Category: DeFi

Fantom Stablecoin ‘DEI’ Loses Dollar Peg, Sinking 35%

Post author By Jody McDonald
Post date May 18, 2022

Following on from the collapse of TerraUSD (UST), the Fantom-based algorithmic stablecoin DEI has also lost its dollar peg, plummeting 35 percent in value to reach an all-time low of US$0.54 on May 16.

Like many algorithmic stablecoins, DEI became unstable after DeFi market confidence was rocked by the UST debacle, dropping to US$0.97 on May 15 before suddenly falling dramatically the next day. At the time of writing, DEI was trading at US$0.62:

Our team is working around the clock to restore the DEI peg. Mitigation measures were implemented immediately and solutions are being developed for long-term stability.

DEI peg mechanism: https://t.co/KKt3Tsam6F
Bond program: https://t.co/UBhE3XAY7K

Further updates to follow.
— DEUS Finance DAO (@DeusDao) May 16, 2022

If we take a look at the chart, it clearly shows the peg sinking into the red:

DEI/USD Chart, Source: Coinmarketcap.com

What is DEI?

DEI is an algorithmic stablecoin on the Fantom blockchain created by DeFi project DEUS Finance. It’s the unit of account for all projects built on DEUS infrastructure.

In many ways DEI is similar to UST, the primary difference between them being that DEI is collateralised – meaning that users can mint 1 DEI by depositing US$1 of collateral in the form of either USD Coin (USDC), Fantom (FTM), Dai (DAI), wrapped Bitcoin (WBTC) or DEUS (the DEUS Finance governance token).

DEI attempts to maintain its peg much like UST by using an algorithm that incentivises arbitrage trading to maintain a stable value.

What Triggered the Crash?

The proximate cause of DEI’s decline was the loss of confidence in algorithmic stablecoins caused by the sudden collapse of LUNA and UST, though there were other factors that made DEI especially vulnerable.

The DEUS Finance ecosystem had suffered two flash loan attacks in the past two months, losing over US$30 million. In addition, the DEUS governance token has plummeted in value over the past six weeks, falling from its all-time high of US$1062.41 on April 2 to just US$218.80 at the time of writing.

These issues have caused the collateral ratio of DEI to drop to only 43 percent, according to DEUS Finance, which means there isn’t enough capital backing the coin for users to make redemptions against their DEI, further undermining confidence.

DEUS Finance Doesn’t Want to See DEI Die

To try to avoid complete collapse, DEUS Finance has suspended redemptions of DEI in an attempt to stabilise its price. It has also announced a treasury bond program to attempt to raise funds to increase DEI’s collateral ratio and restore confidence:

DIP-7: $DEUS Treasury Bonds

We are proposing a treasury bond program aimed at securing peg stability 💪

These treasury bonds allow users to deposit collateral and earn a fixed interest based on the maturity date.

Read more about it here: https://t.co/UBhE3XAY7K $DEI
— DEUS Finance DAO (@DeusDao) May 15, 2022

Despite these efforts, some community members took to Twitter to voice their concerns that DEI may go the way of UST:

really hope you guys will not end like terra/luna, already lost too much on there
— alsd 💜 (@ALSD4tweet) May 16, 2022

How do I short this?
— OxRugged (@OxRugged) May 16, 2022

Tags $DEI, DEUS Finance

Crypto News DeFi Terra

DeFi Protocols Report Significant Losses Amid Luna Price Exploit

Post author By José Oramas
Post date May 17, 2022

Two decentralised protocols, Blizz Finance and Venus Protocol, have declared losses due to a LUNA price discrepancy after Chainlink’s price feed for the token got suspended over market conditions.

Attackers Take Advantage of Price Discrepancies

TerraUSD (UST) – the stablecoin issued by the Terra blockchain – suffered a sudden de-pegging last week, causing massive congestion across the DeFi market. Several centralised exchanges such as Binance had to halt LUNA trading amid the stablecoin frenzy.

