The Breakdown - Is DeFi Too Dangerous?
Episode Date: July 31, 2023NLW explores the $47m hack that occurred over the weekend, and contextualizes it in the larger trends and patterns of DeFi exploits. Today's Episode Sponsored By: In Wolf's Clothing -- The first star...tup accelerator exclusively for Bitcoin and Lightning startups -- Applications for Cohort 3 open NOW -- https://wolfnyc.com/apply ** Enjoying this content? SUBSCRIBE to the Podcast: https://pod.link/1438693620 Watch on YouTube: https://www.youtube.com/nathanielwhittemorecrypto Subscribeto the newsletter: https://breakdown.beehiiv.com/ Join the discussion: https://discord.gg/VrKRrfKCz8 Follow on Twitter: NLW: https://twitter.com/nlw Breakdown: https://twitter.com/BreakdownNLW
Transcript
Discussion (0)
Welcome back to The Breakdown with me, NLW.
It's a daily podcast on macro, Bitcoin, and the big picture power shifts remaking our world.
What's going on, guys? It is Monday, July 31st, and today we are closing out the month with a defy exploit.
Before we get into that, however, if you are enjoying the breakdown, please go subscribe to it,
give it a rating, give it a review, or if you want to dive deeper into the conversation,
come join us on the Breakers Discord. You can find a link of the show notes or go to bit.
Ly slash breakdown pod.
All right, friends, today we are diving into the world of Defi.
Now, Defi is not necessarily something that we covered that much on this show.
That's not because I don't think it's interesting or important.
It kind of falls in one of those categories like so many things in the crypto space do
that are what we might call contenders for a big picture power shift
versus something that is very clearly a big picture power shift right now.
And what I mean by that is that decentralized finance, both in idea and in application,
could have massively disruptive potential for the financial system.
One of the things that was really interesting about the rise of defy in the wake of the 2017
ICO boom was that in many ways it represented a return to routes for Ethereum and smart
contracts more broadly.
A lot of the ICO excitement of 2017 had been the tokenized the world, used tokens as a way
to incentivize network participation kind of model, whereas D.
DeFi really got back to financial primitives and how composable financial applications could
layer on top of one another to do some really interesting things, or at least be one of the
most sophisticated casinos we've ever seen. Of course, which of those better explains DeFi
to you is kind of in the eye of the beholder? Now, of course, DeFi Summer in 2020 was really
the first gasp of the last bull market. And one of the things that was interesting is that for as
many hacks and exploits and generally crazy moments of volatility there was, any sort of losses
tended to be not that problematic because the barriers to entry were just so high for normal people
that those who were affected were pretty much people who knew exactly what they were getting into.
I always thought and said that this was exactly the type of sandbox that DeFi folks should want,
and I think that that was confirmed in 2022,
when for the first time the collapse of the Luna Terra ecosystem
showed what happened if defy losses were socialized among Normies.
In that circumstance, simply holding Luna was enough to expose people to a defy failure,
and obviously the consequences were devastating.
Now, of course, subsequent to that, there have been lots and lots of interesting trends in the
space.
Defy on Bitcoin has been a growing topic of discourse.
And when it comes to the regulatory sphere, it kind of sits as this thing that is just
hovering beyond the surface.
There are very clearly bigger issues to contend with first, but Defy lurks as a real
challenge for regulators right around the corner.
The EU's Mika, for example, explicitly didn't totally get into Defi, understanding that
it was going to take more dedicated effort, and in the U.S., a lot of the thornyer language around
different bills that have come up has to do with their implications for what some people in DFI
are doing. And of course, when it comes to DFI regulation, one of the big things that regulators
have their eye on are DFI hacks and exploits, and who's benefiting from them. A couple weeks ago,
Bill Hughes, a lawyer for consensus, wrote, crypto's biggest enemies right now, Gary Gensler and the Lazarus
group. Take away them both, and the regulatory environment in the U.S. is 180 degrees
different. Something to keep in mind is that it's most probable that Gensler is going to leave the
SEC before the Lazarus group stops pillaging defy. Lazarus is a much bigger challenge and a much
bigger threat to P-to-P being allowed by the U.S. Lazarus is, of course, the state-sponsored North
Korean hacking group. So today we're going to be covering a hack that has been highly discussed this
past weekend, and of course hacks have been present ever since the beginning of DFI. Early on, the
hacks were modest in scope, using flash loans to exploit poorly understood vulnerabilities.
and nascent protocols. However, as the Crypto Bull cycle hit its zenith, the hacks became more ambitious.
