You get hacked, they get hacked, everyone gets hacked, Nov. 11–18
Published
1 Monat ago
on
By
If people actually used insurance against hacks, this week would definitely have bankrupted a great many insurers. In the span of one week, a total of four flash loan-enabled exploits were registered (one actually happened the week before, but wasn’t noticed until later).
We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol’s loss of $7 million.
In total, the hackers stole $18.3 million, which admittedly, is not that much — less than the single October exploit of Harvest Finance.
As always, the most common comments on the subject are “were they audited?” and “flash loans are bad.” Now, in terms of auditing, I was able to find reports for all of them except Cheese Bank (maybe it was reviewed, it’s just not immediately obvious).
I feel like a broken record by now, but people really need to understand that audits are always going to be limited in their effectiveness. Security companies just don’t have enough eyes and enough time to find everything.
If you want to point at something, I’d focus on the fact that none of these except for Akropolis had an immediately discoverable bug bounty. Even then, given how easy it is to steal money in crypto, these projects should be far more competitive with their payments than any other sector. Audits, which apparently run for more than $200,000 if you want premium quality, don’t seem like the most efficient use of money.
Obviously, bounties won’t suddenly turn blackhat hackers into upstanding citizens, but it may change the life of some poor kid who does this for a living and decides to scan your protocol for his lottery ticket. They’d be more than happy to receive $100,000 and have a clean conscience while saving you millions of dollars down the line.
Flash loans are tough, but fair
As for flash loans, I think they’re the greatest tool for increasing DeFi market efficiency that we have at the moment. Their intended usage is to arbitrage various assets across protocols — buy low on Uniswap, sell high on SushiSwap, all without committing your own capital. They’re also useful to quickly unwind your positions on lending protocols, and I’m sure there are other uses. In short, they’re pretty great.
And yes, flash loans do make hacks simpler. But note that anything that can be done with a flash loan can also be done with a large pile of cash. Hackers may not be that wealthy in general, but it’s actually better for the ecosystem to weed out weak implementations and protocols before it grows to accommodate a billion-dollar hack.
It’s definitely painful to be on the receiving end of a hack, but it’s also a known risk that should be managed. Sometimes it may just be bad luck, but that explanation should only be used when every possible mitigation strategy has been exhausted. I hope each protocol that gets hacked takes steps to ensure it never happens again. Otherwise, the hacks will continue until security improves, or until the protocol is dead.
DEXs fight over the crumbs left by Uniswap
Uniswap, at one point the largest protocol by total value locked with $3 billion, predictably lost more than half of it just as soon as it stopped printing UNI rewards for its Ether pools.
Most of that made its way to SushiSwap, which went from about $200 million to $1 billion in TVL. Cheekily, the project shifted its yield-farming incentives to the same pools used by Uniswap just one day before expiry.
Then Bancor stepped up by launching its own liquidity mining program, followed by Mooniswap today. The latter two seem to be having modest results, adding maybe $10 million each so far.
So we’re definitely seeing some pretty aggressive competition in that space, powered by a lot of token printing.
But my thesis from last week appears to be mostly correct — Uniswap doesn’t care. $1.3 billion with absolutely no subsidies is a pretty amazing result. It’s more than six times higher than before this whole yield-farming season started. Volume is also remaining stable.
Uniswap’s fortunes could, of course, change in the future as the market continues readjusting. Either way, I think this is both a good and bad sign for the future. On one hand, we’re seeing pretty clear long-term stickiness after yield farming — proving that it’s at least somewhat successful at generating organic interest.
On the other hand, we’re seeing that yield farming is somewhat successful, so it may remain a long-term staple of the DeFi world. The concept does have merits, but this summer showed that people often don’t understand what they’re getting into.
As a heads-up, any time a DeFi protocol’s token can be staked to receive more of the same tokens, that’s a very clear Ponzi-like dynamic. It’s a dangerous game to play, just ask people who bought SUSHI at $11. You could argue that Ethereum 2.0 staking is the same, apparently disproving my thesis. The difference is that the much saner yields avoid the huge boom-and-bust cycles typical of many DeFi “fair launches.”