A few days after the incident, Chainlink – an oracle network that provides real-time data for blockchain companies – decided to suspend the price feed for LUNA, whose price remained at US$0.107 on the platform while the actual market price was $0.01.

According to Blizz Finance, this decision allowed several attackers to deposit millions of LUNA tokens in the $0.107 price range to borrow all the collateral. The protocol stated that it was drained before the team could stop it:

Chainlink pausing the LUNA oracle allowed several attackers to deposit millions of LUNA which is still worth $0.10 according to the Chainlink oracle to borrow all the collateral.

The protocol has been drained before we could pause due to our timelock.
— Blizz Finance (@BlizzFinance) May 13, 2022

Blizz Finance hasn’t disclosed the amount drained, or if it plans to reimburse affected users.

On the other hand, Venus Protocol issued a statement saying that Chainlink’s suspension of LUNA price updates had resulted in the loss of US$11.2 million for the protocol, which will use its Risk Fund to remedy the shortfall from this event:

Given the continued risks of the LUNA market and in order to eliminate the possibility of further shortfall, the community has asked to suspend the LUNA market, effective immediately. Venus Protocol also has a Risk Fund that will be utilised to remedy the shortfall that resulted from this event.
Venus Protocol blog post

Venus Protocol issued a statement saying that Venus Protocol lost $11.2 million due to Chainlink’s suspension of LUNA price updates, and the LUNA lending market is currently suspended. https://t.co/FBKne9EIRf
— Wu Blockchain (@WuBlockchain) May 13, 2022

While both protocols have fingered Chainlink as responsible for this incident, one Twitter user stated that it was the fault of negligent developers, adding that Chainlink feeds have a date time associated with the price data which the protocol failed to use:

Feeds have a datetime associated with the price data. You should be using it, no excuse not to. That's simply negligent – and worse blaming Chainlink. Their docs call this out. See 4 things you didn't do: https://t.co/NdNHc9nwoP
— Dana 🦀⚓ Glass Farm◎◎◎r (@TheSoftwareJedi) May 13, 2022

DeFi Hackers Scams

GoDaddy Website Hack Leaves DeFi Protocol ‘SpiritSwap’ Compromised

Post author By Jana Serfontein
Post date May 17, 2022

Multiple DeFi protocols have been compromised after an attack on the world’s biggest domain registrar, GoDaddy. Unconfirmed reports suggest the hacker(s) may have used GoDaddy’s account recovery method to target crypto domains.

SpiritSwap, one of Fantom’s biggest DeFi exchanges, has been left vulnerable as a result:

URGENT ANNOUNCEMENT

SpiritSwap has been compromised. At this stage early diagnosis is suggesting a hacker has exploited AWS where they have changed the swap parameters so swaps go to a specific address. We have caught this early and at this time only $18,000 has been lost.
— SpiritSwap (@Spirit_Swap) May 13, 2022

SpiritSwap Manages to Mitigate Disaster

SpiritSwap managed to quickly take action as the attacker(s) manipulated the swap parameters and were able to take away an amount not exceeding US$18,000. SpiritSwap provided updates stating it had disabled swapping in order to prevent the hackers from stealing further funds and assured users that their contracts and funds were safe, but the domain spiritswap.finance has been compromised. Since the attack, SpiritSwap has suspended all transactions:

1/3 QuickSwap devs have regained access to the domain.

We are the first affected protocol to regain access.

🚨While we run more tests, we advise users to continue waiting before using our DEX. 🚨

We stand in solidarity with others affected by this large-scale attack.

