Category: DeFi

Categories
Blockchain Crypto News DeFi Ethereum Tokens

Top 10 DeFi Swap Token Apps

Decentralised Finance (DeFi) is a blockchain-based form of finance that does not rely on central financial intermediaries (such as brokerages, exchanges, or banks) to offer traditional financial instruments: instead, DeFi utilises smart contracts on blockchains, Ethereum being the most commonly used.

Recently, new chains have emerged to offer users an alternative to Ethereum, which has become notoriously expensive to use, especially in times when the network becomes heavily congested, resulting in gas wars and extraordinarily high transaction fees.

These new decentralised applications (known as ” DApps”) run on a distributed computing system. DApps have been popularised by distributed ledger technologies to allow easy transfer and swapping of crypto assets.

Here is a list of the Top 10 DeFi Swap Token Apps:

UniSwap

Pink unicorn-branded UniSwap is perhaps the most popular DeFi protocol used to exchange cryptocurrencies. The protocol facilitates automated transactions between ERC-20 tokens on the Ethereum blockchain through the use of smart contracts. Uniswap empowers developers, liquidity providers and traders to participate in a financial marketplace that is open and accessible to all. UniSwap V3 was released in May and boasts the most flexible and efficient automated market maker (AMM) ever designed. $UNI is the native token of the Uniswap protocol. Holders of UNI are entitled to governance rights and voting privileges on changes to the protocol, while liquidity providers can receive UNI tokens for their contributions. With its user-friendly interface, UniSwap makes it easy to swap DeFi tokens.

SushiSwap

SushiSwap (SUSHI) is a fork of UniSwap. Unlike Uniswap, which follows Automated Market Makers (AMM), SushiSwap is a user-oriented platform where users provide liquidity in lieu of rewards. It is an audited Decentralised Exchange (DEX) and DeFi protocol described as “Uniswap meets Yield Farming” with SUSHI tokenomics. The protocol’s native token SUSHI is used to govern the platform. SUSHI holders also receive a portion of SushiSwap’s trading fees. SushiSwap is funded by an anonymous group that goes by the name Chef Nomi.

QuickSwap

QuickSwap is a fork of Uniswap that runs on the Polygon network (formerly Matic Network), a Layer-2 scaling solution for Ethereum. Polygon has lower transaction fees compared to the Ethereum mainnet, enabling QuickSwap to facilitate token swaps at a lower cost relative to exchanges like Uniswap.

1inch Network

1inch is an Aggregation Protocol Network that unites decentralised protocols whose synergy enables the fastest, most lucrative and protected operations in the DeFi space. The platform has 540K+ users and a total volume of $70 billion+. It facilitates cost-efficient and secure atomic transactions by utilising a wide range of protocols and performing argument validation and execution verification. The governance and utility token for the platform is self-titled 1INCH. The 1inch Liquidity Protocol is a next-generation automated market maker that protects users from front-running attacks and offers capital efficiency to liquidity providers. The 1inch Limit Order Protocol is perhaps the best feature of this DApp, allowing users to enjoy the most innovative and flexible limit order functionality in DeFi. Its implementation of the Chi gastoken makes transactions on 1inch up to 42% cheaper than swapping tokens on Ethereum. Chi tokenised gas that is pegged to the Ethereum network’s gas price, but the difference is that Chi is used on 1inch and Curve while GasToken is used across the entire Ethereum network.

AirSwap

AirSwap is a peer-to-peer network. A simple combination of web protocols and smart contracts powers its RFQ (request-for-quote) style protocol. There are two kinds of liquidity providers on AirSwap: those running their own HTTP servers to provide liquidity, and those managing on-chain delegates that swap on their behalf. Each swap is between two parties, a signer and a sender. The signer is the party that creates and cryptographically signs an order, and the sender is the party that sends the order to the Ethereum blockchain for settlement.

HoneySwap

HoneySwap is a permissionless decentralised exchange (DEX) based on Ethereum, built on xDai Layer 2 scalability infrastructure. The xDai Chain enables users to experience fast and secure transactions with incredibly low fees. By utilising xDai chain for transactions, Honeyswap allows users to trade any ERC20 token and experience fast and secure transactions with incredibly low fees.