Maker liquidators are ‘slacking off’
Another issue pointed out this week was the fact that Maker’s keepers — the agents responsible for liquidating bad debt — turned out to be completely avoiding small, undercollateralized loans. It appears that opening a vault for $100 is just so uninteresting to them that they will ignore it even if it falls below the safety threshold that would let them liquidate it.
It’s fairly easy to see why. Liquidators would get a discount of maybe 5%, so their theoretical profit is just $5, easily eaten by gas fees.
Opening thousands of small vaults is not that expensive and could result in a dangerous vulnerability for Maker. Rational keepers would never liquidate this debt, especially if it were left to rot and decisively fall below the 100% collateralization threshold.
That would create unbacked Dai in a manner very similar to Black Thursday. I’m sure that in practice, some stakeholders would act altruistically to liquidate debt at a loss before it’s too late. Plus, the system is designed to be bailed out in these situations, as we’ve seen with the MKR auctions after the incident earlier in the year.
But this and the flash-loan vulnerability from a few weeks earlier signal that there is some trouble in paradise. For example, one of the reasons why the community refused to compensate victims of Black Thursday is that it was seen as a failure of the market, not the auction system.
That makes sense, but this latest discovery jolted the community to patch up the issue while waiting for a slight redesign of the auction system. That betrays a certain cognitive dissonance — they say the system “worked fine” earlier, and yet now it needs to be changed up due to a similar market failure.
Personally, I find Maker governance fascinating and unique among its peers. They’ve had to deal with some very tough choices this year that go well beyond tweaking arbitrary collateral parameters.
I don’t really agree with some of those choices. I definitely feel that the decision not to refund Black Thursday victims was short-sighted, though perhaps it was the product of mutual distrust given the class-action lawsuit hanging over their head.
But that is human nature, and I expect that DeFi governance will eventually go through many of the lessons that history has served us. Some people have high hopes for DeFi governance to reshape societies just because it’s “decentralized.” I hope that will be the case, but so far I’m just seeing your run-of-the-mill politics, complete with vested interests, propaganda and deflection.
Bitcoin price rally cools down as Polkadot gains 34% in first week of ‘altseason’
Published
10 Stunden ago
on
Dezember 29, 2020
By
Bitcoin (BTC) fell below $26,000 on Dec. 29 as fresh fallout from Ripple’s threatened U.S. lawsuit was felt throughout crypto markets.
Cryptocurrency market overview. Source: Coin360
BTC price dips as Coinbase halts XRP trading
Data from Cointelegraph Markets, Coin360 and TradingView showed BTC/USD hitting lows of $25,830 during Tuesday trading.
$27,000 support failed to hold overnight, sparking a retest of lower levels which now center on $26,000. At the weekend, Bitcoin hit all-time highs of $28,400 before swiftly reversing.
The latest losses come as XRP, the fourth-largest cryptocurrency by market cap, hits $0.23 thanks to major U.S. exchange Coinbase opting to suspend trading from next month. The reason is a lawsuit from the U.S. Securities and Exchange Commission (SEC), which threatens to classify XRP as an unlicensed security and make trading it all but impossible.
“There is going to be a rangebound construction, after which 2021 will most likely break out again,” Cointelegraph Markets analyst Michaël van de Poppe summarized about Bitcoin’s short-term perspectives in a video update on Monday.
Analyst braced for altseason
Van de Poppe is eyeing altcoins as next in line to see major gains. XRP notwithstanding, the market is already showing signs of life, with Ether (ETH) climbing above $700 for the first time since May 2018 this week.
Another winner on Tuesday was Polkadot (DOT), now the seventh-largest token by market cap, which saw a 22.5% daily rise, capping weekly performance of nearly 34%.
For Van de Poppe, the next “impulse wave” on Bitcoin in 2021 should take the market to $40,000 or $50,000, but “until then, altcoins will most likely do well.”
He additionally pointed to a likely top in Bitcoin market cap dominance, which at almost 70% should soon give way to altcoin presence. December tends to see BTC dominance peaks, with 2017, the time of Bitcoin’s first attempt to crack $20,000, a notable comparison.