More👇 https://t.co/HVakEhpdQX
— QuickSwap (@QuickswapDEX) May 14, 2022

Swapped Funds Redirected Across DeFi Protocols

Several crypto projects use GoDaddy to host their domains, and at the time of writing the full extent of the damage was not yet clear. That said, this attack differs from the recent ‘Coinzilla Ad’ hack in which an ad caused a pop-up on sites such as CoinGecko that, when clicked, could drain a user’s wallet. In the case of GoDaddy, the attacker used the hosting platform to redirect swapped funds on DEXes such as QuickSwap and SpiritSwap:

To clarify, there are 2 crypto hacks atm.

One is the "Coinzilla Ad" hack where an ad causes a popup on sites like CoinGecko or Etherscan, which can drain your wallet if you agree.

Two is the "GoDaddy" hack, which redirects swapped funds on DEXes like Quickswap, SpiritSwap. pic.twitter.com/1mYOg5JhPT
— TechLead (@techleadhd) May 14, 2022

DeFi Scams on the Rise in 2022

DeFi scams are nothing new but are becoming ever more brazen. Here is a recent list of the scams that happened in DeFi this year:

Crypto News DeFi Market Analysis Terra TerraUSD

Terra (LUNA) Collapse Triggers Contagion Across DeFi

Post author By Jody McDonald
Post date May 12, 2022

The sudden de-pegging of TerraUSD (UST) and the associated breathtaking decline of Terra (LUNA) over the past few days has triggered huge falls across the wider DeFi market, extending beyond those projects directly linked to the Terra ecosystem.

While projects built on Terra have been hardest hit, the damage has spread widely. DeFi tokens on virtually all blockchains are now seeing sizeable declines, even if they have no direct link to the Terra ecosystem:

1/ Extreme volatility produced a series of collateral effects across the Terra ecosystem, primarily derived from the short-term peg deviation of $UST and its impact on the volatility of $LUNA and levers of the Terra protocol. There’s a lot to unpack, so let’s dive in 👇
— Terra (UST) 🌍 Powered by LUNA 🌕 (@terra_money) May 24, 2021

Terra-based DeFi Projects See Massive Declines

According to CoinGecko, the native token for Anchor Protocol (ANC), the largest DeFi protocol in the Terra ecosystem, is down over 90 percent since May 7, falling from US$2.14 to US$0.19 at the time of writing.

Other prominent Luna-based DeFi projects have also taken huge hits. Since May 7 the native token of Astroport (ASTRO), an automated market maker protocol, has dropped 89 percent and Mars Protocol (MARS), an on-chain credit protocol, is down almost 65 percent.

At the time of writing the native cryptocurrency of the Terra blockchain itself, LUNA, is down an astonishing 99.6 percent since May 7, trading at a mere US$0.29. Just over a month ago it hit its all-time high of US$119.18.

The Luna Foundation Guard, the group tasked with stabilising UST’s value, is currently seeking an additional US$1 billion capital to attempt to restore the stablecoin’s peg and potentially save the Terra ecosystem from complete collapse – a goal that is, sadly, beginning to look unachievable:

An $18 billion stablecoin is losing its dollar peg with all the magical chaos of algorithmic stables, with a dash of Bitcoin systemic risk drama.

Here's everything you need to know.

The $UST Depeg Thread:

👇
— jonwu.eth (@jonwu_) May 9, 2022

Contagion Spreads to Connected Blockchains and Beyond

Assets from the Cosmos ecosystem have also seen large declines due to their integration with Terra through the Interblockchain Communication Protocol. CoinGecko shows that since May 7, ATOM is down about 47 percent, while DeFi tokens Mirror Protocol (MIR) and Osmosis (OSMO) are down 73 percent and around 50 percent respectively.

Virtually all DeFi projects across all blockchains have been negatively impacted by this ongoing collapse. According to data from DeFi Llama, total value locked (TVL) across the entire DeFi market has dropped more than 21 percent in the past 24 hours and, since April 4, TVL is down over 48 percent – now sitting at US$120.17 billion, down from US$231.5 billion.