This culminated in the nomad and wormhole bridge hacks in early 2022, which caused almost a billion
dollars in losses and splash defy across the front pages. What's more, who was behind the hacks
also changed. Early on, solitary hackers figured out the vulnerabilities in new systems,
and demonstrated exploits on a smaller scale, often even returning funds and assisting to patch issues.
Later, however, the threat became more sophisticated state-sponsored hackers, with the biggest bad guy in
crypto being that North Korean actor Lazarus Group, which has been blamed for more than $2 billion
in hacks over the past three years.
Now, one warning before we get into to the hack that is the subject of today's conversation
is that with any fast-evolving situation like this, it frankly might be different by the time
you're hearing it.
So keep in mind that this is my understanding as of early Monday morning.
And secondly, the one other thing I want to do before we get into this weekend's exploit is
shout out this show's sponsor in Wolf's Clothing. You guys have heard me say it before, but Wolf NYC is
really just one of the most high value experiences that any Bitcoin or Lightning entrepreneur could take
on. It's an in-person accelerator program that comes with funding, mentorship, all the things that you
need to help your Bitcoin startup grow. They're accepting applications for their third cohort right now,
and you can find more and apply at WolfNYC.com. Thanks to InWolf's Clothing for supporting the
breakdown. And with that, let's get to this weekend's trouble.
On Sunday, multiple curve pools were exploited, resulting in more than 47 million in stolen funds.
Curve functions primarily as a liquidity balancing system for peg defy assets, including stable
coins and assorted protocol-specific wrapped ETH tokens.
The issue showed up across multiple pools for wrapped ETH variants and was quickly linked
to malfunctioning re-entrancy protection on older versions of the popular smart contract compiler,
Viper.
The attack appears to be over with all vulnerable liquidity pools drained, but there will likely
be lingering effects in defy lending protocols that use affected tokens as collateral. So what happened?
The vulnerability in the code allowed what's known as a re-entrancy attack. This is when a
smart contract can be accessed with reference to outside code. This allows an attacker to make
multiple withdrawal requests before the smart contract updates their balance. This re-entry to the
smart contract multiple times within the same command allows a liquidity pool to be drained entirely.
Essentially, an attacker deposits a small amount of ETH into a smart contract and then executes
repeated withdrawal requests before the smart contract can update. We've seen these sort of attacks
throughout the history of Ethereum, with the original 2016 Dowhack being a re-entrancy attack,
as was the more recent 2021 Cream Finance attack. However, one of the reasons this attack came from
left field is that Viper was intended to protect against this form of exploit. Viper is a popular
Python variant that can be used to write and deploy smart contracts. The code's compiler has built-in
re-entrancy protection, or so everyone thought. It turns out that reentrancy protection
worked properly for some smart contract designs, but failed for particular use cases. It appears
that this vulnerability was discovered and exploited as a zero-day attack. The exploit only
affected certain liquidity pools compiled using older iterations of Viper. Update notes don't acknowledge
this is a change in more recent versions which were unaffected by the attack, so it seems that
the team at Biper had fixed the bug inadvertently in later versions of the compiler.
Viper acknowledged the exploit as soon as they became aware and asked teams using the vulnerable
versions of the compiler to get in touch. Now, one of the wrinkles during the attack was the
live disclosure of the vulnerability. Defy attacks have become a growing point of interest for
crypto Twitter over the past few years, and one blockchain audit firm was accused of cloud
chasing by publishing the attack vector while the exploit was still ongoing. At the time, only the
smaller wrapped eth-pools had been exploited for around 22 million.
and the disclosure indicated that the much larger ETH curve pool was vulnerable to the same attack.
Now, following that disclosure, the call went out for White Hats to mount a rescue operation.
The White Hats were in a race to drain the remaining vulnerable pool ahead of attackers.
The details are still a little shaky, with no comprehensive postmortems published as we record,
but it seems that the group of white hats were unsuccessful at getting to the first pool,
losing the race by about 30 seconds.
