Decentralized finance (DeFi) is reeling from a recent spate of attacks on several key platforms on Sunday.
Some $70 million was stolen in total this weekend, including from Curve Finance, one of the most-used and influential decentralized exchanges, MetaMask developer Taylor Monahan estimated. Lending protocol Alchemix, yield platform Pendle and synthetic asset tool Metronome were all also hit, along with the decentralized NFT protocol JPEG.
In response, DeFi lenders began pulling funds out of other DeFi platforms including Aave, spiking borrowing fees across the specialized financial subsector, The Defiant reported.
This is an excerpt from The Node newsletter, a daily roundup of the most pivotal crypto news on CoinDesk and beyond. You can subscribe to get the full newsletter here.
Things undoubtedly could have been worse. In a something of a twist, white-hat hackers were able to remove assets from a few lending pools on Curve to prevent their theft. Moreover, three out of the five total malicious attacks were apparently “front run” by MEV (maximal extractable value) experts. MEV is a controversial, but unstoppable aspect of how public blockchains work, which allows third-parties and automated machines to search out and reorder unfinalized transactions waiting in the mempool for profit.
Coffeebabe.eth is responsible for reversing at least two of the malicious attacks by frontrunning the transactions, which may have been committed by multiple unconnected hackers. Chainlink, the on-chain data provider (aka “oracle” system), is also receiving some praise for preventing sector-wide collateral damage in the attack – but seemingly in a roundabout way. Had platforms like Aave or other DeFi lending protocols used the (now drained) CRV/ETH Curve pool as an on-chain oracle, they would have gotten completely rekt with bad debt,” LINK Marine ChainlinkGod tweeted. True enough, but maybe a tautology.
The nature of the attacks is apparently rooted in vulnerabilities found in a programming language called Vyper used specifically to launch smart contracts on Ethereum. The programming language’s core team – which was backed by the Curve team – announced that older versions of Vyper were vulnerable to “reentrancy” attacks. It could take days, weeks or months to truly understand what…
Click Here to Read the Full Original Article at Cryptocurrencies Feed…