Category: DeFi

Categories
Crypto News DeFi Hackers Tokens

SushiSwap Hacked for $3M but Funds Returned Almost Immediately

A mystery rogue developer who allegedly drained 864.8 ETH (US$3 million) from a MISO auction has returned the funds to the original token contract.

SushiSwap’s token launch platform suffered a supply chain attack last week that targeted its ‘Jay Pegs Auto Mart’ auction contract.

The exploit was first identified on September 17 by Sushi’s CTO Joseph Delong, who tweeted a link to the transaction that drained the funds from the protocol.

According to Delong, an anonymous contractor injected malicious code into the MISO front end, replacing the original contract for the Jay Pegs Auto Mart token auction – a parody NFT project imitating the value of a 2007 Kia – with a personal Ethereum address. A total of 864.8 ETH was transferred to the address, but no other auctions were affected.

Threat of Legal Action Prompts Return of Funds

In a string of since-deleted tweets, Delong said that Sushi had “reason to believe” the attacker was eratos1122, a pseudonymous developer who worked with Sushi and other DeFi projects. Delong put up a trail of transactions linked to the hacker’s original address and an ultimatum was also posted threatening the hacker with legal action if the funds weren’t reinstated.

A couple of hours later, the hacker returned 865 ETH to the original MISO contract. Data from Etherscan showed that the hacker’s address was almost completely empty, with Delong himself confirming the news on Twitter.

Accused Developer Threatens Retaliation

It’s still not clear who the attacker was and Delong’s original tweets accusing the former MISO developer have been deleted. The accused person threatened to release some of the MISO code he was working on in the absence of an apology from Sushi and Delong.

While many saw this as a clear sign of the developer’s involvement in the incident, neither Sushi nor any of its founders have commented further on the issue.

Some among the crypto community have slated Sushi and Delong for their handling of the situation. With the protocol mostly built by anonymous developers, making accusations without a proper investigation has negatively affected Sushi’s reputation.

Just last month, a collective effort from the crypto community saved SushiSwap’s token fundraising platform from a potential US$350 million heist.

Almost simultaneous with the MISO exploit, SUSHI gained 23 percent in 24 hours following a growth spurt for decentralised exchange tokens (DEX).

Categories
Binance Crypto Staking DeFi

Decentralised Lending Platform TRAVA.FINANCE Surges 343% in a Week

One of the new DeFi kids on the block has shot up over 300 percent in seven days, making it the top gainer on the Binance Smart Chain (BSC) over the past week.

TRAVA.FINANCE (TRAVA) is a decentralised marketplace for cross-chain lending. What TRAVA does to stand out is that it performs blockchain data analysis to optimise pool parameters to calculate a credit score. This is done to increase profit and decrease risks for all users using the platform.

TRAVA Price Chart. Source: CoinMarketCap

After the coin’s listing and official launch on September 14, it was initially quiet until it broke out with a 343 percent price increase, most of that movement in the past four days. The protocol currently has a US$60 million locked supply and $9.9 million value locked within the protocol.

Last week was a good one for the crypto market with Bitcoin (BTC) rising over 3.24 percent and 10 other altcoins also making considerable gains.

Becoming Your Own Bank

Existing approaches provide only one or a few lending pools with their own parameters, such as borrow/supply interest rate, liquidation threshold, or a limited list of exchangeable cryptocurrencies. TRAVA offers a flexible mechanism where users can create and manage their own lending pools to start a lending business.

TRAVA also offers the credit score function based on financial data on-chain analysis as a useful tool that reduces risk.

Based on the knowledge graph, TRAVA evaluates credit scores for users. Pool owners can define minimum credit scores for pool members to reduce lending risks and offer high Loan to Value ratios for those with high credit scores to stimulate borrowing.

TRAVA allows users to use special assets such as NFT or stock tokens as collateral. Previously, these assets had to be priced through auctions, with auction winners involved in the lending contract to either earn a profit or buy the assets at a low price.

