Hacker Drains $500k From Balancer in Latest DeFi Attack

Hello Defiers! Here’s what’s going on in DeFi,

  • Hacker exploits Balancer to drain $500k

  • MCDEX launches DeFi’s first ETH perpetual futures contract

  • Q&A with MCDEX founder on dropping ETH mines to build a DEX

and more 🙂

Subscribe now

🎙Listen to this week’s podcast episode with Ampleforth Co-founder:

💗 💗 THANK YOU to everyone who has contributed to The Defiant’s Gitcoin GrantPlease consider supporting quality DeFi-focused journalism as we continue building the media company the new financial system deserves. Funds raised in this round will be used to continue supporting the amazing contributors writing for The Defiant, and to build a highly-requested data dashboard to track DeFi usage. Magical matching means that even 1 Dai makes a big difference.

🙌 Together with Quantstamp, a leading blockchain security firm keeping your money legos safe, Kyber Network, the on-chain liquidity protocol for the tokenized world, and Keycard, the secure, contactless hardwallet & open source API.

Hacker Drains $500k from Balancer Pools

A hacker yesterday drained $500k in tokens from two Balancer Labs liquidity pools in the latest of at least five DeFi attacks this year.

The attack highlights the risk of using open source platforms, where experimental tokens which can be added without a vetting process and code can be inspected by hackers looking to make a profit.

Deflationary Token

The attacker exploited a special feature in the Statera (STA) token in these pools, which ensures that for every transaction, 1% of the amount transacted is destroyed.

Because of the deflationary nature of the token, the attacker was able to drain STA from the pool after borrowing ~100k WETH from dYdX using a flash loan, and used those funds to swap WETH to STA back and forth 24 times.

With the STA balance close to zero, “its price relative to the other tokens in the pool is extremely high and the attacker can now use STA to swap for other assets in the pool extremely cheaply,” Balancer’s Mike McDonald wrote in a post.

Balancer currently holds $114M in its smart contracts, the fourth largest DeFi protocol by locked funds, according to DeFi Pulse.

Unintended Effects

Balancer has warned about the unintended effects ERC20s with transfer fees could have in the protocol, even if the team wasn’t aware of this specific hack. Still, “it’s a permissionless protocol and broken or malicious tokens will always be able to be added at the contract level,” McDonald wrote.

This is not the first time hackers exploit vulnerabilities in a token to attack a platform the token trades in. In April, a hacker was able to drain $25M from lending protocol Lendf.Me —almost all of the funds it held— in hours by exploiting vulnerabilities in the imBTC token.

Steven Zhang from The Block, who was one of the first to alert to this hack, said it best: “Money Legos are only as good as their best pieces. Don’t invest in what you don’t understand. When you chase yield, be prepared for yield to chase you back.”

MCDEX Launches First ETH Perpetual Contract in DeFi

MCDEX today is launching DeFi’s first ETH/USD perpetual futures contract today. DeFi traders will now be able to go up to 10x long ETH in a permissionless way.

The launch follows dYdX’s success with BTC perpetual futures contracts, which temporarily launched the DEX’s trading volume to the highest in DeFi a month after the contract’s launch. Perpetual futures is one of the most popular assets in centralized crypto exchanges, with BitMEX trading over $2.2B in daily volume and ~$82.5B in monthly volume according to a January, and they’re becoming one of the most popular contracts in DeFi too.

Hybrid Model

MCDEX combines an off-chain order book with an on-chain Uniswap-like Automated Market Maker. This hybrid allows MCDEX to offer traders functionality and feel that’s similar to centralized exchanges, while the AMM provides the ability to always find liquidity on-chain.

Image source: MCDEX

Funding Rate

The on-chain AMM also provides a funding rate to balance long and short orders in times of high demand. For example, “when the funding rate is positive it means long position holders pay to fund short positions (short position holders). This incentivizes users to take up the short side of the trade effectively balancing demand for both sides,” according to the MCDEX “drop” on DeFi Pulse.

The ETH-PERP takes advantage of Chainlink’s ETH/USD Price Reference Contract live on the Ethereum mainnet as its index price feed.

[NOTE: This post includes referral links. You’ll be helping The Defiant if you use MCDEX if you trade through this link]

Funds and Liquidity Mining

MCDEX is also planning to introduce structured funds, which any users will be able to deposit funds into. Funds will can be automated or human-managed.

These structured funds are tied into MCDEX’s native token MCB. Like many other DeFi platforms recently, MCDEX plans to launch its own platform token in the third quarter this year, and leverage it to incentivize use on the platform.

MCB tokens will be distributed to the funds based on their net asset value at a fixed amount per day. Fund managers will even receive a cut of the MCB they earn for fundholders.

Asia Community

Beyond launching the first ETH perpetual, MCDEX is one of few China-based DeFi projects. That’s bound to change though. As DeFi is increasingly drawing the attention of DeFi users, it’s only a matter of time before they start building in the ecosystem too, MCDEX founder Liu Jie said. It may also be the case that other ETH miners like Jie will choose to shift to DeFi in anticipation of the change to PoS, though he wouldn’t necessarily count on that. Scroll down for the Q&A.