Of the top 10 DeFi projects listed on DeFi Llama, every one has seen seven-day losses of TVL in excess of 27 percent:

7-day losses of TVL experienced across the board. Source: DeFi Llama

In one small piece of positive news for DeFi, earlier in the week Compound Treasury became the first institutional DeFi project to get a credit rating from ratings agency Standard & Poor.

Tags $LUNA

Crypto News DeFi Stablecoins Terra

Luna to Inject $1 Billion to Save UST Stablecoin, But is it Too Late?

Post author By Phil Stafford
Post date May 12, 2022

The Luna Foundation Guard (LFG), stewards of Terra’s UST, are looking to raise over US$1 billion to shore up the algorithmic stablecoin after it lost parity with the US dollar earlier this week.

Just last month, LFG announced it had successfully raised US$1 billion to acquire bitcoin to underpin UST. Yet the stablecoin fell as low as US$0.60 on May 9, amid wider crypto market turmoil, recovering to $0.90 the following day.

Do Kwon Moves to Smooth Ruffled Feathers

Algorithmic stablecoins such as UST are meant to stay pegged one-to-one to the price of an underlying fiat currency such as the dollar, and to this end Terra co-founder Do Kwon quickly took to Twitter in an attempt to calm the market:

Close to announcing a recovery plan for $UST. Hang tight.
— Do Kwon 🌕 (@stablekwon) May 10, 2022

The group is now looking to raise fresh capital from some of the industry’s largest investment firms and market makers. The proposed deal offers investors the opportunity to purchase LUNA tokens at a 50 percent discount, with those tokens subject to a two-year vesting schedule.

Up to Four Investors in the Bailout Queue

Jump, Celsius, Jane Street and possibly Alameda are reportedly in talks regarding the deal, though none of the four has confirmed as much. The funding effort is LFG’s latest attempt to regenerate confidence in the market:

The details I have heard but might not be final:

– Jump, Celsius and Jane St. committed already, Alameda not yet
– targeting $1B – $1.5B raise
– 50% discount to LUNA spot with 1yr lock + monthly linear vest over 1yr
– total of ~$700M in commitments as of morning https://t.co/BtqJrF0eqM
— Larry Cermak (@lawmaster) May 10, 2022

Critics say the success of any deal depends on the strength of LUNA’s price and on its key DeFi platform, Anchor, continuing to produce an up to 20 percent yield to incentivise liquidity. However, Anchor has seen its total deposits plunge from a peak of US$14 billion to below $10 billion.

Reddit users are speculating on the background story:

Crypto News DeFi Hackers

DeFi Protocol ‘Fortress Lending’ Exploited for $3 Million

Post author By Robert Drage
Post date May 12, 2022

The Fortress decentralised finance (DeFi) protocol – a crypto borrowing and lending platform – has seen an estimated US$3 million of its funds drained. The Binance Smart Chain (BSC)-based platform fell victim to an oracle attack last weekend with the loss of “all funds”:

We are absolutely devastated. We will provide updates as soon as any information is available.

This is the address that implemented the attack: https://t.co/w50Hllxffn

Transaction that started the oracle attack: https://t.co/AGAqCVc1f1
— Fortress Protocol (@Fortressloans) May 9, 2022

Price Oracle Targeted by Hackers

Both PeckShield and BlocSec have noted that the oracle used by Fortress “can be hijacked by anyone due to the lack of power verification”. PeckShield also warned the oracle network Umbrella about its involvement in the incident. This exploit could be used against anyone using the same Umbrella oracle, the firms warned.

In response, Umbrella released its own statement saying it was “aware of the recent exploits that may have stemmed from an Umbrella Network price feed error”.

The attacker was able to call the function and change the price of the native Fortress token (FTS) manually, then buy a large enough amount of FTS to pass a vote for a proposal to allow FTS tokens to be taken as collateral. As a result, the attacker used 100 FTS as collateral to borrow all other assets in the protocol.