There are various opportunities for people to earn rewards for staking their coins. Check out Crypto News Australia‘s list of the top 10 crypto staking websites for that purpose and getting daily returns.

Categories
Crypto News DeFi Investing Tokens

AVAX Skyrockets Amid $230 Million Investment

Avalanche (AVAX) has completed a US$230 million investment round from several crypto funds and angel investors, catapulting its native token, AVAX, to a fresh all-time high of US$64. 

AVAX Token Surges 23% Amid Tokens Private Sale

The investment round was led by crypto funds Polychain and Three Arrows Capital. R/Crypto Fund, Dragonfly CMS, Collab + Currency and Lvna Capital are among the top investors that participated in the private sale, according to an announcement by the Avalanche Foundation. As per its blog post, Avalanche will use the funds to expand its operation in the DeFi space and support DeFi projects by providing grants, liquidity and token purchases.

Avalanche has quickly turned promise and potential into real-world impact and value creation for DeFi users and developers. The community of builders rallying around the network is a testament to its competitive edge, and there is still so much potential yet to be tapped at the intersection of institutional and decentralised finance on Avalanche.

Emin Gün Sirer, director, Avalanche Foundation

Avalanche completed the investment round in June but disclosed this latest news on September 16. The announcement quickly boosted the AVAX token by 23 percent, now trading at US$64.11 with a 24-hour trading volume of US$2,156,526,602, according to data from CoinGecko.

Further data shows AVAX outperformed its top 20 competitors with a 65 percent gain last week, and is now sitting at 14th place in the crypto market.

Source: Coinmarketcap

AVAX Shows its Competitive Edge

Avalanche is a high-performance blockchain with an estimated rate of 4,500 TPS (Transactions per Second). It currently competes with other high-performance platforms like Solana to become the alternative solution for DeFi protocol developers.

Users can build fast, low-cost and solidity-compatible dApps, besides launching customised private and public blockchains.

Both platforms are challenging Ethereum as leader of the DeFi ecosystem. Several content creators are considering switching to Solana to showcase their NFTs as Ethereum gas fees increasingly present a hurdle for them.

Categories
Blockchain Crypto Exchange Crypto News DeFi Tokens

SUSHI Gains 23% in 24 Hours, Leading the DEX Tokens Surge

SUSHI has gained a mammoth 23 percent in the past 24 hours and is leading the surge following a day of growth for decentralised exchange tokens (DEX). This comes only weeks after a potential exploit of SushiSwap’s (SUSHI) token fundraising platform was foiled by white hat hackers.

In the same period, other DEX tokens PancakeSwap (CAKE) and THORChain (RUNE) gained 2.5 percent and 13 percent respectively. Market cap leader UniSwap also gained 6.23 percent against the US dollar.

DEX token performance on September 16. Source: Messari

SushiSwap, a DApp, has become one of the most popular distributed ledger technologies that allow for the easy transfer and swapping of crypto assets. The exchange is a user-orientated platform in which users provide liquidity in exchange for rewards.

Its native token, SUSHI, is a governance token that enables the community to vote for platform proposals and can be farmed through the yield farming program. Holders of SUSHI, funded by Chef Nomi, an anonymous group, receive a portion of SushiSwap’s trading fees.

SushiSwap Leads the Pack

SushiSwap as a DEX platform has recently branched out to more blockchains than its peers. This has been generating more fees for users and thereby raising the prospect of holding SUSHI tokens.

SUSHI has gained in popularity since it was announced it will be deploying on Arbitrum, a layer-2 scaling solution for Ethereum-powered decentralised applications (DApps). The company also recently announced that stakers had locked in US$30 million worth of SUSHI tokens into Arbitrum’s smart contracts.

The SUSHI ecosystem is showing healthy growth signs as it attempts to scale its DEX solutions across various layer-1 and layer-2 chains. SushiSwap has also unveiled its upcoming non-fungible token (NFT) marketplace, Shoyu.