BakerySwap

BakerySwap is an automated market maker and non-fungible token (NFT) marketplace that runs on the Binance Smart Chain. It is powered by BakeryToken (BAKE). BakerySwap is the all-in-one DeFi platform that provides both AMM and NFT Marketplace solutions in one place. Users can exchange tokens, provide liquidity, participate in liquidity farming, and also mint NFTs and trade them.

Balancer

Balancer is an automated portfolio manager and trading platform offering investors portfolios that generate yield and rebalance automatically. Balancer turns the concept of an index fund on its head: instead of paying fees to portfolio managers to rebalance your portfolio, you collect fees from traders who rebalance your portfolio by following arbitrage opportunities.

Aave

Aave is an open-source, non-custodial decentralised lending protocol that allows users to earn interest on deposits and borrow digital assets. Users can participate as depositors or borrowers. Depositors provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an over collateralised (perpetually) or under collateralised (one-block liquidity) fashion. Aave offers simplified and decentralised access to a wide range of digital assets and interoperability with multiple DeFi platforms. The protocol features Flash Loans to users enabling them to borrow instantly and easily, no collateral needed, provided that the liquidity is returned to the pool within one transaction block. Stakeholders can actively contribute as part of the community to the Aave Protocol and its governance.

ShibaSwap

ShibaSwap was recently launched by the Shiba Inu team – SHIB, LEASH, and BONE – to create a decentralised cryptocurrency exchange platform, the next evolution in DeFi platforms. ShibaSwap gives users the ability to DIG (provide liquidity), BURY (stake), and SWAP tokens to gain WOOF Returns through a sophisticated and innovative passive income reward system. The ShibaSwap platform allows the ShibArmy to access upcoming NFTs and additional tools, such as portfolio trackers, to make navigating the crypto world simple and intuitive.

Pancake Swap

PancakeSwap is one of the leading decentralized exchanges on Binance Smart Chain, with some of the highest trading volumes in the market. Unlike centralized exchanges like Binance or Coinbase, PancakeSwap doesn’t hold your funds when you trade. The pancake DAPP can run on mobile applications with integrations crypto wallets such as Trust Wallet allowing you to swap your tokens seamlessly.

Categories
Blockchain Crypto News DeFi Ethereum

Bizarre Twist: $600 Million DeFi Hacker Asked to Become Project Security Adviser

The hacker who stole US$611 million from the Poly Network last week turned out to be a white hat hacker who returned the funds while exposing the protocol’s network security flaws. And what’s even weirder, the Poly Network team offered the hacker a US$500k reward, and a role as chief security officer.

A Strange Turn of Events

As per an August 17 blog post, the Poly Network completed the second phase of the Mainnet Upgrade while keeping the hacker updated daily on its progress. Poly Network and the hacker had been interchanging encrypted messages in which the latter shared his concerns about the protocol’s network security and overall projects in the DeFi space.

We are also counting on more experts like Mr White Hat to be involved in the future development of Poly Network since we believe that we share the vision to build a secure and robust distributed system. Also, to extend our thanks and encourage Mr White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr White Hat to be the Chief Security Adviser of Poly Network.

Poly Network blog post

The protocol hopes that the hacker returns the private keys to restore full assets control to the community.

‘Mr White Hat’ Exploits Bug on Smart Contracts

As Crypto News Australia reported on August 12, the hacker – dubbed “Mr White Hat” – found a bug on the protocol’s smart contracts that allowed him to move assets between different blockchains, as per an analysis from blockchain forensic firm Chainalysis.

The hacker stole a total of US$611 million in Ethereum, BNB and Poly, making it the biggest theft in DeFi history. Yet things changed when the hacker started returning the funds progressively to the protocol through a multisig wallet.

He also tried to communicate with the Poly Network team through private messages embedded in an ETH transaction the hacker sent to himself. “It’s already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more DAO,” reads one of the messages.

Hacker Refuses Bounty, Offered Further Reward

After several messages and a dialogue made public, the hacker clarified his intentions and his vision of the DeFi space. While the hacker refused to accept the $500k bounty, the protocol still plans to reward him for his “contributions to blockchain security”.

We are grateful for Mr White Hat’s outstanding contribution to Poly Network’s security enhancements. While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr White Hat’s vision for DeFi and the crypto world, which is in line with Poly Network’s ambitions from the very beginning – to provide interoperability for ledgers in Web 3.0.

