Source: Coindesk; Compilation: LianGuaiBitpushNews Mary Liu
Decentralized Finance (DeFi) was in trouble over the past weekend due to a series of attacks on several mainstream platforms.
MetaMask developer Taylor Monahan estimated that a total of approximately $70 million was stolen over the weekend, including theft from Curve Finance, one of the most commonly used and influential decentralized exchanges. Lending protocol Alchemix, yield platform Pendle, synthetic asset tool Metronome, and decentralized NFT protocol JPEG were also affected.
According to The Defiant, in response, DeFi borrowers started withdrawing funds from other DeFi platforms, including Aave, leading to a surge in borrowing costs for the entire subsector.
- Evening Must-Read | How is the development of the OP ecosystem now? Is it worth investing in?
- Multiple projects have suffered losses exceeding 59 million US dollars due to the Vyper reentrancy vulnerability. Is your funds still safe?
- How to implement the concept of ‘Privacy Mempool’ using ZK and VDF?
Undoubtedly, things could get worse. However, white hat hackers were able to remove assets from several lending pools on Curve to prevent them from being stolen. Additionally, three of the five malicious attacks were apparently caused by “front-running” by MEV (Maximal Extractable Value) experts. MEV is a controversial but unavoidable feature of how public blockchains work, allowing third parties and automated machines to search for and reorder pending transactions in the mempool for profit.
Coffeebabe.eth was responsible for reversing at least two of the malicious attacks through front-running, which may have been carried out by multiple unrelated hackers. Chainlink, the on-chain data provider (also known as an “oracle” system), has also received some praise for preventing collateral damage to the entire industry during the attacks, albeit in a roundabout way. “If platforms like Aave or other DeFi lending protocols use (now depleted) CRV/ETH Curve pools as on-chain oracles, they would be completely screwed,” wrote LINK Marine ChainlinkGod on Twitter. Indeed, that seems to be the case, but perhaps with different wording.
The nature of the attacks apparently stems from a vulnerability found in a programming language called Vyper, specifically designed for launching smart contracts on Ethereum. The core team of this programming language received support from the Curve team, announcing that older versions of Vyper are susceptible to “reentrancy” attacks. While representatives of Vyper state that projects using versions 0.2.15, 0.2.16, and 0.3.0 should reach out, it may take several days, weeks, or even months to fully understand the issue.
Hacker attacks in the crypto world are not entirely the same as attacks in other areas. It is becoming increasingly common for attackers to return the stolen funds, which are essentially traceable on the blockchain, making it difficult for people to spend contaminated money or cash out anywhere without the world knowing. You might think this means that attacks in cryptocurrencies will be less common, but the reality is clearly different. Just today, security audit company CertiK claimed that cryptocurrency users lost at least $303 million due to exploit vulnerabilities in July 2023 alone.
Although the technical aspects of the attack are still under investigation and the overall impact is not yet clear, there is at least one clear conclusion. UniswapX is a new product launched by the team behind the popular decentralized exchange Uniswap. This product essentially uses off-chain mechanisms to execute transactions, thereby saving transaction fees for Uniswap users. In the days following the announcement of UniswapX, people have been talking about the future of DEXs. It is evident that the world is moving in this direction: Cowswap, 0x, and a series of protocols including UniswapX are all using the “best execution” model, which brings certain aspects of cryptocurrency trading off-chain.
To some extent, cryptocurrency trading is fascinating but dangerous. In any market, competitors must attract users through innovation, and costs tend to approach zero. Cryptocurrency traders also indicate that they are often willing to trade some guarantees of fully on-chain cryptocurrencies for better prices, faster transactions, or just some form of assistance – this is what proprietary trading algorithms claim to offer to the benefit of traders.
However, considering the recent challenges in DeFi and the fact that even on-chain transaction execution can go significantly wrong, isn’t this a huge risk if we remove the only benefits that blockchain brings to business: immutability and transparency?
I don’t know what the future holds for blockchain, but more and more people are telling me that it will not be like the AMM (Automated Market Maker) world we are familiar with, but more programmatic and automated. Perhaps this will become a reality, but the immediate priority is to address the current issues in the cryptocurrency projects.
Like what you're reading? Subscribe to our top stories.
We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!
