Finance Redefined: Wonderland reveal and Wormhole hacked, Jan. 28–Feb. 4

Published at: Feb. 4, 2022

Welcome to the latest edition of Cointelegraph’s decentralized finance newsletter.

It’s been a tumultuous week of doxxing, hacks, bailouts and new highs in the decentralized finance space. Read on to recap the most impactful stories of the last seven days. 

This article represents a conspectus of the full email newsletter. For the full edition, sign up via the box below.

Wonderland lost in no mans amid Sifu saga

Following the revelatory identification of previously anonymous QuadrigaCX co-founder Michael Patryn as the founder of DeFi protocol Wonderland — known on social media as @0xSifu — a subsequent community vote decided upon the permanent closure of Wonderland for outstanding security concerns.

The saga commenced when DeFi investigator Zachxbt doxxed Patryn to be Sifu, a figure with a notorious reputation within the digital asset space for alleged fraudulent and illicit activity, most notably regarding the $145-million losses incurred at Canadian-based cryptocurrency exchange QuadrigaCX in December 2018.

Having been made aware of Sifu’s real identity one month prior to this week’s announcement, Daniele Sestagalli, co-founder of Wonderland and stablecoin protocol Abracadabra, posed a crucial question to the community members: “Do we wind down or continue to fight for the aspect of an investment DAO being a revolutionary new organization?” Sestagalli stated his personal preference to be the latter, to fight.

From a technical perspective on Jan. 15, Wonderland recorded a near all-time high of $776.64 million in total value locked, or TVL. However, as a consequence of the exposure, the TVL figure dropped substantially to $78.57 million on Jan. 25, marking an 89.9% demise. At the time of writing, the figure has somewhat recovered to $408.59 million.

In true Web3 style, the decision to “Wind down Wonderland and give the treasury back to its holders” was put to a community snapshot vote. The two-day governance participation resulted in a split decision, an inconclusive majority with 116,000 TIME tokens allocated to the decision of no, and 95,000 to yes.

In response to this, co-founder Sestagalli assessed that “the duty of the team is to enact the will of the token holders. As the vote is so close to 50/50 there is only one path forward, it is to reimburse/unwind,” confirming this in a follow-up tweet.

1/Wonderland experiment is coming to an end. It is clear from the vote that the community is divided. The core and heart of Wonderland is still the community. If we cannot find agreement on wether to continue or not, it means that we failed.

— Daniele never asks to DM (@danielesesta) January 30, 2022

Discussions within the community are vehemently ongoing in a bid to find an accommodating solution to the Wonderland saga for all involved. Proposals currently at the forefront are a merger with Abracadabra or a transition to a DAO structure with greater transparency.

Wormhole exploited for $321M, parent bails it out

DeFi bridging protocol Wormhole suffered a significant security exploit on its network this week to the tune of 120,000 Wrapped Ether (wETH) tokens, equivalent to $321 million at the time of impact — the second-largest hack in the history of decentralized finance behind Poly Network’s seismic $610-million breach in August 2021.

Wormhole is known within the industry for its cross-chain token bridge service in which users can transfer crypto assets between chains such as Ethereum, Solana and Polygon, among others, without interacting with centralized exchanges.

After analyzing blockchain data, it was uncovered that the attacker minted 120,000 wETH on Solana and then proceeded to redeem 93,750 wETH for Ether (ETH) worth $254 million. The remaining wETH was swapped for Solana (SOL) and USD Coin (USDC) on Solana.

Following on from this, the hacker utilized a portion of the funds on an asset-buying spree that included SportX (SX), Meta Capital (MCAP), Finally Usable Crypto Karma (FUCK), as well as the highly anticipated soon-to-be-released asset, Bored Ape Yacht Club Token (APE).

In response, the Wormhole team pledged to the community that the token supply, in addition to the one-to-one backed asset total, would be fully reinstated and is offering a generous whitehat bug bounty reward to the malicious entity for full recompensation of the funds.

The hack risked serious cascading ramifications for protocols and platforms within the Solana ecosystem that rely on the wETH supply for collateral. If their assets were not backed with wETH, investors would have been unable to utilize the service, perhaps lose confidence, and, therefore, short the asset. Solana fell around 13% in the fallout of the news.

In a fortuitous turn of events, Wormhole’s parent company, Jump Crypto, stepped in to bailout the platform and restore all lost funds, an action confirmed by Wormhole in a tweet.

1/2All funds have been restored and Wormhole is back up.We're deeply grateful for your support and thank you for your patience.

— Wormhole (@wormholecrypto) February 3, 2022

Despite a resolution for the platform’s affected users, concerns still remain as to the whereabouts of the $321 million in lost funds, in addition to the intentions of the hacker within the marketplace.