Poly Network
Categories
DeFi Ethereum Hackers

White Hat Hacker Group Prevents $350 Million SushiSwap DeFi Heist

A collective effort from the crypto community has saved SushiSwap’s token fundraising platform from a potential US$350 million heist. A vulnerability was found in the code by a partner of Paradigm, which could have led to an auction being hacked if discovered by a malicious actor.

SushiSwap’s token fundraising platform, MISO, had one of its smart contracts used in a “Dutch auction”. The vulnerability created a ticking time bomb situation for the platform to potentially lose 109,000 ETH (US$350 million) before the auction ended.

According to a post published by SushiSwap on Monday, Paradigm security researcher Sam Sun (aka samczsun) and colleagues Georgios Konstantopoulos and Daniel Robinson worked together to solve the problem with the “Dutch auction” contract on the Miso platform. Sun was scanning through the code when he came upon the vulnerability:

Complex Smart Contracts in DeFi Need to be Secure

In Sun’s words: “Unfortunately, while composing two components might be safe most of the time, it only takes one vulnerability to cause serious financial damage to hundreds if not thousands of innocent users.”

This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behaviour. There’s no catch-all advice to apply here, like ‘check-effect-interaction’, so you need to be cognisant of what additional interactions new components are introducing.

Samczsun

According to SushiSwap, the issue created a “two-pronged issue where a user can both put up a commitment higher than ‘msg.value’, thereby draining any unsold tokens, and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment”.

“Users could over-bid and get a refund of the difference between the current bid and the amount they submitted, but the refund could be repeated to drain the auction contract,” adds Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.

I had gone from encounter to discovery in a little over half an hour, disclosure in 20 minutes, war room in another 30, and a fix in three hours. All in all, it took only five hours to protect 350 million USD from falling into the wrong hands.

Samszsun

Preventing Attacks with Secure DeFi Contracts

In the case of the SushiSwap vulnerability, many in the crypto community have taken to social media to praise and show support for the collective rescue efforts led by the research arm at Paradigm.

This event took place after the biggest DeFi exploit to date last week when cross-chain DeFi site Poly Network was attacked, losing more than US$600 million worth of cryptocurrencies, due to a bug.

Other recent instances such as the Thorchain attack or ICX coding flaw exploit have also been due to vulnerabilities in code.

The DeFi space is one of blockchain’s newest innovations with lots of potential for growth and wealth creation. However, the industry is in its infancy with much to be learned, and since there’s so much money on the table there will usually be vultures circling around.

Categories
Blockchain DeFi Tokens

DeFi Investor to Claim $17 Million ICX Tokens After Finding Coding Flaw in ICON Network

A Californian judge has upheld a legal claim by a cryptocurrency investor who exploited a coding flaw on the ICON decentralised network to amass 14 million ICX tokens worth almost US$17 million.

Staker Mark Shin filed a lawsuit against ICON for interfering with his property rights after the blockchain network discovered the error in its protocol and froze access to Shin’s ICX tokens.

In an order issued on August 9, US Federal District Judge William H. Orrick denied ICON’s attempt to dismiss the complaint, finding that Shin had “a plausible claim” – allowing the lawsuit to proceed.

DeFi Case Raises Novel Legal Issues

Shin amassed his huge stash of ICON’s native tokens by repeatedly exploiting a bug whereby the protocol added 25,000 newly minted ICX tokens to his account every time he initiated a redelegating process (transferring staked tokens between network nodes).

The judge said that while it was disputable whether common law property rights should apply to digital assets, Shin had made a case for his ownership of the tokens. As Judge Orrick stated:

Shin plausibly asserts that he has a stronger claim to possession of and title to the ICX tokens than ICON because he minted, created, and staked a claim to the ICX tokens on the blockchain.

Judge William H. Orrick

Denial of the motion to dismiss does not resolve the legitimacy of Shin’s ownership of the tokens. 

Exploitation and Hacks on Blockchain Platforms

A number of decentralised platforms have been compromised of late. Just this week Poly Network was the victim of the biggest DeFi heist in history, losing over US$600 million in a white-hat hack, though a portion of the funds have since been returned.