The stolen 1,048.1 ETH and 400,000 DAI were then promptly bridged to the Ethereum network and washed through TornadoCash.

FTS Price Takes a Tumble

Considering the market-wide crash that’s been happening during the hack, Fortress’s native token has taken quite a beating, dropping over 60 percent in the past two weeks and down 99 percent over the past year, according to CoinGecko:

Hackers have been a major thorn in the side of the DeFi sector this year. According to PeckShield, as of the beginning of May more than US$1.57 billion in cryptocurrency had been stolen from DeFi platforms in 2022:

The weekend was hot!🔥
$4.64 million stolen in four incidents: @Fortressloans hack – $3,050,000@HUNTER__Global rug pull – $1,200,000@FuryofTheFurNFT rug pull – $303,000@CasheraOfficial rug pull – $90,000 – @web3isgreat #rugpull #Hacked #exploit
— Hacker{n} Headlines (@HackenHeadlines) May 9, 2022

During the past week alone, Rari Capital was hacked for more than US$80 million and MM.Finance for US$2 million, only adding to the year’s negative tally.

Crypto News DeFi

‘Compound Treasury’ Becomes First in DeFi to Get a Credit Rating

Post author By Dale Warburton
Post date May 11, 2022

Decentralised finance (DeFi) is increasingly bridging the gap between the crypto and traditional finance (TradFi) worlds, most recently signalled by Compound Treasury, who has just made history by becoming the first institutional DeFi offering to receive a credit rating from international rating agency Standard and Poor (S&P):

Today, Compound Treasury received a B- credit rating from S&P Global Ratings. This makes Compound Treasury the first institutional DeFi offering to be rated by a credit rating agency.https://t.co/F5mVyD9gVo
— Compound Labs (@compoundfinance) May 9, 2022

Ratings Agencies?

In TradFi lending, one of the key requirements for debt issuance in public markets is a credit rating from one of the ‘big three’ rating agencies: S&P, Moody’s, or Fitch.

Credit ratings offer prospective investors useful insights as to the relative risk of specific corporate or government debt. A rating of “D” denotes debt that is most risky or speculative, whereas “AAA”, on the other end of the spectrum, is seen to be “safe”.

Comparison of ratings. Source: Wolfstreet.com

Compound Gets ‘Junk’ Status

Compound Treasury is a product converting US dollar deposits into stablecoins, typically USDC, which it uses for its lending product offering investors a 4 percent guaranteed return. It has now become the first in DeFi to receive a rating, in this case a B- grade from S&P.

A B- grade is technically “junk”, as it is known within public markets, putting it on a par with the sovereign debt of El Salvador, Nigeria and South Africa.

S&P said Compound received a rating below investment grade due to “weaknesses” including operational and convertibility risks between fiat and stablecoins.

In outlining potential risks, the rating agency cited regulation, Compound’s “low capital base” and “hurdles to generate a 4 percent return”. Despite this, S&P suggest that the “outlook is stable” on the back of limited loan losses and rapid expansion of its balance sheet.

Compound’s general manager, Reid Cuming, viewed the rating as a signal of growing maturity in the sector, saying:

Today, Compound Treasury received a B – credit rating from S&P Global Ratings. This makes Compound Treasury the first institutional decentralised finance (DeFi) offering to be rated by a major credit rating agency, and signals tremendous progress in the crypto industry’s maturity, as traditional institutions begin to judge the risks of digital asset-powered financial offerings.
Reid Cuming, general manager, Compound Treasury

DeFi Draws Increasing Interest From TradFi

Reid further suggested that “Compound Treasury is predictable, liquid, compliant, transparent, and now rated”, which “helps our institutional clients more easily understand the opportunity and risks of crypto-powered cash management”.

Despite slowing down in 2022, it’s clear that DeFi has garnered the attention of TradFi companies as they seek to innovate and offer products in response to growing consumer demand. To illustrate, one company in the US recently concluded the first DeFi-based mortgage loan, which perhaps is one of the reasons banking giants such as ING are exploring the space.

