Category: DeFi

Categories
Crypto News DeFi

How a Crypto Dev Faked a $7.5 Billion ‘Active’ DeFi Ecosystem

The Macalinao brothers, founders of Solana’s leading cross-chain stablecoin exchange, Saber Protocol, have reportedly been using numerous pseudonymous developer profiles to pump and fake the total value locked (TVL) on the Solana blockchain to the tune of US$7.5 billion.

An investigation by CoinDesk has revealed that by collectively misrepresenting themselves, Ian and Dylan Macalinao created the identities of 11 independent developers who appeared to be working on a variety of projects. In so doing they created the illusion of an active developers’ community on the Saber protocol, thereby artificially stimulating investment demand for it and the entire Solana ecosystem.

Ian Macalinao, coding as 11 independent developers, created a vast web of interlocking DeFi protocols that projected billions of double-counted value onto the Saber ecosystem. That, in turn, temporarily inflated the TVL on Solana, which became a problem as DeFi regards TVL as a barometer for on-chain activity.

‘Army of Anons’ Lent Credibility to the Project

By posing as collective developers, Ian Macalinao was able to artificially inflate Solana’s TVL by up to US$7.5 billion of Solana’s US$10.5 billion TVL. As the TVL of a DeFi platform rises, its liquidity, popularity and usability also increase, making it an important metric for investors.

Macalinao admitted to creating the false TVL in an unpublished blog, writing: “If an ecosystem is all built by a few people, it does not look as authentic. I wanted to make it look like a lot of people were building on our protocol, rather than ship 20+ disjoint[ed] programs as one person.”

Dylan Macalinao added in another blog post:

There’s only one way to build a strong moat in crypto: have so many other protocols/apps/layers depend on your protocol that its failure would lead to the entire system going down.

Dylan Macalinao, unpublished blog post

DefiLlama De-Emphasises Double-Counted Crypto Deposits

In response to the investigation by CoinDesk and the implications of inflated TVL, crypto data website DefiLlama has changed the way it presents TVL. By switching off its default display of protocols’ double-counted crypto-assets, it has lowered some blockchains’ TVL by billions of dollars. As a result, users must manually activate the double-counted value.

Solana has been in the news for all the wrong reasons of late. Last month, Solana-based liquidity protocol Crema Finance suffered a US$8.7 million hack involving Solend, a Solana-based lending platform. Just weeks earlier, Solend had voted to liquidate a whale’s account to mitigate risks posed to the Solana network.

Categories
Axie Infinity DeFi Hackers

Axie Infinity CEO Moved $3 Million Before Disclosing Record $622 Million Hack: Report

Trung Nguyen, co-founder and CEO of Sky Mavis, the studio behind the Axie Infinity blockchain game, reportedly moved around US$3 million in cryptocurrencies before the company disclosed the details of a US$625 million hack.

In March, Axie Infinity weathered one of the all-time largest DeFi hacks when the bridge connecting its Ronin network sidechain to Ethereum was exploited. Now Nguyen has come clean on exactly what took place before the hack was disclosed:

Bloomberg analysed blockchain data to discover that a crypto wallet controlled by Nguyen transferred around US$3 million worth of the game’s AXS governance token from the Ronin sidechain to the Binance crypto exchange. Nguyen’s transfer took place just three hours before Sky Mavis disclosed the hack, almost a week after the attack took place.

Funds Transferred From Nguyen’s Own Wallet

According to Sky Mavis representative Kalie Moore:

At the time, we (Sky Mavis) understood that our position and options would be better the more AXS we had on Binance. This would give us the flexibility to pursue different options for securing the loans/capital required.

Kalie Moore, Sky Mavis

Moore added that the funds were transferred from Nguyen’s own wallet so that AXS short sellers “would not be able to front-run the news”. She also dismissed accusations of other motives regarding the nature of the transfer as “baseless”.

The attack on the Ronin network took place on March 23 but was not discovered until March 29. The attackers stole 173,600 Wrapped Ethereum (WETH) and 25.5 million USDC stablecoins, worth US$625 million at the time of disclosure. They used hacked private keys to gain control of five of the network’s nine validators to sign fraudulent transactions and transfer the funds.

All Users Reimbursed

In the wake of the attack, Sky Mavis announced that it had raised US$150 million to facilitate user refunds. All users were reimbursed after the Ronin bridge was reopened.

