Curve founder and his $40M mansion puts DeFi at risk
And yet another rug pulls happens with a meme-coin mocking Coinbase's CEO
Welcome to Stay on-chain! This week, brace yourselves for some not-so-good news in the DeFi world. Sit back and let us be your eyes and ears in the DeFi world!
Reentrancy hack on Curve Finance
Curve Finance, one of the big players in the game, took a hit as it fell victim to an exploit, resulting in a whopping $70 million worth of assets being drained. The hack leveraged a reentrancy vulnerability that targeted factory pools on Curve Finance.
Factory pools let anyone set up a liquidity pool on Curve using a ready-made "factory" framework. The attacker had their eyes on factory pools from several projects: $11.4 million vanished from JPEGd’s pETH-ETH pool, $1.6 million from Metronome’s sETH-ETH pool, $13.6 million from Alchemix’s alETH-ETH pool and a jaw-dropping $25M was funneled from the CRV/ETH pool. The exploit was carried out using flash-loans, taking advantage of a vulnerability in specific versions of Vyper (the smart contract programming language). The hacker exploited the Vyper compiler, which means that other Vyper smart contracts across DeFi could also be at risk.
Thankfully, we've got our heroes in the DeFi: c0ffeebabe.eth, a white hat MEV bot operator managed to save the day by returning 2,879 ETH ($5.4 million!). His bot frontrunner the malicious hacker and secured some of the stolen funds, which were then handed back to Curve Finance.
Confidence in DeFi may seriously take a hit now that Curve, once considered a safe protocol, got exploited.
Curve’s founder Micheal Egorov was in trouble
A while back, Michael Egorov, Curve's founder and CEO, decided to go big and borrow over $100M backed by his huge 427M CRV holdings (47% of the entire CRV circulating supply). Rumors say he wanted to score some fancy mansions…
Hold on tight, because things took a dramatic turn. The CRV/ETH LP got completely drained thanks to the Curve exploit, resulting in a massive decrease in CRV’s liquidity. DeFi sharks smelled blood in the water with CRV shorts starting to crash the price, aiming to catch Michael’s liquidation.
Micheal tried to lower his debt and, especially, the utilization rate on Fraxlend. Here's the catch — at max utilization, the Fraxlend interest rate doubles every 12 hours. With that super-high interest rate, he could face an automatic liquidation in just 3.5 days. He ain’t a dumb guy and used some game-theory tricks to save his ass. He deployed his own CRV/FRAX pool on Curve and incentivized it with his own CRV stash. Those high rewards brought more and more capital to flow into the Fraxlend pair, effectively reducing the utilization rate and those skyrocketing interest rates.
And guess what? It worked! Michael caught his breath and got to work setting up some OTC deals to sell some of his CRV holdings. Justin Sun, DWF Labs, Sifu, and DCFGod were eager to buy millions of CRV at a discounted rate. With over $15M in stablecoins raised, he repaid some of the debt and managed to lower the liquidation price quite enough.
Fun fact: Curve’s token CRV was not deployed by the team itself but by a fellow degen that front-ran them — link
BALD on Base rugs millions. Ties to SBF?
Base, Coinbase’s Ethereum Layer-2 solution is nothing less than the far West. Couple a popular brand, the chance of an airdrop for $BASE, and the excitement around a new chain, and you get the perfect recipe to attract degens from all over the place.
The catalyst has been Base’s developers’ bridge, which consists of a one-way bridge to the chain. You transfer your coins in, but you can’t pull them out. This led to a massive inflow of ETH, about $85M at the time of writing, that was wandering around the chain for a use case.
Here comes BALD, the perfect meme coin at the right moment. Joking on Coinbase’s CEO being bald, the token found fertile ground and went viral nearing $100M in market cap and $12M in liquidity. Right after its explosion, the deployer pulled out liquidity, adding back peanuts — netting him several millions in profit.
This is a perfect example of a rug pull: since it’s not locked, the deployer can remove the initial liquidity (which value increases as people ape in, since BALD tokens are given to investors and replaced by their ETH tokens in order to keep a 50/50 ratio in the LP), making the coin illiquid and not tradable due to a high price impact.
If you’d like to dig in a bit deeper, here’s the deployer’s Twitter. Citing his own words, he says he’ll be donating all net profits to nonprofits.