21 million of tokens were emptied out of the ETH Curve Pool.
However, as the dust settled, it appeared that an MEV frontrunner named Coffee Babe was able to get
ahead of the attacker's transactions and drain the pool first.
Coffee Babe later refunded a significant portion of the drainage funds to deploy her addresses,
so it appears some of the damage has been mitigated.
Now, Curve for their part clarified the nature of the exploit, tweeting that, quote,
The dangerous combination was the affected Viper version and using Pure Eith,
later adding that Curve USD contracts and any pools with it are also not affected.
Now, of course, in the wake of attacks like this, there is always an attempt to find someone to blame.
Taking the Viper team at their word, it seems like no one knew the vulnerability existed.
Senior Dogo, a contributor at Viper, wrote a threat about the hack.
Doggo said, the worst thing about the curb hack is that this is not something a typical researcher
would have looked for.
They dug deep in our release history to find an exploitable issue for a large protocol with many
millions at stake.
This took a significant amount of time to identify.
I think it's on the order of weeks to months to find.
The execution was fairly coordinated, perhaps by a small group or team.
We might find more information soon, but I think it's reasonable to suspect that state-sponsored
hackers could be involved due to the resources invested.
Why is that concerning?
Well, it seems lately that hack amounts are getting smaller and smaller.
There's a few big-ticket hacks like there was during defy and NFT summers, with new
billion-dollar protocols launching seemingly out of nowhere every week.
The market has been contracting, which means opportunities for bugs is also contracting,
which means black hats are looking for fresh, untapped sources to explore.
I think that fresh, untapped source is now searching for compiler zero days.
That's terrifying for a number of reasons.
First, there's legitimately only two compilers with any sort of use.
Vipers' codebase is smaller and easier to read, with less changes to analyze over its history,
so maybe why it starts there.
But Viper is only a small portion of contracts in use.
Solidity is bigger, of course.
Second, compilers don't get reviewed or audited as much as you think.
Most compilers are making significant and frequent changes, and that makes it bad for auditing.
Even if there is a full code-based audit, it's out of date the more releases that are added
after that point.
There's not really a good reason to audit the compiler, since it makes more sense to audit
the final product that the end user produces with the tool, which is the raw EVM code.
Except most teams don't do formal verification, just testing and maybe fuzzing than an audit.
However, most auditors assume exactly that.
The code that the compiler produces is exactly the code that the project intends to use for the purpose of
Basically, assume the compiler is quote-unquote correct, and it's the user using the language
incorrectly if there's a problem.
All of this points towards the last issue.
There's an incentive problem.
No one is incentivized to look for critical exploits and compilers, especially versions
released in the past.
Only as far as it impacts end-user projects can you apply for bounties, but that's a lot of hoops.
So what about the fallout?
While the attack is over, the contagion event has only just begun.
A handful of smaller lending pools have already taken massive losses during liquidation
due to price volatility and curve markets in some forms of rap deeth.
One of the silver linings to come out of the attack was a few DeFi safety features kicked
in to prevent a catastrophic liquidation cascade.
Firstly, major protocols used Chainlink's pricing oracle, which excludes outlier pricing
and includes price data from centralized exchanges.
This means that their price feed maintained a more accurate market price to be used for liquidations
throughout the incident and didn't trigger a collapse.
At one point during the attack, curved tokens dropped to zero on some on-chain venues,
which could have been a trigger for complete liquidations if Chainlink wasn't in use.
Secondly, some lending protocols use progressive liquidation,
converting collateral into stable coins as the liquidation price approaches.
This has so far reduced the risk of hitting the magic number
which makes gigantic loan positions detonate into thin liquidity.
Unfortunately, multiple smaller defy lenders have experienced brutal liquidations
that will no doubt leave them with major impairments.
And even though there was no immediate liquidation death candle,
defy lenders are not out of the woods yet.
In the beginning of June, concerns grew about a massive loan taken by Curve founder Mikhail Egarov on AVE.
The loan was for around $60 million and was over-collateralized by around $180 million in Curve tokens at the time.
Overall, the collateral represented 34% of the circulating supply for Curve.
Gauntlet, a risk management firm, urged the Avey Dow to remove Curve as a valid collateral type,
warning that the protocol would not be able to liquidate Egarov's loan if it goes into default.