SUSHI Price Outlook

Following all its announcements, SUSHI has beaten its DEX rivals in terms of interim returns with profits in the past seven days at over 45 percent compared to UniSwap’s 16.93 percent.

However, the token is behind in its year-to-date gains, sitting at 370 percent compared to UniSwap’s 474 percent gain. PancakeSwap’s CAKE has surpassed all its DEX competitors by showing a 3,330 percent return.

The future for SushiSwap looks positive as it currently sits at the fourth-highest DEX market cap. The protocol that started out as a decentralised exchange is growing into something much more than that.

Categories
Crypto News DeFi Hackers Tokens

ZABU Token Tanks 99% After $3.2 Million DeFi Hack

Zabu Finance, a DeFi project running on the Avalanche blockchain, has been exploited for around US$3.2 million worth of its native token, Zabu – plunging its price within minutes to zero.

First DeFi Hack on the Avalanche Blockchain

In what was the first exploit on the Avalanche blockchain, the attacker drained the funds from the SPORE pool, exploiting the “Transfer Tax” mechanism to mint tokens and subsequently plunging its value to zero. The SPORE pool contained 402,9 Wrapped Ether (WETH), 23,157 Wrapped AVAX (WAVAX), 21,501 Pangolen (PNG), 106,848 Avaware (AVE), 361,267 Tether (USDT), and 23,958 JOE.

The attacker found a bug in the contract used by yield farms to distribute rewards. According to security firm PeckShield, the bug has “happened many times before”.

Yet the Zabu Finance team tried to calm down its community, outlining it wasn’t behind the attack and burned all team tokens. The protocol burned the remaining 93.21 million Zabu tokens – around US$360,000 worth.

Another Day, Another DeFi Hack

Zabu Finance is the latest protocol to be hacked, adding to a list of hacked projects this year. A similar case involving Popsicle Finance occurred on August 7 when an attacker manage to drain 85 percent of the deposit pools by taking advantage of a bug found on the smart contracts.

Just a few days later, an unknown attacker managed to drain US$600 million from cross-chain protocol Poly Network. While not a DeFi hack per se, as the attacker turned out to be a white hat hacker (an ethical hacker), it was by far the biggest amount stolen in DeFi history.

Categories
Crypto News DeFi NFTs

OpenSea Bug Destroys $130,000 Worth of NFTs

On September 8, a bug was found on the NFT marketplace OpenSea that destroyed at least 42 NFTs worth around US$100,000, as reported by Nick Johnson, lead developer of Ethereum Name Server (ENS).

42 Users Affected – 28.44 ETH Lost

Johnson discovered the bug when he tried to transfer an ENS name (which comes in the form of NFTs), titled rilxxlir.eth, to one of his personal accounts but instead it was randomly sent to an unused burn address.

The NFT ended up in an address no one uses and thus was lost forever. Despite the fact that the bug was reported and patched up by OpenSea, Johnson started receiving reports regarding at least 32 other transactions from 21 users who were similarly affected, with losses totalling 28.44 ETH, or US$100,000 at the time. OpenSea stated that Johnson was the only affected user of the bug.

The bug has since been patched, and while Johnson said that the rilxxlir.eth NFT didn’t have monetary value, it did have historical value as the first ENS name ever registered.

NFTs Skyrocketing in OpenSea

NFTs are exploding in popularity more than ever, especially at OpenSea, which has become the leading platform for content creators to expose and auction their artworks and digital collectibles. On March 19, the protocol raised US$23 million in a Series A funding round as an attempt to expand its operation.

However, there are some risks as the popularity of DeFi and NFTs increases. As Crypto News Australia reported last month, several OpenSea users were victims of phishing attacks from scammers posing as support staff on the Discord server.