Dynamic Set Dollar faces “massive test” as stablecoin falls as low as $.27
Published
2 Tagen ago
on
Dezember 28, 2020
By
While wild price action on Bitcoin and Ethereum have claimed the attention of most traders over the Christmas weekend, a select sect of crypto traders are following an experiment playing out in real-time that may have implications for the future of stablecoins: the fate of Dynamic Set Dollar.
Dynamic Set Dollar and its DSD token is an algorithmic stablecoin project designed to — eventually — track the United States Dollar on a 1-1 ratio with DSD. During expansionary cycles, such as one that led DSD as high as $3 per token last week, users are rewarded with freshly-printed “rebased” tokens for providing liquidity.
According to Avalanche blockchain platform founder Emin Gün Sirer, however, developers of protocols like DSD face a much tricker task during price dumps like the one DSD is currently experiencing: incentivizing users to adjust the amount of tokens in circulation. In DSD’s case, holders can burn their tokens at any time for “coupons” which they can redeem at any point within 30 days so long as DSD is above $1 per token — hypothetically enabling them to reap significant profit.
“These mechanisms rely on whales who will jump in and out of the coin in order to stabilize its price around the intended target,” said Sirer in an interview with Cointelegraph. “And they implicitly assume that the whales share the exact same worldview as the coin’s designers: that the stablecoin should be worth $1. But if the whales do not share this view themselves, […] the coins can fail and break their intended peg.”
In a Twitter thread on Saturday, Sirer noted that this disconnect between game theoretics and developer intentions can lead participants in a protocol to identifying a Schelling point/price peg, but not the one developers had in mind:
To use technical jargon, there may indeed be a Schelling point, but that point may reside somewhere other than the designer’s intended $1. Let me illustrate.
These dicey dynamics have led other observers, such as Ari Paul, the chief investment officer at BlockTower Capital, to conclude that the project is indistinguishable from a “pump and dump.” Decentralized finance (DeFi) maven Tyler Reynolds, however, believes that if DSD pulls through, it could mean that it’s established itself as “the next big decentralized stablecoin.”
These just look like pump and dumps to me♂️. Not necessarily by design, or the fault of the team, but how many Ample’s do we need? Those in early and out early make a ton of money. By the time people buy off of influencer tweets, they’re probably losing 60%+ within a month.
For Sirer, these kinds of uncertainties are to be expected — and traders need to take them into account.
“Because the science behind these experiments is not yet well-established, there is considerable risk and traders need to carry out their own research,” he said. “Personally, I look for three critical components: uses for the stable coin beyond just speculation; an incentive mechanism that offers realistic, modest yields during periods of stability; and a dedicated, well-capitalized, and competent team behind the coin.”
So far, the market seems to think Dynamic Set Dollar clears the bar. After hitting a low of $.27 earlier today, DSD has been climbing steadily and sits at $.63 at press time. Moreover, intrepid block explorers have noticed significant on-chain volumes indicating that whales are indeed buying and burning DSD for coupons:
789k $DSD spent on coupons what a chadhttps://t.co/aVJan57lgt
Still, Sirer warms that even if DSD recovers, it could be subject to future gut-punch dumps.
“Algorithmic stablecoins all incorporate feedback loops designed to dampen oscillations around the targeted peg value,” he said. “They seem to do best when they are trading close to the target peg, and not so well when they diverge. A coin that veers into dangerous territory and then recovers might very well be subject to similar oscillations in the future.”
Aside from price action and traders’ fortunes, however, Sirer says these experiments are also key to pushing DeFi forward. Sirer points to MakerDAO, Balancer, DyDx and Uniswap as previous algorithmic experiments that have become “genuinely useful instruments that provide critical functionality.”
And in the end, as the science gets better, projects like DSD will eventually achieve long-term viability, he concluded.
Bitcoin4 Monaten ago
Regulation3 Monaten ago
Bitcoin3 Monaten ago
Altcoin3 Monaten ago
Cryptocurrency4 Monaten ago
Monero9 Monaten ago
Blockchain3 Monaten ago
