Red flags of the week
Value DeFi ($VALUE) vaults suffered $6 million flash loan exploit, similar to Harvest’s
If it wasn’t for the recent Bitcoin’s rally, this could have been known as the Hack Season. More and more projects, especially in decentralised finance (DeFi), are getting attacked and no smart contract seems to be safe anymore.
On Nov 14 at 10:45 AM EST, mere hours after the release of Vault Phase 2 which was celebrated on Twitter as the ”highest security, the best return and the greatest community“ in crypto, a complex “double” flash loan attack exploited the MultiStables vault of ValueDefi Protocol. In what was later defined as one of the most complex attacks seen in DeFi, the hacker used two flash loans, with Aave and Uniswap, to steal USD $6 million.
A Post-Mortem article by the Team explained what happened: the attack took 80k ETH through a flash loan on Aave, bought 116 million DAI and 31 million USDT, deposited 25 million DAI in the Vault, got back 24 million mvUSD and swapped 91 million DAI and 31 million USDT to USDC. The mvUSD were then withdrawn from DAI and the 80k ETH plus fees returned to Aave. Finally, 33 million DAI were bought back and 2 were sent back to the Deployer (as other times have happened lately). The culprit did this by taking advantage of vulnerabilities within Value DeFi vaults.
Origin Dollar ($OUSD) has lost millions in a flashloan attack
The Yield-generating stablecoin project suffered a loss of funds of $7 million, $1 million of which were deposits by Origin’s founders, employees and the company itself. The team is still looking into exactly how the attack was carried out but they suspect it was a flash-loan transaction that seems to be the root of the attack.
Allegedly, following the attack, the hacker was able to sell some of the stolen OUSD, DAI and ETH on Uniswap and Sushiswap. the attacker is also washing the stolen funds using RenBTC.
You can read the detailed explanation of the exploit in this updated article by the Origin team.
This was the fifth flash loan attack for Defi in the last month, after Harvest Finance, Akropolis, CheeseBank and Value.
Overall, according to CipherTrace, Defi hacks are credited to around $100 million in 2020 so far.
Crypto Exchange Liquid Says User Data Possibly Exposed in Security Breach
The attack consisted in one of the hosting providers incorrectly transferring the account control and domain to a malicious actor which gained access to some of the internal email accounts. This breach resulted in user data exposure. As they stated:
“We believe the malicious actor was able to obtain personal information from our user database. This may include data such as your email, name, address and encrypted password. We are continuing to investigate whether the malicious actor also obtained access to personal documents provided for KYC such as ID, selfie and proof of address, and will provide an update once the investigation has concluded.”
This could possibly lead to identity thefts, spam emails and phishing attempts. Even though the team doesn’t believe it would pose an immediate threat for its users, they suggest “that all Liquid customers change their password and 2FA credentials at the earliest convenience”.
UNI farming ends…what happens next?
As the $UNI farming was coming to its planned end on 17th November, speculations on the future price of $ETH and of the Uniswap token were emerging, and the first Uniswap Community Call didn’t succeed in establishing any definite decision on the platform’s future steps. More than USD $2 billion worth were locked in four pools that were giving $UNI rewards (ETH-DAI, ETH-USDC, ETH-USDT, ETH-WBTC); all money that were destined to flow back on the market. As $ETH price was in the mid $300 before the farming started in September, many were fearing for an imminent dump as people would swap it to stable coins or more investment-appealing altcoins. Price was not the only concern for Uniswap, as all that pooled money meant very slow slippage on the Dex as well.
To seize the moment, Sushiswap ($SUSHI) announced an increase in rewards for the same four pools on their platform. Exactly one hour later, Hayden Adams (inventor of Uniswap) advanced a new proposal to continue with the rewards for an additional 2 months at half the rate of the genesis distribution. The proposal is now awaiting the consensus check phase, before farming could restart on 4th December.
In the meantime, as we can observe in the next image, the Uniswap TVL has significantly dropped at the expenses of Sushiswap’s, which increased reaching a similar net value to that of its main competitor.
Bitcoin continues its rally
In the aftermath of the US elections, even if the result is still controversial, $BTC continues its rally like it couldn’t care less. In the last days its Market Cap even reached an ATH of $350 billion, surpassing the Dec 16 2017’s previous high (due to $BTC inflation, even if the price is not at ATH there are more coins in circulation than 3 years ago, resulting in a higher market cap). The price is currently over $18k! Finally!