Categories
DeFi Markets

New WallStreetBets Defi App Aims to ‘Take Over’ Traditional Financial Markets

Popular subreddit WallStreetBets (WSB) aims to take over traditional finance with a new application called WSB DApp, a protocol that allows traders to swap synthetic stocks backed by blockchain technology. 

‘DeFi’ing Wall Street’

The r/WallStreetBet group claims it has created a decentralised platform that solves the “fees and market manipulation problem” coming from traditional financial institutions. The protocol is a direct market that allows borderless trading, open 24/7.

Landing page of WSB DApp.

Synthetic Stocks and $WSB

Users can trade synthetic stocks backed by blockchain technology. Synthetic tokens are an options strategy designed to emulate a long stock position in the stock market.

The protocol also has its own native token, $WSB, of which there are 1 billion in circulation. WSB is priced at 0.03 with over US$1 million worth of WSB exchanged in the past 24 hours.

The token has been performing pretty well in the market. One-month metrics show WSB is up 58 percent to date, and its aggregate WSB market valuation hit over US$30 million last weekend.

Jaime Rogozinski and WallStreetBet

According to a recent video on Twitter posted by @wallstreetbets, the project is led by Jaime Rogozinski , a Mexican writer and founder of WallStreetBets, and author of WallStreetBets: How Boomers Made the World’s Biggest Casino for Millennials.

Video posted by WallStreetBets. Source: Twitter.com

The subreddit group has become one of the largest communities in the retail trading world, featured in several important outlets including CNN, Forbes and Fortune, especially after the community joined forces to purchase massive amounts of GME stocks and hold them in an attempt to drive the stock price higher and defy hedge funds, causing worldwide controversy.

The GME hype might be over but now WSB wants to bring a more democratic space, rooted in the core concepts of decentralised finance, concepts that seemed flipped over when last week the SEC quietly signed a deal to spy on crypto/DeFi transactions with Californian analytics firm AnChain.AI.

Categories
Crypto News DeFi Insurance Tokens

RULER Token Down 87% as DeFi Insurance Provider Unexpectedly Shuts Down

Decentralised Finance (DeFi) project COVER and its lending affiliate RULER have closed down after the unexpected departure of the protocol’s development team, causing a significant drop in the value of both tokens.

In the announcement by COVER community manager DeFi Ted, there was no mention as to why the development team decided to pack up:

The decision to do this did not come easy and is a final decision the remaining team made after reviewing the path forward after the core developers suddenly left the projects.

DeFi Ted, COVER community manager

It was decided that the remaining treasury funds would be split among the token holders and that they will no longer continue with the RULER & COVER token or contracts, meaning the user interface will remain shut down.

Compensation will be distributed as per block number 13162680, though founding members won’t be among the holders being compensated.

Tokens Take a Dive

COVER’s token has fallen US$45 since Ted’s announcement, from US$269 to $224. As uncertainty from the news grips token holders, daily trading volume has soared from US$3.5 million to $19 million. The price of both protocols’ tokens dove on the news, RULER also crashing from $10.68 to $1.37, according to CoinMarketCap.

After it fell victim to an infinite minting hack in December 2020 which left its customers markedly uncovered by its insurance policies, there has been speculation about the protocol’s safety. At least the white hat hackers returned the 4350 ETH they stole, attaching to the transaction the message, “Next time, take care of your own shit.”

Both DeFi and their insurance platforms are targets for hackers looking to exploit volatilities on platforms holding large volumes of assets. Earlier this year, Nexus Mutual was also targeted by an attack.

What is DeFi Insurance and Why Do People Want It?  

By locking up tokens on COVER as collateral, users received tokens that would cover them in case a DeFi protocol they invested in was hacked, rug-pulled or exploited. The value of these tokens depended on the degree of risk of the smart contract. 

According to fintech company Yield, “DeFi insurance aims to protect users from losses in return for a specific premium based on the size of their holding and which platform they are holding it with. “

A DeFi insurance policy instead relies on its community of users to dictate premiums and orchestrate payouts, where traditional finance relies on a multinational insurer.