It should go without saying, but investors would be well advised to DYOR (do your own research) as week after week we continue to see DeFi hacks, most recently to the tune of US$80 million.

DeFi Hackers

DeFi Project ‘MM.Finance’ Suffers $2 Million Exploit

Post author By Lauren Claxton
Post date May 7, 2022

MM.Finance, the largest DeFi exchange on Cronos, has lost US$2 million in a recent exploitation by hackers. A Domain Name System (DNS) vulnerability is believed to be responsible, with the stolen funds being sent to Tornado Cash:

1/ We have been investigating the onchain tx & also engaged partners w/ extensive connections & expertise in escalating this in terms of real world consequences. We have traced your funding to OKX exchange & we need everyone's help to RT this post to get @okx & @Jay_OKX pic.twitter.com/4PhBrR5yfu
— MM.Finance – #1 Defi Ecosystem on #Cronos (@MMFcrypto) May 5, 2022

As per its tweet, MM.Finance traced the perpetrator of the cyberattack back to OKX centralised exchange. The funds stolen in the frontend breach were bridged to Ethereum using Multichain and deposited into Tornado Cash. OKX requires users to go through a ‘know your customer’ procedure, therefore the attacker had to have used fake IDs when signing up for the exchange.

While MM.Finance intends to compensate the affected addresses, the exchange has said that if 90 percent of the funds are not returned to MM.Finance within 48 hours, it will contact the FBI:

📍 We have collated the addresses that have lost funds during the attack earlier via the data onchain. Over $2,000,000 USD will be compensated and reimbursed.

✅ To check if you qualify, you can head to https://t.co/XamyJ444g2 and key in your wallet address. pic.twitter.com/SYWMYPbfs6
— MM.Finance – #1 Defi Ecosystem on #Cronos (@MMFcrypto) May 5, 2022

DeFi Exploits Increasing

Early April saw DeFi lender Inverse Finance suffer a US$15.6 million exploitation. The decentralised Ethereum protocol was compromised by hackers targeting its money market through the artificial manipulation of its token prices.

And, only days ago, Rari Capital lost US$80 million to hackers following a Fei protocol exploit. The assets had been held in Fuse lending pools, apparently the fault of a reentrancy vulnerability.

Tags DeFi, exploit, hackers, MM.finance, Tornado Cash

Alchemy Pay DeFi E-commerce Payments VeChain

VeChain (VET) Now Accepted as Payment in 2,000,000 Stores Worldwide

Post author By Jody McDonald
Post date May 4, 2022

VeChain (VET) has partnered with payments provider Alchemy Pay (ACH) to allow VET holders to make crypto payments to over two million merchants in over 70 countries worldwide:

Thanks to partner @AlchemyPay, $VET can now be used to buy goods at 2 million+ stores globally!

Using our advanced low-#carbon #blockchain, transactions cost fractions of a cent & are processed in seconds from any #VeChain wallet!$ACH #DeFi $VTHO #Web3 https://t.co/ceeHRpcbKT
— VeChain Foundation (@vechainofficial) April 27, 2022

However, the response to the Alchemy Pay partnership, although generally positive, wasn’t enough to see VET buck the general downturn in crypto markets over the past week:

This is so awesome!!! It’s just a matter of time before price starts reflecting the amazing fundamentals behind this project!
— Gerardo (@DigitalGold101) March 31, 2022

At the time of writing VET was trading at US$0.047, about nine percent down from when the partnership went live on April 28.

Alchemy Pay Bridges Fiat-Crypto Gap

Touting itself as a hybrid payments system, Alchemy Pay allows merchants to accept both established forms of payment – such as credit cards and PayPal – and cryptocurrency. It provides crypto acceptance payment systems for online and offline businesses including via popular merchant platforms Shopify and Arcadier.

