Finance Redefined: DeFi’s pitfalls burn hackers and degens alike. Sept. 23-30

View this email in your browser

Finance Redefined

DeFi's pitfalls burn hackers and degens alike,
Sept. 23-30

Authored by Andrey Shevchenko
You can reach me via Twitter or Telegram
This week highlighted a few key limitations of the DeFi space as it exists today. One of them is quite obvious — piling on unaudited, and even unreleased contracts.
This was the case for Eminence, an upcoming project by Andre Cronje, the founder of Yearn Finance. Over the European night of Sept. 28, the project managed to get discovered, get $15 million in funds locked and then get hacked for $15 million.
Some $8 million of those wound up in the Cronje-controlled deployer wallet, and he promised to return that money. The contract is part of Cronje's "I test in prod" adage, as they were deployed to mainnet at least three weeks before the planned release.
It's hard to really blame Cronje here, though this event highlights why testnets exist. The DeFi space seems to have gotten addicted to crazy yields and unaudited contracts being largely successful despite all odds. The hack is an important reminder to why putting money in these hastily developed projects is an extremely risky move.
I haven't yet seen anything to fundamentally alter my thesis from the first installment of this newsletter three weeks ago — yield farming is slowly dying. The initial wave of savvier players is starting to take profits and relax, notably the famed DegenSpartan.
Personally I think that's good — little of value was really added to the ecosystem from this trend. But of course, economic pain is never pleasant, so stay safe out there.
There's another hack that is bound to be much more consequential for DeFi though.

Is DeFi really decentralized?
The KuCoin hack was the big news of this week as more than $200 million was stolen on Sept. 26. This one hack surprisingly puts all DeFi breaches to shame, as they rarely amounted to more than a few million dollars and the funds were often returned in full.
The hacker was not so kind this time, but the crypto space still found a few tricks to mitigate the losses from this hack.
Overall, some $130 million in funds were frozen or hard forked as projects cooperated with KuCoin to mitigate its losses.
Among these are the centralized stablecoin providers, notably Tether. Over $33 million was hastily frozen by the company, so now the hacker can't move that money.
This is definitely not a criticism of Tether — it was the right move and it was wholly expected. If some people still don't know it, this is a great reminder: Tether maintains control over the tokens at all times. They can arbitrarily freeze any wallet, and frequently use this tool in response to law enforcement requests. Many centralized stablecoins have this ability, including USDC, PAX, GUSD and TUSD.
Of course, while it's great to mitigate hacks, this feature runs counter to the very foundation of Bitcoin and crypto in general — you, and only you are in control of your funds. It's what makes crypto truly decentralized and resistant to regulatory capture.
You'll pardon my surprise then when I saw a few DeFi projects, namely Ampleforth and Akropolis, freeze tokens in a very similar manner to USDT. Ampleforth went to great lengths to do so, quickly deploying a new contract that would let them freeze the hacker's tokens. BZX also used the freezing feature during its earlier hack.
The fact that they have admin keys is well known, but still. DeFi is likely triggering more than a few curious looks from the SEC, but the traditional defense is that these protocols can neither be controlled or stopped by a specific entity.
Disregarding for a bit the questionable strength of this argument, if a company openly shows that it has control over the DeFi protocol, it really becomes just another fintech startup, which could be bound by stringent regulations.
I'm by no means a lawyer and this is absolutely not legal opinion or advice, but my view is that a lot of what DeFi does is just recreating traditional financial services that are unencumbered by AML and KYC obligations.
Whether these regulations are useful or worthwhile can be a touchy subject, but it's obvious that regulators will want to enforce their rules when possible. Many DeFi projects are ultimately U.S-based, which is an important thing to consider.