Now, the loan was under additional scrutiny, as Egarov had purchased two Australian mansions for a combined
$59 million in May. Some suggested that he had no intention of paying down the loan and was simply
using Ave as a way for exiting his position in curve without impacting liquidity. Since then,
Egerov has taken out an additional $20 million loan from Frax lend and smaller loans from other
defy lenders. Now, overnight, Egerov began to pay down his loan. His liquidation price is currently
estimated at around $0.42 per curve, a 35% drop from where the token stabilized this morning.
Now, the other major overhang to watch out for is that the hacker hasn't disposed of any of
their 32 million stolen curve tokens yet. Liquidity looks thin across the board, and it's not clear
how these funds could get converted without massively impacting price. Even if they managed to
sell the curve somewhere, exchanges have recently become much faster to blacklist hackers to prevent
them from cashing out there, so there might not be a safe off-ramp remaining. Dumping the tokens now would
be a desperate move, but we've seen similar actions out of hackers in the past. And of course,
where this really leaves things is a question. Is Defi just too dangerous? Zero X Charlemagne says,
Because Curvehacks are really great at showing how systemic the risk is across Defi. Until it is fixed,
it really can't scale past what we have now. Investor Adam Cochran wrote,
If you want permissionless finance, it needs to be robust. If someone can F it up, they will
F it up. Your only job is to make protocols that are F-proof. In other words, we can't blame users
for taking out big loans against collateral you allowed. Put caps, put lower safety parameters,
have time-based withdrawals. Protocols manage risk. Users exploit risk. Ari Paul from Block Tower
wrote, on Curve, just another data point that so far we've only built early stage experiments.
That's not a criticism of anything, other than people mismarketing this stuff.
These are complex undertakings with dozens of critical dependencies, still Blue Ocean for
creators. If you view anything in crypto as mature, that's depressing, because that suggests
meaningful additional adoption may be difficult. If you understand that we still have huge
and simple gaps to close to make this stuff useful to the world, that's bullish and
optimistic. Since it suggests with more years of engineering on a solution, we can build
things 10x to 100x better that can be really disruptive. Defi is a brilliant early stage experiment,
but even the basic blue chips or risky experiments. And everything else is best thought of as basically
a Hail Mary with 25% plus annual failure risk, e.g. all bridges. I think Defi will eventually
follow a similar path to most high-stakes low-tolerance engineering infrastructure, solely establishing
proven building blocks. Painfully slow and expensive, but you can move fast and break things
for casinos and entertainment, not for financial infrastructure where a bug in any of a dozen,
dozen dependencies means loss of someone's life savings." End quote. Now, of course, one of the big
reasons that this defy hack hits a little different is that the threat of regulation is arriving
fast. Last week, we saw Senators Lummis and Gillibrand co-sponsor a crypto anti-money laundering
provision in the National Defense Authorization Act, asking regulators to begin looking how to enforce
compliance across the crypto industry. And on Friday, it was announced that Elizabeth Warren's
anti-money laundering bill had been given new life with a slate of very credible supporters.
The bill would require wallet providers, miners, and validators to collect customer data under
similar KYC requirements applied the banks.
Many have called the bill unworkable for D5 protocols as they currently exist.
The bill already had Roger Marshall as a sponsor and has been reintroduced with Lindsay Graham
and Joe Manchin coming on board as bipartisan co-sponsors.
The banking lobby is also now throwing its weight behind this bill.
And while Elizabeth Warren herself has a fairly poor track record of actually passing the
bills she proposes, the other supporters of this one have a higher credibility in D.C.
And that's really what's at stake now for the defy community.
Each of these senators will have seen a new eight-figure defy hack plastered all over the financial
press this morning.
In many cases, even if there is no news that the Lazarus Group or some other nefarious
actor was behind it, many will leap to that conclusion and decide that something must be
done.
And so, guys, those are the stakes of where things stand right now, at least as far as I see
them.
Hopefully this gave you a better sense not only of what happened this weekend, but also
the context that it operates within.
For now, I want to say thanks one more time to my sponsor.
sponsor in Wolfs Clothing, Wolf-NyC.com to apply to their next cohort. And until next time,
be safe and take care of each other. Peace.