Liu Jie on Why He Stopped Mining ETH to Build a DEX

Tell me about your background; education, where you grew up in, what were you doing pre crypto?

I was born in Nantong, Jiangsu Province, a city near Shanghai in 1985. I’ve been keen on computer science and start to write code since 14. The first prize of National Olympics of Information built my confidence to further devote myself to programming.

During my bachelor and master experience in NJUPT majoring in Information Security, I’ve got a thorough understanding of cryptography, which built the solid foundation to step into crypto industry later on.

Baidu Work

After graduation, I joined Baidu(Nasdaq:BIDU), the largest search engine company in China, responsible for architect of infrastructure system. During my 4 years of experience in Baidu, I have been continuously working on the large-scale distributed data warehouse system – Apache Doris (doris.apache.org). I’ve led the architect and development of Doris 3.0 and 4.0, which was later open sourced in 2017 and got into the Apache Incubator in 2018. Doris not only achieved great success within Baidu, being deployed in hundreds of servers, but also has been adopted by many giants companies in China after open source, like Xiaomi, Meituan and Kuaishou, etc.

After leaving Baidu in 2014, I founded a mobile internet advertisement company, which predicts CTR (Click through rate) by AI and provides the service of ads optimization in the real time bidding market. We made a proper amount of money by running that company, but still, as a tech believer and expert, I always expect to do something cooler.

Monte Carlo

In 2018, together with my former founding team, we founded Monte Carlo and marched into Blockchain industry. Our first product is a GPU mining platform – Minerbabe, which has served 100k mining machines and hundreds of miners. At the beginning of 2019, we gradually realized the power of DeFi and plan to do MCDEX and now we’re thrilled to officially launch MCDEX.

What got you into crypto / why did you become interested in the space?

Jie: As a tech believer, I’ve been always interested in the most advanced technologies, including AI and blockchain. I noticed bitcoin in 2010 and followed its trend since then. Blockchain is a combination of cryptography and distributed system, both of which I have learned and got profound understanding during my university and work experiences. I deeply believe that blockchain will lead the next innovation of technology.

For how long were you Ethereum miners? Were you also mining other coins?

We’ve been mining ETH for more than two years. Since we do the GPU mining, we can also mine other coins by changing mining programs. For example, when Grin is launched in 2019, we developed a mining software to support 4G GPU ( The official version only supported 6G GPU). Besides, we’ve been actively involving with mining and  communities engagement in other excellent projects. I am the namer of Grin’s Chinese name – 古灵币. Both I and Minerbabe are donors of Grin.

Is MCDEX the first Ethereum or blockchain app that you have built?

Yes, it is. Up to now, MCDEX has launched two versions. V1 is the trading layer of Market Protocol ( a Future-like protocol ), which is the first smart contract our team developed. Since Market Protocol is focusing on the asset layer, we focus on the trading features. The experiences of V1 equipped us with the capability to develop V2 efficiently.  

Why did you decide to transition from mining to building a DEX?

One direct reason is that 80% of GPU mining comes from Ethereum, but Ethereum will shift to ETH 2.0, which will dramatically decrease the profit of GPU mining. While the fundamental reason is that we are aiming to provide better financial services. Most miners regard mining as an investment behavior, but overall this is not an easy investments – miners not only need to take risks of volatility of coin prices and mining difficulties, but also need to deal with many problems like damage of mining rigs and instability of the electricity supply. 

MCDEX is in a mission to make investing easier by building a secure and easy-to-use decentralized financial platform. That’s why we will launch MCFund in two months. What users need to do is to deposit their asset in the fund and withdraw, instead of knowing trading techniques. The investment threshold has been largely reduced in this way. Moreover, we will also introduce liquidity mining to MCFund – users will get MCB by investing in MCFund, which can maximize investors’ profits. With the booming of DeFi, more and more miners will join “DeFi mining”, which is much easier than the mining they did before. 

You’re implementing an innovative hybrid AMM/order book model. What are some benefits of this?

This model is a trade-off to guarantee the short-term user experiences and long-term potentials. We believe that AMM is the future. AMM provides the on-chain liquidity and entrance for interacting with other smart contracts. Other smart contracts can call the interface of our AMM to speculate, arbitrage and manage their portfolios, thus realizing many innovative products.

Meanwhile, because of the inefficiency of current infrastructure, liquidity of AMM is usually  worse than off-chain order book. To improve user experiences, we also introduce an off-chain order book and the top market making teams to provide better liquidity. With more and more market makers joining the game in the near future, I believe our liquidity will reach the same level with the liquidity of centralized exchanges.

What are you trying to improve compared with other DEXs?

As a tech-oriented team, we value innovation. But what we care most is product market fit – whether users/ partners will enjoy benefits by using our products. Tech is nothing except being implemented in the right place. So we’ve spent tons of time identifying market demands and will do. We balance both of the short-term benefits and long-term vision, moving forward step by step.