The story doesn’t end here though, anon. There’s a twist, with many finding ties between the deployer of the BALD contract and SBF, the former CEO of the now-defunct FTX exchange. Most evidence is circumstantial, citing FTX address funding, ties with Alameda Research, and an address frequently depositing to the deployer Binance address playing a part in the UST de-peg.
Furthermore, many noticed SBF’s and BALD’s deployer styles of writing being similar, arising suspicion. Need some more? Serum, a project that was building on Solana, re-branded its Twitter and started shilling meme-coins, BALD included.
Again, this is pure speculation, and we wouldn’t be surprised if it was a well-conceived plan to throw off investigations. Per court orders, SBF only has access to a handful of websites on controlled devices while on bail.
Happy birthday! Did you know that Ethereum turned 8 years old on July, 30? 🎂
CAKE adds revenue sharing: deflationary soon?
PancakeSwap recently announced further efforts to make CAKE deflationary and the DEX sustainable in the long-term. Following the launch of PancakeSwap v3 (which is forked from Uniswap v3), CAKE fixed-term stakers will enjoy 5% of trading fees generated on pairs that feature a 0.01% and 0.05% fee structure.
Here’s a comprehensive infographic on how it works:
Even though pairs featuring a 0.25% and 1% fee structure do not share part of the fees to CAKE stakers, it’s important to know that they’re making up for less than 20% of the volume. Moreover, those two, see 23% of the fees generated going towards burning CAKE — indirectly benefiting stakers anyways.
This move not only fuels the team’s deflationary efforts but also makes fixed-term staking more appealing compared to the flexible option (i.e. deposit and withdraw as you please, with no locks) — hence potentially making CAKE less volatile and sustainable in the long-term, since analysts can now better plan economic incentives in order to counteract massive CAKE unlocks.
Stake ‘em! 🥞
Term Finance brings fixed rates to DeFi
Till today, the interest rates of borrowing and lending of crypto-assets in DeFi were determined by the market. It’s known they can fluctuate quite a bit, especially during liquidation and major price swings events. Term Finance, a brand-new DeFi protocol, is changing that!
How, you ask? Well, they are offering short-term loans with fixed interest rates. It works like this: borrowers meet lenders in an on-chain auction where the weekly fixed rate is determined. Borrowers won't have to worry about ever borrowing at more than their predetermined maximum interest rate, and lenders can rest easy knowing they won't lend below their minimum rate.
This can be seen as a major development in DeFi as it bridges the gap between DeFi and TradFi, as users have an alternative to the variable rates from protocols like Aave &co.
Sui adds liquid staking — link
SEC sues Richard Heart of HEX and Pulsechain for allegedly selling unregistered securities — link
Staking rewards count as taxable income, IRS says — link
Coinbase CEO confirms that Coinbase is looking into integrating Bitcoin lightning
Microstrategy plans to sell up to $750M of stock, possibly to acquire even more BTC; they currently hold 152,800 BTC
Six asset managers file SEC application for ETH futures ETF — link
Let’s find the edge in this Curve chaos!
As you may know, transparency is one of the pillars of crypto. This week, transparency proved to be unfortunate for the Curve founder. Everyone could see the assets he owned and how close he was to the liquidation level. Even if things got better, his biggest position on Aave, where he borrowed $70M, is still on thin ice. If the price dips by just -35% touching $0.37, that's t-e-r-r-i-b-l-e news for DeFi.
The trouble lies in the fact that the CRV collateral backing his loan is massive and there isn’t even half of the buy-side liquidity needed for absorbing it. A liquidation and its following market sell order would lead to CRV prices plummeting to zero, causing bad debt across lending protocols such as Aave, Frax, and Abracadabra.
Though Aave might withstand this storm thanks to its Safety Module with 30% of $293.56M to cover up for a deficit, other protocols might be in serious danger.
So, here's your DeFi edge: understanding the potentially catastrophic consequences is vital in this sector. Being aware of the risks helps us navigate the world of DeFi more wisely, hedge and position ourselves correctly.
Fundamentals outcompete price on THORChain — link
Arbitrage strategies in crypto explained in simple terms — link
How to build a truly censorship-resistant stablecoin — link
If you found this Leaks edition valuable, why not share it with a friend?
Forward this email—it's the best gift you can give us!
Thank you for reading and see you next week!
Disclosure: Authors may own crypto assets named in this newsletter. Stay on-chain is meant for informational and educational purposes only. It is not meant to serve as investment advice. Please consult your investment, tax, or legal advisor before making investment decisions.