A deeper dive into "impermanent" loss
I've stumbled across this interesting paper published by a French economics professor and researcher, Alexis Direr. He provided a fairly in-depth but accessible review of Uniswap, and by extension other decentralized exchanges like Balancer, Curve etc.
Liquidity providers on Uniswap will be keenly aware of impermanent loss — a money transfer from LPs to arbitrage traders arising from fundamental properties of these exchanges. It was termed "impermanent" because it derives from price changes of one asset against the other. If these changes revert, the losses do too.
I've always been bugged by a fairly simple question: if impermanent loss is arbitrageurs extracting value from LPs, how can they suddenly return to an even position if they're being exploited both one way and the other?
Direr answered that question quite elegantly. In reality, Uniswap LPs would make a trading profit from these fluctuations. Arbitrage traders "steal" that profit, making the losses quite permanent in any scenario. It's just that in the optimistic case it becomes missed gain instead of an outright loss.
I've since been informed that the original creator of this term changed his mind a few weeks ago. The proper name is now "divergence loss" which seems quite a bit less misleading.

Non-Ethereum DeFi takes some of the spotlight
NEO, one of the earliest "Ethereum-killers" that had kind of disappeared off the map lately, returned with a vengeance by launching Flamingo. It's kind of a mish-mash of every major DeFi category on Ethereum, including lending, stablecoin creation, DEXs, perpetual futures etc.
It attracted over $1.6 billion in total value locked, which definitely looks impressive considering that it does not have Ponzi pools. It is also not a literal clone of Ethereum projects, which is something another "Ethereum-killer" likes to do.
Another project on Ontology (which I like to call NEO's cousin) also collected more than $180 million in TVL.
I expect we'll see more and more competition outside Ethereum. The space is crowded though, and for now it's too soon to make predictions on winners.

Authored by Andrey Shevchenko
You can reach me via Twitter or Telegram
1.5 million people follow us on social media
Download our official app:






This email was sent to olaiyavf01.elloveth@blogger.com
why did I get this?    unsubscribe from this list    update subscription preferences
Cointelegraph · PO box 309 · Ugland House, Grand Cayman KY1-1104 · Cayman Islands

Popular posts from this blog

Reddit Community’s MOON Tokens Soar

Image
Plus, Celsius settles with shareholders from its Series B funding round July 18, 2023 The latest moves in crypto markets, in context By Lyllah Ledesma, CoinDesk reporter Was this newsletter forwarded to you? Sign up here .    Supported By   Happy Tuesday! Here's what you need to know today in crypto: MOON, the native token of Reddit's r/Cryptocurrency community, has surged following the recent change in terms of service for the website.  Coinbase Earn is particularly vulnerable to being defined as a security, said Berenberg in a research report.  Celsius has agreed with its Series B shareholders over proceeds from the GK8 sale.     Latest Prices CoinDesk Market Index (CMI) 1,295 −9.3 ▼ 0.7% Bitcoin (BTC) $29,773 −327.5 ▼ 1.1% Ethereum (ETH) $1,887 −18.0 ▼ 0.9% S&P 500 futures 4,550.25 −3.5 ▼ 0.1% ...
Read more

Are Crypto Investors Protected?

Image
Webinar March 31 at 1 p.m. ET Sponsored by Trulioo As cryptocurrencies become increasingly mainstream and digital trading and investment platforms attract experienced and novice investors alike, regulatory reform, specifically the acceleration of new measures to mitigate financial crime, is adapting to protect consumers. Join Trulioo's exclusive webinar to hear how crypto exchanges can navigate the dynamic and evolving regulatory landscape.   Nick Lord of Blue Pool Communications will moderate a discussion with Trulioo SVP, Identity Solutions, Garient Evans and Bitbuy Chief Compliance Officer, Torstein Braaten.  Garient Evans SVP, Identity Solutions Trulioo Torstein Braaten Head of Regulatory Affairs & CCO Bitbuy Moderator Nick Lord Founder Blue Pool Communications   Copyright © 2022 CoinDesk, All rights reserved.    250 Park Avenue South New York, NY 10003, USA You can manage your preferences here or unsubscribe from all   CoinDesk ...
Read more

Coinbase's revolving door

Image
To view this email as a web page, go here. July 31, 2019 US FIRST: Any U.S. resident with a government-issued I.D. can now trade futures contracts for real bitcoin. Revealed exclusively to CoinDesk, LedgerX has officially launched the first physically settled bitcoin futures contracts in the U.S., beati...
Read more
powered by Coinlib
Advertise with Anonymous Ads