Finance Redefined: Hacker bungles DeFi exploit, dYdx's decentralization goals, and more

Published at: April 22, 2022

The decentralized finance (DeFi) ecosystem was filled with ups and downs —mostly the latter— this week, with two very distinct hack attempts and a heartbreaking departure of a DeFi veteran. 

In this week’s newsletter, we will also look at derivative exchange dYdX’s plans to go fully decentralized by the end of the year. The price momentum of the DeFi tokens remained neutral, with several tokens registering a bullish surge. However, the market volatility meant many of them couldn’t hold onto those gains.

Hacker bungles DeFi exploit: Leaves stolen $1M in contract set to self destruct

In a rare comedic bungle among DeFi exploits, an attacker has fumbled their heist at the finish line leaving behind over $1 million in stolen crypto. Blockchain security and analytics firm BlockSec shared on Thursday that it had detected an attack on a little-known DeFi lending protocol called Zeed, which styles itself a “decentralized financial integrated ecosystem.”

The attacker exploited a vulnerability in the way the protocol distributes rewards, allowing them to mint extra tokens which were then sold, crashing the price to zero but netting just over $1 million for the exploiter.

Continue reading

Derivatives exchange dYdX to become ‘100% decentralized by EOY’

Ethereum layer-2-based crypto derivatives trading platform dYdX has vowed to become “100% decentralized by EOY” via the protocol’s v4 update.

At present, only certain components of dYdX are decentralized including its Ethereum smart contracts, governance and staking. However, its “order book and matching engine” are managed by dYdX Trading Inc. — the team that developed the platform.

Continue reading

Andre Cronje sees a ‘necessity for regulation’ ahead of crypto’s new era

Andre Cronje, former Fantom Foundation technical adviser and Yearn.finance founder, resurfaced on Monday via Medium after announcing his departure from the DeFi and crypto space last month. In a post titled “The rise and fall of crypto culture,” Cronje expressed his lamentations of crypto culture as he called for increased regulation and legislation in the industry.

The top highlight in the post is the phrase: “Crypto culture has strangled crypto ethos.” According to Cronje, he has a “disdain” for crypto culture but a “love” for crypto ethos. He explained that the culture, which prioritizes “wealth, entitlement, enrichment and ego,” has suppressed the principles of “self-sovereign rights, self custody and self-empowerment.”

Continue reading

Beanstalk Farms loses $182M in DeFi governance exploit

Credit-based stablecoin protocol Beanstalk Farms lost all of its $182 million collateral from a security breach caused by two sinister governance proposals and a flash loan attack.

The problem with the protocol was seeded by suspicious governance proposals BIP-18 and BIP-19, which were issued on Saturday by the exploiter, who asked for the protocol to donate funds to Ukraine. However, those proposals had a malicious rider attached to them that ultimately created the sinkhole of funds from the protocol, according to smart contract auditor BlockSec.

Continue reading

DeFi market overview

Analytical data reveals that DeFi’s total value locked remained almost unchanged compared to the last week, registering a minor dip of $200 million to sit around $124.8 billion. Data from Cointelegraph Markets Pro and TradingView reveals that DeFi’s top 100 tokens by market capitalization registered a week filled with volatile price action, with many getting back in the green.

The weekly performance of several tokens saw a bullish surge in double digits, barring a few tokens that remained in the red. In the top-100 DeFi list, 0x (ZRX) was the biggest gainer with a surge of 22.5% over the past week, followed by PancakeSwap (CAKE) with a 16.85% surge. Terra (LUNA) bulls also made a comeback with a 15% surge in the last week.

Before you go!

Another update on Axie Infinity’s stolen funds: Binance has frozen nearly $5.8 million of the stolen funds after the hacker group tried to move it using 86 accounts. Binance CEO Changpeng Zhao wrote earlier today:

“The DPRK hacking group started to move their Axie Infinity stolen funds today. Part of it was made to Binance, spread across over 86 accounts. $5.8M has been recovered. We [have] done this many times for other projects in the past too.”

Thanks for reading our summary of this week’s most impactful DeFi developments. Join us again next Friday for more stories, insights and education in this dynamically advancing space.

Tags
Defi
Hacks
Hackers
Decentralized Marketplace
Decentralized Exchange
Related Posts
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
Transaction batching protocol Furucombo suffers $14 million “evil contract” hack
The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple decentralized finance (DeFi) protocols at once, fell victim to the attack at roughly 4:45 pm UTC, which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar to the $20 million “evil jar” attack that struck …
Ethereum / Feb. 27, 2021
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot
Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million. On Saturday, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a “no questions asked” commitment. We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To …
Blockchain / May 1, 2022
Mango Markets exploiter said actions were ‘legal,’ but was it?
The $117 million Mango Markets exploiter has defended that their actions were ‘legal,’ but a lawyer suggests that they could still face consequences. Self-described digital art dealer Avraham Eisenberg, outed himself as the exploiter in a series of tweets on Oct. 15 claiming he and a team undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.” I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they …
Defi / Oct. 18, 2022