View profile

BTC flash crash, bZx hack and DeFi watch

Revue
 
Check out past issues of the newsletter along with more interesting crypto content as well as short (
 

Satoshi&Co Daily Crypto Newsletter

February 21 · Issue #264 · View online
ZPX | Satoshi&Co Newsletters

Check out past issues of the newsletter along with more interesting crypto content as well as short (but great) conversations with leading crypto industry participants at our newly-launched website www.satoshiand.co

BTC Flash Crashes
Bitcoin volatility jumped to November 2019 highs amid a sudden price collapse during US trading hours on Wednesday. Amid the price decline, 10-day volatility surged to 65%, while the 30-day volatility in the highest since January 28 at 35.40%. Bitcoin dropped from around $10,160 to $9300 in a matter of 45 minutes before swiftly recovering to $9600. 
The fall in price was further exacerbated by the series of long liquidations triggered on crypto derivatives exchanges such as Bitmex and Deribit, leading to huge losses for traders. Whether these price crashes are a result of market manipulations by huge whales or as a result of poorly designed liquidation engines by derivatives exchanges is anybody’s guess. 
You can read more about our research on liquidations and how derivatives exchanges mitigate the risk of winners’ losing their profits here.
Source: Skew
Source: Skew
DeFi’s growing pains
Popular DeFi lending protocol bZx suffered two consecutive attacks that allowed traders to exploit a glitch in the design of flash loans and profit up to $1million in no time. 
What are flash loans and how do they work?
Flash loans allow you to borrow as much money as you want, provided you return it in the same transaction. If you don’t, then the transaction will fail to actually finish executing. See sample Solidity code snippet below for clarity.
Source: DeFi Weekly
Source: DeFi Weekly
The combination of access to unlimited capital (although for a short duration) and low liquidity on decentralized exchanges allowed traders to artificially suppress the prices of assets and subsequently make profits.
  • The idea of borrowing unlimited ETH without collateral might raise some eyebrows, but the code-level constraint that the loan should be paid off in the same transaction serves as an important check. It deems the original loan transaction as void if not paid back in the same transaction
  • The combination of access to unlimited capital (although for a short duration) and low liquidity on decentralized exchanges allowed traders to artificially suppress the prices of assets and subsequently make profits
@Kerman Kohli of DeFi weekly has clearly explained each and every step of this fascinating hack trade. 
Source: DeFi Weekly
Source: DeFi Weekly
  • Our fictional character in the above graphic, Mallet, goes to dYdX to acquire 10,000 ETH with no collateral. The only guarantee is the fact the loan has to be repaid by the end of the transaction
  • Next, Mallet goes to Compound (another lending/borrowing protocol) and borrows 112 wBTC (a form of BTC on Ethereum).
  • His next action is to open a wBTC short position on bZx. This means he’s betting on the price of wBTC going down. An important step to note: bZx uses Kyber Network (an on-chain decentralised exchange) to get the price of wBTC
  • Mallet then sells his 112 wBTC acquired from Compound on Uniswap (another on-chain decentralised exchange)
  • Kyber uses Uniswap as a liquidity source if it doesn’t have any wBTC itself. This causes the price of wBTC on Kyber via Uniswap which actually tanks the price on bZx where the attacker opened a short position
  • Since the price of wBTC has “gone down” or been manipulated to drop, the attacker can successfully close his/her short position and profit a clean $350,000!
  • To make sure that all of these steps succeeds, he also pays back his 10,000 ETH loan he acquired at the start
At this point, you’d expect the bZx team to plug all the open gaps and fix the glitches, which they did. However, that was not enough as a second attack was launched just six hours after they restarted the application. The second attack was a different one from the first attack, but the traders exploited the same glitch that led to the attack in the first place. 
Source: DeFi Weekly
Source: DeFi Weekly