Last month, an unforeseen bug on Thorchain exposed the network to an attack that drained US$4.9 million worth of Ethereum from the protocol. Also in July, decentralised NFT platform Bondly Finance’s token crashed in value after an alleged exploit, although many suspect it was an exit scam. 

Categories
Crypto News DeFi Hackers

Poly Network Attack Update: Hacker Returns $477 Million in Stolen Crypto

Following the biggest hack in DeFi history, the Poly Network Hacker has already begun returning most of the seized funds, referring to the exploit as “one of the best moments” in his life.

For those who do not understand the motivation behind a white-hat hack attack, it’s important to point out why the crypto space cannot progress without them. They actually help the space evolve. It seems the point of the “attack” on the Poly Network was not to steal everyone’s money, but to expose serious security weaknesses in the company’s code and thus “save the world”. As the hacker explained:

When spotting the bug, I had a mixed feeling. Ask yourself what to do if you were facing such a fortune? Asking the project team nicely so that they can fix it? Anyone could be the traitor given one billion! I can trust nobody! The only solution I can come up with is saving it in a trusted account while keeping myself anonymous and safe.

“The Hacker”

The Thrill of Cracking the Code

White-hat hackers are driven more by ego than anything else and live for the thrill of cracking the code. Hacking is no easy task. It requires a lot of brainpower and hours and hours of beta testing, probing highly sophisticated networks and finding holes.

Unfortunately, in the unregulated playground of decentralised finance, hackers are forced to break the law to perform their services. They bring a high level of personal risk to themselves, facing criminal charges if caught. Their role is to help correct fundamental flaws in code that needs to be absolutely bulletproof, especially when the managed funds of billions of dollars of everyday crypto investors’ money is at stake.

The more-than US$600 million seized in the Poly Network hack represents a record amount in DeFi history. It was said by the hacker that he could have taken over a billion if he’d have gone for the shitcoins, but thoughtfully didn’t because he did not want to disrupt the price action of these fragile low-market-cap tokens. Instead he went for ETH, WETH, WBTC, UNI, RenBTC, USDT, USDC, DAI, SHIB, FEI, BNB and various other BEP-20 tokens.

The Poly Network hack has gained worldwide recognition, not only from the crypto community but also mainstream news outlets. The hacker left notes on the blockchain in messages attached to transactions, providing some entertaining reading and becoming the talk of the town on Twitter. The hacker even conducted a little Q&A session with himself and posted it for all to read, explaining why he was compelled to carry out the hack.

It should be a relief for the Poly Network team that most of its liquidity has now been restored. It could have been much worse in the event of a black hacker attack.

Kelvin Fichter (an Ethereum programmer) tweeted a breakdown of how the exploit worked. In his own words, “pretty genius”.

Categories
Blockchain Crypto News DeFi Hackers

$600 Million Drained as Poly Network is Attacked in Largest DeFi Hack on Record

Poly Network, a multi-chain platform that provides interoperability between blockchains, reportedly suffered an attack on Binance Smart Chain, Ethereum and Polygon, losing over US$600 million, making it the biggest DeFi heist in history.

The protocol urged all miners of the affected blockchain and crypto exchanges to blacklist tokens coming from a list of addresses from the hacker (or hackers). However, one user told the attacker(s) to try depositing the stolen funds without Tether – which they did, placing all the addresses into Curve.

As a show of gratitude for the help, the hackers gifted the user US$45,000 in Ethereum.

Hacker Returns $258M

At about 4:00 am UTC, the hacker sent an ETH transaction to himself with a private note saying “ready to return the fund”. In a subsequent message, he asked for a multisig wallet to transfer the funds to after failing to contact Poly.

The protocol provided the hacker with three different addresses from BSC, ETH and Polygon to return the funds. “We are preparing a multisig address controlled by known Poly addresses,” Poly Network said in a private message embedded in an ETH transaction to the address provided by the hacker(s).

Media Outlets Scramble to Cover Biggest Ever Heist

This is the most controversial theft in the history of DeFi, so much that media outlets like Bloomberg, the Wall Street Journal, CNBC and Reuters have covered it too. Other heists amounted to relatively small sums, such as the US$25 million stolen from Popsicle Finance or the $13 million stolen from THORChain.