Categories
Audius Blockchain Crypto News DeFi NFTs Tokens

Now You Can Tip Your Favourite Musician Through Blockchain Streaming Service ‘Audius’

Blockchain-based music streaming service Audius is enabling fans to tip artists using $AUDIO token, the platform’s native cryptocurrency.

More Forms of Monetisation to Come

“We’re creating new ways for our seven million active monthly users to show their favourite artists how much they appreciate their work,” Audius co-founder and CEO Roneil Rumburg said in a statement. “But this is just the first piece of monetisation – in the coming weeks and months we look forward to expanding on monetisation with more options for fans and artists alike.”

The company also plans to introduce “ways to tip that do not require tokens”. The platform already offers fans the opportunity to bankroll their favourite artists by harnessing the power of DeFi. They can also benefit from music sales as part copyright owners, thanks to NFTs.

Launched in 2018, Audius hosts over 250,000 artists who have released a combined one million tracks on the platform. “A lot of experiments have been run over the years to evolve the music industry’s business model,” said Rumburg. “But we’ve yet to see a platform that strikes the right balance, improving the music experience for the parties that matter most – artists and their fans. 

Audius is laying the groundwork for a new era where artists reclaim control over their work and their earning potential, all the while giving fans a closer relationship to the music they love. Tipping is a small first step in this direction.

Roneil Rumburg, co-founder and CEO, Audius

Artists including Katy Perry, Nas, Jason Derulo, Pusha T, the Chainsmokers and Steve Aoki have all invested in Audius. “Everyone who uploads to Audius can be an owner; you can’t say that about any other music streaming platform,” says rapper/entrepreneur Nas.

Categories
Crypto News DeFi Tornado Cash

Decentralised Mixer ‘Tornado’ Goes Open Source to Increase Transparency

Popular DeFi privacy protocol Tornado Cash has announced a fully open-source user interface for Tornado Cash Classic, allowing contributors to check out the code and suggest improvements via the platform’s GitHub.

UI vulnerabilities have been a major focus for the Tornado community and, according to a Medium post, the move is part of its efforts to prioritise a fully transparent and decentralised ecosystem:

We personally grew fond of the black and green floating astronaut associated with the protocol. However, you should know our credo by now: we will always lean towards more decentralisation.

Tornado Medium post

What is Tornado Cash?

Tornado Cash essentially works by allowing users to mix their crypto tokens in a pool of fellow users’ crypto, making it practically impossible to track.

In December last year, the protocol announced its integration with Arbitrum, a layer 2 solution that leverages optimistic rollups for Ethereum dApps to ensure faster speeds, lower fees and transaction privacy. 

In April, Tornado Cash started blocking US Office of Foreign Assets Control (OFAC) addresses, stating that “maintaining financial privacy is essential to preserving our freedom, [though] it should not come at the cost of non-compliance”.

The protocol has long been a popular platform for users seeking anonymity and decentralisation. The current price of Tornado Cash (TORN) is US$20.40, as per data from CoinMarketCap, with a 24-hour trading volume of US$6.2 million.

Categories
Aave Crypto News DAO DeFi Stablecoins

DeFi Giant ‘Aave’ Announces Plans to Launch Own Stablecoin ‘GHO’

DeFi lending platform Aave plans to launch its own stablecoin, GHO, issued on the Ethereum network, the company announced in a blog post.

GHO would be a US dollar-pegged stablecoin over-collateralised by a diversified set of cryptocurrencies of users’ choice against their collateral. The proposal was submitted to the Aave DAO (Decentralised Autonomous Organisation) last week.

Stani Kulechov, founder of Aave, said the community would have to “start from a conservative angle and expand the new facilitators as the strategies become proven and battle-tested in DeFi“:

Interest Payments to Aave DAO Treasury

Users would have to borrow the stablecoin against their crypto funds and over-collateralise it just like any other Aave loan. According to the proposal, all interest payments generated by GHO minters would be transferred to the Aave DAO treasury:

If approved, the introduction of GHO would make stablecoin borrowing on the Aave Protocol more competitive, provide optionality for stablecoin users, and generate additional revenue for the Aave DAO by sending 100 percent of interest payments on GHO borrows to the DAO.