In additional to VET, Alchemy Pay accepts numerous other cryptocurrencies including Bitcoin, Ethereum, Tether, Polygon, Elrond and Algorand.

Regarding the integration of VET into its payment system, Alchemy Pay CEO John Tan said:

Our partnership will improve [VeChain’s] access to users and increase the possibilities for developers on Thor. After integrations with VeChain as well as other leading blockchains, we expect our fiat-crypto on-ramps to be a major driver of the mainstream adoption of crypto services and dApps going forward.
John Tan, CEO, Alchemy Pay

Payments Capability Increases Utility, Adoption

VeChain CEO Sunny Lu explained that the ability to use VET as payment for goods and services across a vast network of merchants should increase the utility of VET and spur further mainstream adoption of crypto:

With Alchemy Pay’s fiat payment channel and crypto on-ramps, we are bringing more mainstream accessibility to our network. This has benefits, not only for users but also for all developers building on the VeChainThor blockchain. The integration of VET into Alchemy Pay’s crypto payment system is important in further expanding the real-world use cases for VET as a form of payment.
Sunny Lu, CEO, VeChain

Founded in 2015, VET is built on top of the Thor blockchain and is known predominantly for its supply chain focus. Recently, however, VET has branched out into other sectors, such as real estate, through a partnership with Jones Lang LaSalle Incorporated, and vaccination passports, via a partnership with the government of the small European republic of San Marino.

Crypto Exchange DeFi Hackers

Stablecoin DEX ‘Saddle Finance’ Exploited for $10 Million

Post author By Jody McDonald
Post date May 3, 2022

Decentralised exchange Saddle Finance was hacked over the weekend, resulting in the loss of over US$10 million in funds. The DEX is working with blockchain security organisation BlockSec to return some of the lost funds and at the time of writing the identity of the hacker remained unknown.

The team is investigating a possible exploit and is pausing pool withdrawals
— Saddle (@saddlefinance) April 30, 2022

Saddle Finance is an automated market maker that specialises in the trading of stablecoins and other pegged assets such as wrapped BTC.

Timeline of the Hack

According to on-chain data, the hack occurred at 7:40am UTC on April 30, with the hacker initially stealing approximately US$14.8 million in assets.

Twitter user @web3isgreat, who catalogues blockchain hacks, claims it was a flash loan attack and, once stolen, the assets were funnelled through Tornado Cash to anonymise the transactions and make tracking the hacker virtually impossible:

Saddle Finance loses more than $11 million to hack

April 30, 2022https://t.co/h2JS6eWgcL pic.twitter.com/vzXENCxJjh
— web3 is going just great (@web3isgreat) April 30, 2022

Based on Twitter interactions, it appears BlockSec’s monitoring and attack blocking systems detected the exploit shortly after it began. Once aware of the attack, BlockSec tweeted an alert to Saddle Finance:

@saddlefinance Please contact us ([email protected]).
— BlockSec (@BlockSecTeam) April 30, 2022

Around 20 minutes later, Saddle Finance tweeted that it was investigating a “possible exploit” and had paused pool withdrawals, later clarifying that only metapool withdrawals had been suspended:

Correction: Only metapools are paused. Single-asset withdrawals are currently restricted, but balanced pool withdrawals are always possible
— Saddle (@saddlefinance) April 30, 2022

Around two hours after it was first notified about the hack, Saddle tweeted that BlockSec had been able to secure approximately US$3.8 million of the lost funds:

White hat hackers @BlockSecTeam were able to secure $3.8m. The team is in contact with them to return the funds
— Saddle (@saddlefinance) April 30, 2022

In all, over US$10 million in assets remain missing with little chance of recovery.

In a worrying trend, DeFi hacks are becoming an increasingly common occurrence. In February, Meter.io was hacked for US$4.4 million and March saw Axie Infinity lose US$625 million in what has since been assessed as the largest DeFi exploit on record.

Tags Saddle Finance