Categories
DeFi Regulation

SEC Begins ‘Actively Investigating’ World’s Largest DEX

The Securities and Exchange Commission (SEC) is reportedly investigating Uniswap Labs, the parent company of the leading decentralised exchange (DEX), Uniswap. 

The SEC Wants to Regulate DeFi

The Wall Street Journal reported the news on September 3, citing “people familiar with the matter” that SEC enforcement attorneys are actively investigating how users interact with the protocol and how the DEX is marketed.

This comes after the regulatory body highlighted its interest in tapping into the crypto and the decentralised finance (DeFi) space by overseeing crypto operations and lending. 

Naturally, the crypto community has rejected the SEC’s intentions to enter what the regulatory body has called “the wild west of finance”. 

Last month, SEC chairman Gary Gensler called on US Congress to give the agency more authority to police the crypto market and oversee DeFi platforms, which, unlike centralised exchanges, are not regulated in the US.

A Uniswap Lab spokesperson told WSJ that the company is “committed to complying with the laws and regulations governing our industry and to provide information to regulators that will assist them with any inquiry”.

Uniswap Removes 100 Tokens – Afraid of Regulatory Pressure

It should be noted that the SEC’s probe into Uniswap comes shortly after the DEX removed 100 tokens – including synthetic tokens, options and indexes – from the main user interface at the end of July, citing “regulatory pressure” as a major influence on the decision, something that had the crypto community questioning Uniswap’s decentralised system.

Uniswap currently accounts for the entire Ethereum-based DEX trade volume, with over US$10 billion in tokens swapped in the past week as per Dune Analytics data.

Requests for information have a high cost, and the SEC is tapping into the DeFi space by gathering information from one of the biggest DEXs. As pointed out by ShapeShift founder and CEO Erik Voorhees:

It should be highlighted that when a regulator ‘gathers information’ it means millions of dollars in legal costs and millions more in lost productivity is incurred by the target. When no wrongdoing is found, the regulator doesn’t reimburse for its transgression, nor even [does it] offer apology.

Erik Voorhees, CEO/founder, ShapeShift [Twitter]

Categories
Crypto News DeFi Hackers

Cream Finance to Pay Back Users $19 Million via Protocol Fees Following DeFi Hack

Cream Finance (aka C.R.E.A.M.), a popular decentralised lending protocol, has allocated 20 percent of all the fees it charges to repay affected customers from a recent exploit in which it lost US$19 million.

Cream has announced repaying affected users after a flash loan hack at the end of last month. The team said it will post Cream collateral with Flexa, creator of AMP, to ensure the debt is entirely paid.

Additionally, the Cream team is offering a 10 percent bug bounty to the attacker and up to 50 percent for third parties who can assist the protocol to recover the funds.

We learned from this exploit and will use it as an opportunity to strengthen our protocol. Exploits are setbacks but this won’t stop us from fulfilling our mission to drive capital efficiency and meet the decentralised lending needs of individuals, institutions and protocols.

C.R.E.A.M. Communications announcement

At first, it was thought the hacker had stolen just over US$19 million, but after updating prices the total loss surpassed US$37.5 million.

Not the Best Year for Cream Finance

As Crypto News Australia reported this week, Cream Finance was exploited for the second time in six months. On August 31, an unknown attacker managed to drain 462 million AMP and 2,800 tokens – worth US$29 million – from its vault. According to blockchain security firm PeckShield, the attacker took advantage of an error in the integration process of AMP, forcing the protocol to halt supply and borrow on AMP to stop the exploit.

Five months ago, Cream and PancakeSwap suffered a DNS attack following several notices shared on social media, leaving users exposed to the protocols’ websites.

It’s always advisable to DYOR (Do Your Own Research) before investing in a DeFi protocol, as hackers, scammers and other malicious actors are thriving in this ecosystem.