Aave governance proposal

Aave is one of the largest DeFi lending platforms, currently boasting US$6.76 billion in total value locked (TVL). The idea of launching a crypto-backed stablecoin is just one of the safer approaches taken by other cryptocurrency platforms instead of launching algorithmic stablecoins.

One protocol that has decided to back its algorithmic stablecoin is Tron Network, which over-collateralised its USDD stablecoin to prevent a TerraUSD-like collapse.

Categories
Crypto News DeFi Hackers NFTs

NFT Lender ‘Omni’ Exploited for $1.4m in Reentrancy Attack

In circumstances similar to early May’s US$80 million exploit of DeFi platform Rari Capital, NFT money market platform Omni lost 1300 ETH (about US$1.43 million) in a flash loan reentrancy attack last weekend:

According to a tweet from blockchain security firm PeckShield, the July 10 attack took the form of a hacker using NFTs from a collection called Doodles as collateral to borrow wrapped ETH (WETH). The hacker exploited the reentrancy vulnerability by withdrawing all but one of the Doodle NFTs. This triggered a malicious callback function enabling the hacker to use the borrowed funds to buy even more Doodles before liquidating the loan position.

Hacker Uses Borrowed WETH to Buy More NFTs

The remaining NFT was never going to cover the debt position, which is where the reentrancy came in – the attacker was able to use the borrowed WETH to buy more NFTs prior to liquidating the loan.

According to a statement from Omni, the exploit did not impact any customers as only internal testing funds were affected, since the platform is still in beta testing mode and has since paused all operations pending a thorough investigation:

Data from Etherscan shows the hacker has already laundered the funds via Tornado Cash. This increasingly common modus operandi was also deployed when MM.Finance, the largest DeFi exchange on Cronos, had a vulnerability in its Domain Name System exploited in May, less than a week after the Rari Capital hack.

Categories
DeFi Hackers Markets Solana

‘Crema Finance’ Hacker Returns Funds, Receives $1.7 Million in SOL as Bounty

Solana-based liquidity protocol Crema Finance claims it has recovered most of the roughly US$9 million worth of assets stolen by a hacker on July 3:

Crema Finance negotiated an agreement with the hacker, whose identity remains unknown, which allowed the hacker to keep a portion of the stolen assets as a bug bounty in exchange for returning the remaining assets.

No Criminal Charges Likely

The hack on Crema Finance resulted in the theft of 69,422.9 SOL and 6,497,738 USDC – a combined total value of just over US$8.78 million.

Following what Crema Finance described as a “long negotiation”, the hacker agreed to return most funds but retained 45,455 SOL, currently valued at approximately US$1.7 million. The hacker was also referred to as “white-hat” and “ethical” in tweets by Crema Finance, suggesting the DeFi platform won’t be pursuing criminal charges.

Following the hack, the total value locked on Crema Finance fell dramatically, dropping as low as US$3 million on July 4, having sat at over US$12 million on the Saturday prior to the hack.

Crema Finance shared the transaction details proving the hacker had indeed returned 6,064 ETH and 23,967 SOL to its accounts:

Smart Contract Suspended Pending Audit

Since the hack, Crema Finance’s smart contract has been suspended while its new smart contract code is being audited by blockchain security firm SlowMist. Crema Finance says the protocol will go live again once that audit is complete and its security can be assured:

It’s becoming increasingly common for hackers in the crypto space to agree to return most of the stolen assets in return for a bounty. In June, a high-profile case saw the the Ethereum rollup-solution Optimism hacked to the tune of US$17 million, with the hacker agreeing to return US$15 million worth of the stolen assets in return for a US$2 million bug bounty.

Categories
Crypto News DAO DeFi

DeFi Lender ‘Porter Finance’ Shuts Down Bond Issuance Platform Within a Month of Launch

With recession concerns and dipping crypto prices reducing borrowing demand from the decentralised finance ecosystem, DeFi lender Porter Finance has announced the closure of its bond issuance platform:

Twin Forces Drive Lack of Demand for BI

The Ethereum-based lender allowed decentralised autonomous organisations (DAOs), such as Porter’s Ribbon DAO, to issue convertible bonds to raise funds in return for paying yields to users. However, the lack of demand for fixed-income DeFi products has meant that the Porter Finance bond issuance platform was in operation for only a month.

