Crypto Interest News #11

Welcome to the 11th issue of the EarnCryptoInterest.com newsletter!

We bring you the most interesting news in the crypto interest earning space. We also cover interesting DeFi topics.


How flash loans opened Pandora’s box

Three weeks ago, we wrote about how safe it is using DeFi. The bottom line was, that you should be cautious using DeFi in general. It seems, that we weren’t wrong.

On 14th of February an alarming attack on the crypto lending market bZx happened. The attacker payed only about $8 for gas and made about $320k profit. No own money was used.

The attacker took an ETH flash loan on dYdX (for free!), which doesn’t need any collateral. About the half of the lent ETH was moved to Compound where wBTC was borrowed. The other half was moved to bZx where ETH was shorted in favour of wBTC, 5 times leveraged. To get the needed wBTC, bZx swapped ETH to wBTC on Kyber (using Uniswap as reserve).

Due to the high ETH amount and the very thin wBTC market, the wBTC price on Kyber/Uniswap exploded. The attacker swapped now the wBTC, he borrowed on Compound, on Uniswap getting the very high price he pumped himself before. At the end he payed back his flash loan on dYdX. Under the bottom line he made a $320k profit.

But why was he able to make that profit?

Because he exploited a bZx bug, which caused, that the Kyber/Uniswap ETH/wBTC swap succeeded. This swap should have failed, as it lead to a heavy undercollateralized loan. Although bZx stated, that crypto funds are safe, this incident raises serious questions about the safety of DeFi in general.

There are several takeaways:

1. Flash loans opened Pandora’s box. Attackers can attack crypto lending markets without any skin in the game. This makes it very attractive for attackers to find and exploit bugs.

2. Margin trading multiplies the attacking power.

3. DEX volumes are still very low, so it’s easy to influence prices with pretty small amounts. Especially if cryptocurrencies with thin markets are used.

4. DeFi crypto lending markets are based on complex software which includes bugs. If more complex use cases like margin trading are implemented, likeliness for bugs rises. Additionally, many suppliers focus more on shipping, than on testing/quality insurance, which increases the likeliness for bugs even more.

For that reasons, we are pretty sure, that this is just the beginning of attacks. The second happened just some days later, again on bZx. But it will be only a matter of time, until other crypto lending markets will be successfully attacked too.

A simple solution could be, that all crypto lending markets, which offer flash loans, rise the fees to use them. That way the usage wouldn’t be any longer lucrative for attackers and removed their most powerful weapon.

Until then, it really seems to be a good idea to be cautious using DeFi.

https://medium.com/@peckshield/bzx-hack-full-disclosure-with-detailed-profit-analysis-e6b1fa9b18fc


New interest offers

Nexo/DAI
Nexo offered previously crypto interest on SAI and switched now to DAI. The rate is unchanged at 8%. This is currently the best non DeFi offer.

https://earncryptointerest.com/currencies/multi-collateral-dai-111.html

Crypto.com/ATOM
Crypto.com added now ATOM to their crypto interest program. The rates range from 2% - 8%. The rate depends on the lock up period and how many of the Crypto.com utility token MCO is staked.

https://earncryptointerest.com/currencies/cosmos-61.html


About EarnCryptoInterest.com

EarnCryptoInterest.com is the #1 source for the best crypto interest offers on the market. We list 165 interest rates for 78 cryptocurrencies from 16 sources and make them comparable.

Website | Twitter | RSS | Newsletter

Loading more posts…