As $BTC was growing lately, one could bet that the media would start covering the news as well, and that is exactly what happened. We have seen BBC, CNBC’s Fast Money, CNN and many more interviewing “experts” and speculating about the next ATH, paired with a lot of old and new memes being shared everywhere. With wide coverage and more retailers getting onboard fearing of missing out (Paypal’s crypto service reached $25 million in trading volume in the first month since launch) could this mean that the (local) top is getting closer?
While all of this was happening, it looks like things for Chinese miners are not that good. Wu Blockchain reported that 75% of the surveyed miners are struggling to pay their electric bills. This is due to the restrictions the Chinese government is applying on crypto making it very difficult to buy and sell into $CNY. Many miners have seen their bank cards frozen or their machines shut down because they didn’t have cash to pay the electric bill.
Therefore, there is also speculation that this big rally has not only been driven by an increase in demand, but also because the dump activity by miners, that creates constant sell pressure, has slowed down.
What the fork Bitcoin cash?!
This update contained a Hard Fork which has split the chain into two, BCHN and BCHA after block #661647. The reason why this is happening is because of a disagreement on the current state of the blockchain between the Bitcoin Cash Node and the Bitcoin Cash ABC communities after a proposed update by Amaury Sechet (ABC) had been rejected. It looks like $BCHN will be the dominant part as 80% of the miners showed support before the split and it is now 667 blocks ahead.
This is not the first fork for $BCH as it was, itself, the result of a Bitcoin fork in 2017.
How’s ETH2 staking race going?
Less than a week before the deadline, the ETH staked on the Ethereum 2 mainnet are less than half of what’s needed to trigger the start of the Beacon Phase 0. As anticipated by many sources, the community is expecting a decisive increase in deposits rate in the last days before the deadline. If the minimum requirements will be met by 24th November, ETH2 will launch on 1st December, otherwise it will automatically start 7 days after the threshold will be met.
In a recent AMA, Danny Ryan, Core Researcher at the Ethereum Foundation answered users’ concerns about the possibility of a failed launch. Ryan says the Foundation does have a solution, which is to adjust the threshold down to around 100k+ ETH which they consider to be sufficient. This will avoid leaving the staked ETH in limbo. Ryan also noted that for those who did stake, there will be high rewards for these early adopters. Their Github page also goes into more details on other alternatives.
Also, learn more about this staking race and its potential implications:
OKEx Exchange is finally resuming withdrawals!
More than one month after the Okex Exchange decided to suspend all cryptocurrency withdrawals, the team has just announced that operations will reopen on or before 27th November. They also reassure that 100% of users’ funds are safe.
The official announcement confirmed that one of Okex’s private key holders was cooperating with the authorities in a case that has nothing to do with the Exchange itself. They specified that although “OKEx has always used a backup mechanism for private key holders to ensure that each private key holder can trigger the activation of the backup private key in the event of long-term incapacitation, such as death or memory loss”, this particular scenario caught them off guard as no strategy had been prepared for.
Significant loyalty campaigns will be announced as a sign of gratitude to the community.
Follow the OKEx developing story here.
Boxmining happenings: Interviews, giveaways and more!
- We took a look at the Bitcoin run and the last crypto news in a livestream with Jeff Kirdeikis, CEO at Trustswap ($SWAP). Watch it here https://www.youtube.com/watch?v=WfrEjOGa8g4
- Why do we need privacy and scaling on the blockchain? Privacy is the next big leap for blockchain technology as can be used to allow anonymous data sharing, exchanges without front running, and the real fungibility of tokens. We spoke to Prof. Dawn Song about the need for privacy-preserving smart contracts and how this is implemented on Oasis Protocol ($ROSE): https://youtu.be/JQzKKOV_ycA
- After months of work our NEWLY REDESIGNED website is up!! https://boxmining.com/
- We have a fantastic collaboration with the DuckDao team for a chance to win (in our opinion) the best NFT EVER!
*All times are in UTC unless otherwise specified
- 23rd Nov 3:00am: Boxmining livestream
- 24th Nov 3:00am: Crypto going wild! Chat with Sam Bankman-fried of FTX and Alameda Research
- 27th Nov: OKEx exchange will resume withdrawals.
- 1st Dec: ETH 2.0 launch (provided minimum staking threshold is reached)
The information provided in this article is intended for general guidance and information purposes only. Contents of this article are under no circumstances intended to be considered as investment, business, legal or tax advice. We do not accept any responsibility for individual decisions made based on this article and we strongly encourage you to do your own research before taking any action. Although best efforts are made to ensure that all information provided herein is accurate and up to date, omissions, errors, or mistakes may occur.