Porter Finance founder Jordan Meyer cited the competitive rates of traditional finance and the lack of institutional fixed-income DeFi adoption as the twin forces driving low demand for bond issuance. Meyer has also stated that his company is “no longer willing to take on the legal risk associated with bond offerings”:

Ribbon DAO, the protocol that helps users access crypto-structured products for DeFi, which was using Porter Finance to issue its bonds, is still bound by its promise to repay yields to users. The closure of Porter Finance’s first-of-its-kind service follows the implosion of other DeFi companies such as Celsius.

Other DeFi Movements

Last month’s hot topic was the DeFi sector with DeFi Yield Protocol (DYP) up by a notable 107 percent in a week. At the time, DYP was trading at US$0.43. According to Coinbase, DYP will phase in alongside five other Ethereum-based altcoins – PARSIQ, Elastos (ELA), HOPR, MATH and ALEPH – in trading pairs with Tether once liquidity conditions are met. The six altcoins will be grouped under the exchange’s new ‘Experimental’ title.

At the same time, the combined CeFi and DeFi crypto lending platform Alkemi Network announced a partnership with hardware wallet maker Ledger. The collaboration will mean that Ledger’s 1.5 million users can earn yields with their ETH, USDC or wBTC via their wallets’ interfaces. The combination of CeFi and DeFi allows users to maintain full control of their assets.

Categories
DeFi Hackers Solana

Solana-Based Protocol ‘Crema Finance’ Exploited for $8.7 Million, Services Suspended

Solana-based liquidity protocol Crema Finance has announced via Twitter that it suffered a US$8.7 million hack and has suspended its services to investigate the incident.

On July 2, Crema Finance announced the temporary halting of services and that it would update its users as soon as it had more information:

Flashloans Used to Drain Liquidity Pool

Crema is said to be working with blockchain audits platform OtterSec to investigate the hack. According to OtterSec, the hacker used Solend (a Solana-based lending platform) flashloans to drain the protocol’s pool.

Apparently, the hacker was able to circumvent Crema’s security procedures by implementing an “on-chain program” and subsequently deploying the flashloans.

The attacker stole over US$400,000 in USDH and US$5 million in USDT, later swapping the tokens for SOL and sending it to an address that currently holds around 69,442 SOL:

Crema Finance is not related to Cream Finance, another DeFi protocol that has suffered multiple exploits in the past.

A day after the incident, Crema claimed to have found the hacker’s Discord account and is now working with third parties to help detect the hacker’s identity:

The hacker allegedly used six flashloans to exploit the protocol. Flashloans are a common instrument in the DeFi ecosystem. Another recent victim of a flashloan exploit was Inverse Finance, an Ethereum-based protocol that lost US$1.2 million.

And about 10 weeks ago, Beanstalk, a credit-based stablecoin also on Ethereum, lost more than US$180 million in a flashloan exploit.

Categories
CeFi Crypto News Crypto Wallets DeFi Ledger

Ledger Partners with Alkemi to Enable DeFi Lending to its 1.5 Million Users

Alkemi Network, a crypto lending platform that combines centralised finance (CeFi) with decentralised finance (DeFi), has announced a partnership with hardware wallet maker Ledger.

The integration with Alkemi Earn means that Ledger’s 1.5 million users will be able to earn yields with their ETH, wBTC (wrapped Bitcoin), or USDC directly on their wallets’ interfaces:

Bridging CeFi with DeFi

Since launching in April 2021, Alkemi Network claims it has received over US$50 million in gross deposits, and the integration with Ledger is expected to boost those numbers significantly.

Alkemi Network’s co-founder, Brandon Mahoney, highlighted the importance of allowing users to keep full control of their assets, adding that this integration differed from other products in the market.

‘Not your keys, not your coins’, as the saying goes. With this native integration into Ledger Live, Alkemi Earn unlocks a protocol-powered cash management experience for Ledger’s community. This is what bridging CeFi to DeFi is all about.

Brandon Mahoney, co-founder, Alkemi Network

Ledger Holding Firm Despite Market Downturn

Despite a bleeding crypto market, Ledger continues to work on behalf of the community. Last month, it launched an NFT-focused wallet to allow users to securely store their NFTs and install up to 100 apps.

In December last year, Ledger launched the Crypto Life card, a debit card that allows users to spend crypto on goods and services or use it as collateral for cash purposes.