Ethereum hash rate hits new ATH in PoS transition

Quantitative insights from popular data aggregation site Glassnode this week revealed that the hash rate for Ethereum reached a new all-time high of 1.11 petahash per second (PH/s) on Jan. 28, surpassing the previous figure of 1.08 PH/s established just 15 days prior.

Fluctuations in the hash rate of proof-of-work (PoW) networks such as Bitcoin and Ethereum are prime indications of additional nodes joining the network, scenarios that ultimately result in higher security and more expansive decentralization of the network.

#Ethereum $ETH Mining Difficulty just reached an ATH of 13,119,856,939,346,200Previous ATH of 13,076,339,792,989,700 was observed on 23 January 2022View metric:https://t.co/s9t4z96wMA pic.twitter.com/Cxk3JMg1Qp

— glassnode alerts (@glassnodealerts) February 1, 2022

In December 2021, participants of the Ethereum network implemented the Arrow Glacier upgrade, an initiative designed to delay the activation of a coding mechanism that is set to halt production of mining activities on the network, otherwise known as the “difficulty bomb.”

It is widely expected that Ethereum’s transition to PoS will occur during the latter half of 2022, with Arrow Glacier being the final upgrade, a market sentiment recognized by one of the core developers facilitating the upgrade, Tim Beiko, during a recent commentary.

Token performances

Analytical data reveals that DeFi’s total value locked slightly increased by 8.87% across the week to a figure of $109.92 billion, attempting to recover from the market downturn in recent weeks.

Tezos (XTZ) reported the highest score in the top 100 following its partnership with Manchester United at 31.60%. Maker (MKR) came in second with a respectable 25.54% gain, while Convex Finance (CVX) recorded a 19.46% increase. Curve DAO Token (CRV) and Oasis Network (ROSE) gained 15.29% and 11.79%, respectively.

Interviews, features and other cool stuff

Blockchain startups grow as global VC funding generated $25.2B in 2021Web3 developer growth hits an all-time high as ecosystem maturesIs the rise of derivatives trading a risk to retail crypto investors?

Thanks for reading our summary of this week’s most impactful DeFi developments. Join us again next Friday for more stories, insights and education in this dynamically advancing space.

Tags
Blockchain
Defi
Hacks
Hackers
Proof-Of-Stake
Security
Proof-Of-Work
Hash Rate
Related Posts
Poly Network hacker appears ready to return stolen funds
Following a massive $600-million exploit of cross-chain protocol Poly Network, the Poly Network hacker has claimed his willingness to return the stolen cryptocurrency funds. At about 4:00 am UTC on Wednesday, the hacker sent an Ethereum transaction to themselves, stating that they were “ready to return the fund” in an embedded transaction message. In a subsequent message, the hacker asked for a multisig wallet address to return the funds to Poly Network. “Failed to contact the poly. I need a secured multisig wallet from you,” the hacker noted. Poly Network’s Twitter account posted an update on Wednesday, providing three separate …
Decentralization / Aug. 11, 2021
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects
Immunefi, a security service outfit that specialized in decentralized finance (DeFi) projects, has inked a collaboration with the Binance Smart Chain. According to a release issued on Friday, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards. As a security outfit, Immunefi has reportedly paid more than $3 million in bug bounties to ethical hackers. Major BSC protocols such as PancakeSwap, DODO, and Zapper among others are already deploying the …
Blockchain / July 9, 2021
Uranium Finance developer suspected of ‘leaking’ information leading to $50M exploit
The $50 million exploit of Uranium Finance, a decentralized finance protocol on Binance Smart Chain, may have been an inside job, according to a member of the project’s development team. The theory was put forward in Uranium Finance’s Telegram channel by a user named “Baymax,” who appears to be listed as an administrator. In a pinned post, Baymax explained that the security flaw leading to the exploit happened just two hours before version 2 of the protocol was launched. The suspicious timing of the exploit narrows down the list of potential perpetrators significantly. Baymax explained: “There are a total of …
Blockchain / April 28, 2021
ImmuneFi report $10B in DeFi hacks and losses across 2021
Decentralized finance, or DeFi, security platform and bug bounty service ImmuneFi published an official report on Thursday which calculated the total volume of losses in the cryptocurrency markets in 2021. According to its report, the company found that losses resulting from hacks, scams and other malicious activities exceeded $10.2 billion dollars over the past year. Responsible for protecting over $100 billion worth of assets for a number of well-established DeFi protocols, including Synthetix, Chainlink, SushiSwap and PancakeSwap, among others, ImmuneFi has regularly facilitating seven-figure pay-outs to whitehat hackers and other good-willed entities for preventing protocol compromises. According to the report, …
Decentralization / Jan. 7, 2022
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022