After the hacker(s) showed intentions to return the funds, software developer O3 Labs suggested the person(s) behind the hack might be a white hat hacker – an ethical hacker that specialises in penetration testing and other testing methodologies to ensure the security of an organisation’s information system.

The hacker left a final message saying: “It’s already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more DAO.

Categories
Crypto News DeFi Regulation

No Moons for Traders As DeFi Company “DMM DAO” is Shut Down By SEC

The operators of DeFi Money Market (DMM) have consented to a cease and desist order by the US Securities and Exchange Commission (SEC). They were charged by the SEC for misleading investors and also issuing US$30 million worth of unregistered securities through the decentralised platform. This is the first time the SEC has charged an entity for securities fraud involving DeFi technology. 

DMM Execs Sold $30 Million in Unregistered Securities

The two DMM executives – Gregory Keough and Derek Acree – and their company Blockchain Credit Partners were alleged to have misled investors about the operations and profitability of DeFi Money Market. 

Between February 2020 and February 2021, the three entities sold about US$30 million worth of unregistered securities to investors. Using smart contract technology, they issued the so-called mTokens and DMG tokens, which also served as the governance token of the protocol. 

The executives claimed they would use investors’ assets exchanged for mTokens to invest in real-world assets such as car loans. As such, the investors were promised a 6.25 percent return on their assets. However, DMM couldn’t deliver on this promise due to the volatility of the digital assets exchanged for the DMM tokens.

The price volatility of the digital assets used to purchase the tokens created risk that the income [raised] through income-generating assets would be insufficient to cover appreciation of investors’ principal.

SEC statement

SEC Orders DMM Executives to Disgorge Over $12 Million

Besides presenting false “car loans” to the investors, the DMM execs used their personal funds and those of Blockchain Credit Partners to pay interest to the investors. 

Full and honest disclosure remains the cornerstone of our securities laws – no matter what technologies are used to offer and sell those securities. This allows investors to make informed decisions and prevents issuers from misleading the public about business operations.

Gurbir S. Grewal, director, SEC enforcement division 

Without admitting or denying the SEC’s order, the execs agreed to cease and desist from continuing DMM business. Although DMM investors can redeem their mTokens, the SEC also ordered Keough and Acree to disgorge US$12,849,354 and imposed penalties of US$125,000 each. 

The DeFi industry has had little or no regulatory attention until now. However, over recent days, people have assumed it would come following recent changes and frequent cases of rugpulls. As recently as June 21, billionaire Mark Cuban called for the regulation of the DeFi space following the crash of the TITAN token

Categories
Crypto News DeFi Hackers

DeFi Project ‘Popsicle Finance’ Loses $25 Million in Apparent Hack

A hacker this week managed to execute a transaction that drained 85 percent of the deposit pools of Popsicle Finance, a multi-chain yield-generating platform for liquidity providers. 

According to the post-mortem, the attacker targeted the Sorbetto Fragola contracts (UniswapV3 optimiser) while other contracts like nICE staking and ICE Farming were left unaffected. He/she managed to drain over US$20 million using flash loans to borrow US$30 million in USDT, along with $32 million in ETH.

$1 Million Bounty Offered for Return

In response to the attack, the protocol addressed the hacker, offering a US$1,000,000 bounty if he/she returns the funds. Deposits to all pools have since been locked.

The protocol is working out a compensation plan, asking for feedback from its community to spurt ideas. Two months ago, Rari Capital reimbursed up to US$26 million after suffering a similar hack for 2600 ETH.

Popsicle Finance’s community showed itself to be supportive instead of accusing the protocol of an exiting scam. Before the launch of Sorbetto, the community voted to release the contract unaudited, yet the team decided to wait for data analytics companies CertiK and PeckShield Inc to audit the project.

A Commonly Exploited DeFi Bug

SushiSwap core developer Mudit Gupta said the hacker found a bug in the smart contract that allowed anyone to receive rewards and claim them multiple times for the same shares from much further back in time than they should have been able to. Gupta added that this was a common bug in most exploited DeFi protocols.

Popsicle Finance’s hack adds to the list of over 20 DeFi hacks this year, amounting to a total of US$310 million lost since 2020. Since DeFi hacks have become a common topic in the industry, many in the community believe most of them are undercover rugpulls.

