOCOL WAS RUGPULLED. Developer drained ~$500K from treasury in June 2021.
- Trust permanently destroyed. No recovery path for protocol reputation.
- Zero meaningful TVL. No users should interact with SharedStake.
- No active development. Protocol is effectively abandoned.
- SGT token worthless. Governance token destroyed by the rugpull.
- vETH2 illiquidity. Remaining holders face liquidity challenges.
- Better alternatives exist. Lido, Rocket Pool, EtherFi offer vastly superior options.
Conclusion
SharedStake is a cautionary tale about the critical importance of access controls in DeFi protocols. An early Ethereum liquid staking protocol with a functional staking mechanism was destroyed not by a smart contract exploit or economic attack, but by a single developer with excessive administrative privileges who drained the treasury.
The 1.6 score reflects a protocol that failed at the most basic security requirement — protecting against insider theft. The smart contracts score 3 because the staking mechanism technically functioned; everything else scores at or near minimum because the rugpull destroyed the protocol's viability. SharedStake's legacy is a simple but critical lesson: never trust a DeFi protocol where a single individual can drain the treasury. Multi-signature controls, timelocks, and transparent governance are not optional — they are existential security requirements.