Tanya Abrosimova
Independent Analyst
- Three DeFi protocols lost nearly $10 million of user funds in a week.
- The industry is still immature and vulnerable to exploits.
The past week brought a lot of excitement and a lot of grief at the same time. While Bitcoin traders celebrated the two-year high reached by the pioneer cryptocurrency and harboured aspirations for the new records by the end of the year, DeFi players had to grapple with numerous hacks and exploits.
FXStreet previously reported that hackers stole $100 million from the DeFi sector since the start of the year; however, nearly $10 million were lost within the last seven days.
Percent, Acropolis and Value betray users trust
On November 12, someone hacked the DeFi yield farming project Akropolis through an exploit that involves Curve and siphoned about $2 million of users funds in DAI tokens. Notably, the project developers claimed that their smart contracts had been audited twice, but the attacker still managed to use the flash loans scheme to drain Akropolis's YCurve and USD pools.
Akropolis (AKRO) dropped by 25% in a matter of hours and continued sliding down. At the time of writing, the token's price has settled at $0.009, down from $0.014 registered before the hack. The asset is ranked 365th, with a current market capitalization of $18 million.
Two days later, Value DeFi, another yield farming protocol, lost $6 million to hackers via the flash loan technique. Ironically, the team claimed that it had improved its vaults' security to withstand this type of attack.
According to Emiliano Bonassi, a so-called whitehat hacker and the co-founder of DeFi Italy, the hacker launched a complicated and multi-stage exploit using two flash loans taken from different lending protocols. Namely, they took 80,000 ETH on Aave and 116 million DAI in Uniswap, deposited them to the Value DeFi's multi-stablecoin vault, and performed numerous swaps between USDT, USDC and DAI, exploiting the vulnerability of vault's withdrawal method.
— Emiliano Bonassi | emiliano.eth (@emilianobonassi) November 14, 2020
Before running away with the loot, the thief sent $2 million back to the protocol. Later on, a crypto trader, aka @CryptoDeFi137, noticed that the protocol creators were in talks with the hacker, asking them to return $5 million of user funds.
Value DeFi transaction details
The governing token of the project, VALUE, lost 25% immediately after the hack to trade at $2. At the time of writing, VALUE is changing hands at $2.15, having recovered 5% on a day-to-day basis. Based on the data provided on the project's official website, less than $1.5 million locked in the hacked Multistables Vault from $3 million right after the incident.
Percent Finance was not actually hacked. However, the protocol users also lost nearly $1 million in USDC, WBTC and ETH. Their tokens were irretrievably frozen on smart contracts following the interest rate model update. The users were not able to do anything with their coins while the team was working on the solutions to return the funds or compensate users for losses.
The price of the Percent Finance token (PCT) crashed by nearly 90% after the incident. At the time of writing, PCT is trading at $0.02 from $0.14 on November 4.
Three lessons to be learned from the week of DeFi hacks
1. DeFi is an opportunity and a considerable risk at the same time
The skyrocketing popularity of the DeFi industry exposed the critical vulnerabilities of the DeFi ecosystem. Despite the explosive growth of the projects involved in the decentralized finances, most of them are highly insecure and vulnerable to hack attacks.
Speaking in the interview with the host of Unchained Podcast Laura Shin, the co-founder of Ethereum Vitalik Buterin noted that the interest rates in the DeFi protocols are significantly higher than in traditional banks, and people tend to underestimate risks related to smart contracts. He also added that even audited and well-known platforms were not immune to hacks and errors.
2. DeFi tokens are vulnerable to losses
DeFi tokens earned by yield farmers can become useless in a matter of minutes. The experts drew parallels with the ICO boom in 2017 when the assets bought during the token sale underwent a standard boom-and-bust cycle. Most of them have zero value now, while their investors went broke.
Something similar is happening now in the DeFi industry, where even the tokens of well-established projects like Compound and Uniswap experienced a sharp price decrease from the levels registered at the launch.
3. The industry is a Wild West territory
DeFi is often touted as a future of the global financial system that will replace the legacy system with its clumsy and costly institutions. However, at this stage, the industry is still at the early stages of its evolution. Being mostly unregulated, it offers scope for manipulations and wrongdoing. Meanwhile, users are not protected by anyone, meaning that they will be left alone with their losses in case of a hack attack, exit scam or code error. This is something to consider before rushing to a new red-hot project.
Note: All information on this page is subject to change. The use of this website constitutes acceptance of our user agreement. Please read our privacy policy and legal disclaimer. Opinions expressed at FXstreet.com are those of the individual authors and do not necessarily represent the opinion of FXstreet.com or its management. Risk Disclosure: Trading foreign exchange on margin carries a high level of risk, and may not be suitable for all investors. The high degree of leverage can work against you as well as for you. Before deciding to invest in foreign exchange you should carefully consider your investment objectives, level of experience, and risk appetite. The possibility exists that you could sustain a loss of some or all of your initial investment and therefore you should not invest money that you cannot afford to lose. You should be aware of all the risks associated with foreign exchange trading, and seek advice from an independent financial advisor if you have any doubts.
Recommended Content
Editors’ Picks
SEC doubles down on TRON's Justin Sun lawsuit dismissing claims over jurisdiction
The SEC says it has jurisdiction to bring Justin Sun to court as he traveled extensively to the US. Sun asked to dismiss the suit, arguing that the SEC was targeting actions taken outside the US.
XRP fails to break past $0.50, posting 20% weekly losses
XRP trades range-bound below $0.50 for a sixth consecutive day, accumulating 20% losses in the last seven days. Ripple is expected to file its response to the SEC’s remedies-related opening brief by April 22.
ImmutableX extends recovery despite $69 million IMX token unlock
ImmutableX unlocked 34.19 million IMX tokens worth over $69 million early on Friday. IMX circulating supply increased over 2% following the unlock. The Layer 2 blockchain token’s price added nearly 3% to its value on April 19.
Bitcoin Weekly Forecast: BTC post-halving rally could be partially priced in Premium
Bitcoin price briefly slipped below the $60,000 level for the last three days, attracting buyers in this area as the fourth BTC halving is due in a few hours. Is the halving priced in for Bitcoin? Or will the pioneer crypto note more gains in the coming days?
Bitcoin: BTC post-halving rally could be partially priced in Premium
Bitcoin (BTC) price briefly slipped below the $60,000 level for the last three days, attracting buyers in this area as the fourth BTC halving is due in a few hours. Is the halving priced in for Bitcoin? Or will the pioneer crypto note more gains in the coming days?