A "smart" trader made a huge net profit of $ 350,000 through various protocols in the field of decentralized finance (DeFi).
A clever set of instructions-all executed in a large transaction-enables some to take advantage of the current weaknesses of the DeFi ecosystem. By using some decentralized financial instruments and a small amount of price manipulation, they can obtain a large amount of Ethereum.
- Analysis: Can DeFi survive after leaving Ethereum?
- Ethereum's smart contracts exceed 200,000, ranking the dominant position in the Defi ecosystem
- Data | DeFi Transaction Cannibalizes Ethereum Block Capacity
- Take stock of the four "DeFi" projects on Ethereum
- Ethereum is blocked and falling, and DeFi does not work at all.
- ETHDenver, the largest Ethereum hacker in the U.S .: What are the continuous new projects for DeFi?
Julien Bouteloup, founder of DeFi investment company Stake Capital, illustrates how complicated this multi-level transaction is. He roughly described what happened.
He pointed out that the lightning loan of 10,000 Ethereum may be the problem. Half of the funds went to Compound, a lending platform for wrapped BTC (Bitcoin on Ethereum). What remains is the short collateral-the price is expected to fall-that is, the transaction of wBTC on the margin trading platform Fulcrum. The account then sold wBTC to the decentralized exchange Uniswap. The price went down, so the hacker cashed out the profit and repaid the original loan.
However, this hacker told people how various DeFi tools can be used together to obtain unethical profits, and he or she also emphasized the degree of centralization of these DeFi tools.
Fulcrum uses "Manage Keys"
Yesterday, bZx, which maintains the Fulcrum protocol, released an update. The company claims that there is no loss to users on its platform.
"Users lost zero money. Attacks against our agreement saw a lot of reports last night. From the agreement point of view, someone just borrowed a sum of money. From the lender's point of view, this loan and other loans same."
The platform also said that the attacker left $ 600,000 wBTC on the exchange. They plan to distribute the money to other users of the exchange.
To do this, however, the platform needs to use its "management key."
"At present, the attackers have left 600,000 wBTC collateral. We will use these funds to provide interest and liquidity to existing iETH holders. This will be done through our management key. This is a very big deal for us We cannot take a difficult decision lightly. "
In essence, this management key is difficult to embed in the protocol, which allows bZx to control any smart contract as a last resort (the funds are in the smart contract). The purpose of managing keys is for certain situations, where the system has a problem, and at the same time contains a lot of funds.
However, the management key proves the existence of a central point of failure, and users must trust the team behind the transaction and believe that they will not steal everyone's money. Considering that the goal of DeFi is to eliminate this trust, this seems to be a considerable weakness.
It is not surprising that the DeFi protocol wants a security mechanism. Ethereum's largest experimental project-The DAO-which once held 14% of Ethereum-failed due to code errors. As a result, the entire Ethereum blockchain was rewritten so that everyone can get their money back. But the move disrupted the network and attracted a lot of criticism.
This time, Fulcrum will use its management key to save time, but this move completely exposes its centralized nature, and it generates more questions than answers.