Two months ago, DeFi100 went down – its official website displayed an “Error 404” message, and more than US$32 million vanished. Despite the protocol insisting it didn’t rug-pull its investors, the incident raised concerns over a potential exit scam.

Categories
Crypto Hardware Wallets DeFi Hackers Scams

Trojan Hits Australia’s Android Crypto Wallets

There’s a new malware spreading across Europe and Australia – a virus targeting Android devices to harvest login credentials for online banking apps and crypto wallets in an automated way.

Vultur Wings Its Way to Australia

Vultur, a Remote Access Trojan (RAT) that was being tested in Italy and Spain, is now rapidly spreading across Australia. The virus has been installed over 5000 times via Google Play Store disguised as an app called “Protection Guard”, so the number of victims should be the same.

Source: Twitter

A RAT malware is smuggled into a device to control it remotely, relying on the function of Virtual Network Computing (VNC). Through VNC, hackers try to obtain personal information to carry out online fraud on a massive scale.

For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way.

ThreatFabric researchers

Detecting Vulture

Outside of recently downloading any apps with the name of “Protection Guard”, ThreatFabric suggested that there was a way to detect the RAT:

You can also detect Vulture because when it’s transmitting data to its command-and-control server, the active “casting” icon will show up in the Android notifications. If you’re not casting something and the icon shows up anyway, that’s reason to worry.

ThreatFabric

To reduce the risk posed by RATs such as Vulture, Android users would be advised to ensure that they have a reputable antivirus app running in the background to detect any potential threats when new apps are downloaded.

Buy a Hardware Wallet

The attackers are targeting major crypto exchanges and mobile wallets including Kraken, Coinbase, Binance, CEX, eToro and more. While Android devices are the main target, users believe the virus may soon reach iOS.

Crypto users are warning others on social media, recommending they do not store their funds on exchanges and, if possible, get a hardware wallet and save most of their funds on it.

Scams, Hacks and Glitches on the Rise

As hacks and crypto scams become more common, newcomers should be wary when choosing their wallets. Rather than leave their funds in a crypto exchange, they should store them in a hardware wallet.

Roll, for instance, was a decentralised finance protocol attacked in March by a group of hackers that drained its wallet of over US$5.7 million. To this day, developers still don’t know how the platform got hacked.

As always, you can keep up to date with the many and varied scams out there by consulting Crypto Newscomprehensive guide.

Categories
Crypto News DeFi Hackers

Polygon YELD Token Goes to Zero as $250,000 Disappears

Another Polygon Yield Farming token has crashed after attackers found a vulnerability in the platform’s smart contract, exploiting it and minting nearly 4.9 trillion tokens.

The YELD token – which belongs to a DeFi project called PolyYeld Finance that runs on the Polygon network – crashed to zero shortly after the attack.

Pool Drained, Rewards Inflated

PolyYeld Finance smart contract is called MasterChef, designed to distribute rewards for liquidity pool tokens by dividing the pool value by the value of tokens staked. But it seems hackers found a vulnerability in the contract that allowed them to mint xYELD, a deflationary token, reducing the pool value and inflating rewards.

According to Xuxian Jiang, CEO of security firm PeckShield, a deflationary token like xYELD charges a fee on every transaction, so by repeatedly depositing and withdrawing with the contract, the attackers triggered the tax collection, reducing the xYELD balance to 1 WEI.

The attackers swapped 4 percent of minted tokens to 123 ETH – worth around US$250,000 at time of writing – using various decentralised exchanges such as QuickSwap and Uniswap.

Hack Highlights the Risks of Yield Farming

This is not the first time in recent months that a yield farming project on Polygon has failed. In response, PolyYeld developers have asked users to unstake their funds, adding that they’re considering compensating all affected users and will report their advances in coming days.

Yield Farming platforms are known for providing high returns to users but, being a decentralised space with no regulations, risks of exploitations, data breaches or scams are always present.

Investors should be wary when entering the DeFi space and consider non-financial DeFi risks, as price fluctuations are not the only ones responsible for lost money.

Prior to the Polygon attack, the most recent target has been THORChain, a DeFi protocol that has been attacked multiple times in the past few weeks.