What is the Ethereum community in China like? is it mostly miners?

Ethereum community in China is a vital component of the whole. Many early investors in Ethereum come from China. Spark Pool and F2Pool, which are among the top 3 mining pools, also come from China. One of the most popular wallet, imToken, is developed by a Chinese team. There are many contributors of Ethereum and developers of Dapps in China. And there will be more as Chinese community are realizing the power of DeFi gradually.

There doesn’t seem to be much communication between Ethereum communities in the East and West. Do you think this is true?

As mentioned, there is actually many active contributors of Ethereum in China. But I do realize the lack of communication between eastern and western communities, mostly because of language barriers. Western community is leading right now in terms of innovation and cognition, for example, “DeFi” is proposed by western community two years ago.

But some people who work in the eastern CeFi space still haven’t heard of this concept yet at the beginning of this year. Until recently, with the popularity of some famous projects – Compound, Uniswap, Balancer etc., many Chinese get to know DeFi and take part in the game. Chinese took a quick response here, since as far as I know, many have joined the liquidity mining of Compound and more are exploring in the DeFi space right now.

Meanwhile, many media and projects are working on bridging the gaps between eastern and western community. Chinese media on blockchain are making efforts to pass news from western world and many western projects also pay much attention on Chinese market by working with some local agencies. Many developers, like us, have also been working on strengthening connections with western space. Blockchain is without boundaries, those gaps will eventually be mitigated and eliminated.

Do teams building dapps in Asia have a harder time gaining recognition in the Ethereum community?

From the perspective of tech, I don’t think so. Blockchain is an innovation that enables all developers, no matter what nationalities and race, to enjoy the same standard of evaluation. When evaluating a project, we don’t need to rely on the background of founders, the amount of fund they’ve raised and their resources. What we do is to review the codes to evaluate the quality of codes and level of developers. This the charming of blockchain – You don’t trust me, you trust my code.

However, when we are developing a Dapp, Tech is not everything, although it’s the foundation. Product-market fit is also a key element when evaluating a Dapp. For this part, Asian team have a harder time because of again, language and cultural barriers, since it’s more about projecting your voice instead of writing codes. But this is not a big problem and can be conquered in a short time by marketing strategies. And we are seeing progress here. Overall, in this tech-driven industry, Asian team is an equal, ambitious and capable participant the same as other participants.

Are you seeing other miners shifting to building dapps in preparation for PoS?

Most miners are investors who are expecting to receive profit by mining. They are not capable of developing. The software that miners use is developed by teams like us. Their demand is to find reliable platforms to invest. That’s exactly what we are building now. 

Excellent developers are those who can migrate to other areas. For example, a team who developed the mining kernel can also develop a public blockchain. Thus, more developers will join the Dapp trend but most of those are not previous miners.

Do you think most PoW mining will start staking in Eth2, or will they start mining other coins?

It is a good question. Most of the GPU miners, as far as I know, have not considered staking in Eth2 yet, which is because there is still a long time before the Eth2 launch. After the Eth2 launch, some miners will shift to mine other coins and the others will sell their GPU. Some miners definitely will stake in Eth2. But it is hard to predict the number of such miners. It all depends on the ROI of staking. GPU miners have an expected APY of about 50%-100%, and in last year they could achieve the goal. So, if the APY of staking is close to this level, many miners may shift to become the PoS holders. Otherwise, they may shift to invest in other products.

MakerDAO Adds Poll to Raise WBTC Debt Limit

MakerDAO’s MKR holders will now be able to signal their support to raise WBTC debt ceiling to 20m from 10m.

The DeFinancial Farming Toolbox: TokenBrice

Monolith’s Brice Berdah published “a hitchhiker’s guide to liquidity mining curating tips & tools to help you make the most of DeFi’s agrarian revolution.”

Hope you’re enjoying The Defiant. If you are, spread the word!

Share The Defiant

The Defiant is a daily newsletter focusing on decentralized finance, a new financial system that’s being built on top of open blockchains. The space is evolving at breakneck speed and revolutionizing tech and money. Sign up to learn more and keep up on the latest, most interesting developments. Subscribers get full access at $10/month or $100/year, while free signups get only part of the content.

Subscribe now

Click here to pay with DAI.There’s a limited amount of OG Memberships at 70 Dai per annual subscription ($100/yr normal price).

About the editor: I’m Camila Russo, a financial journalist writing a book on Ethereum with Harper Collins. (Pre-order The Infinite Machine here). I was previously at Bloomberg News in New York, Madrid and Buenos Aires covering markets. I’ve extensively covered crypto and finance, and now I’m diving into DeFi, the intersection of the two.

—Source link—

What do you think?

Calling all #RegTech and #FinTech community members: have your voices heard by completing @CambridgeAltFin’s survey. #COVID__19 #survey

Balancer Drained for $500k Using STA & STONK Deflationary Tokens