The decentralized finance (DeFi) sector continues to attract increased attention from cryptocurrency investors. ForkLog has collected the most important events and news of recent weeks in a digest.
Key indicators of the DeFi segment
The volume of blocked funds (TVL) in DeFi protocols increased to $51.5 billion. The leader was Lido with $20.7 billion, while the second and third places in the ranking were held by Maker ($8.4 billion) and JustLend ($6.5 billion), respectively. .
Data: DeFi Call.
TVL in Ethereum applications increased up to $28.4 billion Trading volume on decentralized exchanges (DEX) over the last 30 days made up $77.1 billion.
Uniswap continues to dominate the non-custodial exchange market, accounting for 55.7% of total turnover. The second DEX by trading volume is PancakeSwap (15.1%), the third is Trader Joe (8%).
OKX DEX lost $2.76 million as a result of hacking
Decentralized exchange OKX suffered a $2.76 million exploit due to a suspected leak of the proxy administrator’s private key. PeckShield experts estimated the damage at this amount.
According to SlowMist’s analysis, when exchanging on the platform, users authorize the TokenApprove contract, which then transfers the user’s tokens.
The ClaimTokens feature allows a trusted DEX proxy to make a call to it. In this case, the servers are managed by administrators who can independently make changes to the smart contract.
On December 12, the owner of one of the servers updated it, which allowed ClaimTokens to be called directly to transfer user tokens. The attacker took advantage of this exploit.
Yearn Finance lost $1.4 million due to a transaction error
As a result of a “wrong scenario” multi-sig transaction, DeFi protocol Yearn Finance lost 63% of treasury funds in the Lp yCRV pool.
The incident occurred during the “normal fee token conversion process” and resulted in the exchange of 3,794,894 yCRV for 779,958 yvDAI. The team clarified that the losses amounted to $1.4 million.
The liquid staking token yCRV presents the CRV coin from Curve in the protocol pool. The project invests funds into the structure to support liquidity and receives income in the form of commissions.
However, due to a glitch in the swap script, all treasury funds in one of the protocol’s largest pools were sent to the DEX CoW Swap. The transaction caused significant price slippage, which “was taken advantage of by arbitrageurs and other market participants.”
The developers explained that the erroneous transfer of Yearn Finance’s entire pool balance was one of 30 orders executed through a multi-sig transaction. This made it difficult to manually control, and the commission exchange script “did not have sufficient output checks and contained a logical error” in limiting the size of the swap.
To prevent such incidents, Yearn Finance has taken a number of precautions, including:
- dividing treasury funds in the pool into contracts with individual managers;
- introduction of more easily readable output messages in trading scripts;
- tightening thresholds for price impact.
DeFi project SafeMoon filed for bankruptcy
On December 14, SafeMoon lawyer Mark Rose filed for bankruptcy of the DeFi project. The SFM token reacted with a sharp decline.
Chapter 7 bankruptcy filings have been filed in Utah County Court. SafeMoon US LLC estimated its assets to range from $10 million to $50 million and its liabilities to range from $100,001 to $500,000.
As a result of the news, the SFM token fell to $0.000055. Over the past week, the coin has lost 22.4%, according to CoinGecko.
Gate.io exchange hourly SFM/USDT chart. Data: TradingView.
Nirvana Finance hacker agrees to return $12.3 million
The hacker responsible for hacking the Nirvana Finance yield farming protocol and an unnamed DEX has pleaded guilty and agreed to forfeiture of $12.3 million in stolen assets.
According to the US Attorney’s Office, in the summer of 2022, 34-year-old senior security engineer Shakib Ahmed exploited a vulnerability in the smart contract of an unnamed exchange.
A few weeks later, he attacked Nirvana Finance using an instant loan and withdrew $3.49 million in cryptocurrencies from the project’s treasury. Although the protocol developers offered the hacker a reward, the parties did not reach an agreement. The attacker exchanged the stolen funds for Monero and passed them through the Samourai Whirlpool mixer.
In July, Ahmed was charged with wire fraud and money laundering. In addition to the confiscation of the stolen cryptocurrency, he was ordered to pay compensation to the victims in the amount of $5 million.
The final verdict in the case will be delivered on March 13, 2024. Ahmed faces up to five years in prison.
Also on ForkLog:
Subscribe to ForkLog on social networks
Found an error in the text? Select it and press CTRL+ENTER
ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!
2023-12-16 17:50:27
#TVL #exceeded #billion #Yearn #Finance #lost #million #ForkLog