  1. Our fictional character, Chad, gets a 7,500 ETH flash loan. Once again with no collateral, just a few cents worth of Ether. The best bit is that the flash loan was from bZx since they decided to launch a new feature while releasing a critical patch in a short period of time (with no audits to vet their code)
  2. Chad decides for this first move he’s going to purchase $900,000 synthetic US Dollars (generated from the synthetic protocol Synthetix) from his ETH flash loan
  3. Using the sUSD purchased, he opened a long position using the sUSD as collateral. In simple english, he’s borrow plenty of ETH because he thinks the price will go up. The way he’s able to borrow this is by using the US Dollars as deposit
  4. Since bZx didn’t really think to remove Kyber as an oracle source, Chad decided that he’d make sure they did after his next moves.
  5. Kyber (the on-chain decentralised exchange) has two reserves it sells assets from, it’s native reserve and then Uniswap as a backup. What Chad did was slowly drain Kyber’s sUSD reserve by selling 20 ETH 18 times. This meant that the next sUSD purchase would have to come from Uniswap
  6. Here’s Chad’s masterpiece move: he buys 900 ETH worth of sUSD to drive up the price significantly (1 sUSD is now worth $2). This is because Uniswap didn’t have much sUSD to begin with and exponentially increases the price if someone buys majority the liquidity in the pool
  7. Going back to step 3, Chad’s collateral is now worth $1.8m by the nature of sUSD being priced $2 on Uniswap! As a result he’s able to p 6796 ETH from bZx since the protocol thinks that his deposit is worth more now
  8. Using the newly acquired 6796 ETH + his unused flash loan funds, he repays his 7,500 ETH flash loan and profits 2,400 ETH. His long position is left in debt with collateral the protocol actually doesn’t have. This is the loss that the lenders remaining in bZx have to take on
Clearly, it is early days here for DeFi, in spite of its abundant potential.
On to our Friday metrics…
Ethereum Locked in DeFi
MakerDAO still accounts for a lion’s share of ETH locked up in collateral, with more than 1.79 million of ETH locked up. Augur declined w/w by 2%. Maker showed a strong w/w growth of 7%.
Lightning Network Growth:
Capacity per channel was flat w/w. The total number of nodes increased by 1%, and the total number of channels was flat w/w.
(For reference, some previous articles on LN, here).
DEX Tracker:
Trading volumes on DEXs have increased on a w/w basis, with the average daily trading volume averaging 35k ETH for this week. IDEX remains the biggest DEX in terms of trading volume and DAI is the highest traded cryptocurrency on DEXs.
Source: dex.watch
Source: dex.watch
(For reference, some previous articles on DEXs, here and here).
Crypto Loans Tracker:
Compound Loans:
Total loans issued on Compound for the last week stands at approx. $3.5 million for the week, a steep decrease from $5.2 million in the previous week. WETH is the most borrowed cryptocurrency on Compound followed by DAI and BAT.
dYdX Loans:
Total loans issued on dYdX for the last week stands at approx. $9.4M for the week, a 70% increase from $14M last week. DAI is the most borrowed cryptocurrency on Compound followed by WETH and USDC.
MakerDAO Loans:
DAI loans issued on MakerDAO for this week stand at ~$14.1M, a 50% decrease from $4.2M last week. The total outstanding DAI debt currently stands at ~$86 million.
(For reference, some previous articles on MakerDao, here and here).
You can also check out last week’s Metrics Watch here.
Meanwhile in Crypto Wonderland....
“Voyager Acquires Circle’s Crypto Retail App”
Voyager has acquired the retail-focused Circle Invest app from Circle, the companies announced Wednesday. Voyager is in the process of converting accounts to its own platform, with the process expected to conclude by the end of March (though New York residents may be on a different timeline). Voyager is promising commission-free trading, on-chain access and lock-up free interest yield. Voyager also acquired a U.S. Financial Institute Regulatory Authority (FINRA) broker-dealer and listed a series of stablecoins as part of its expansion.
“Tether Partners With Chainalysis”
Chainalysis announced the news of the deployment in a press release issued on Wednesday. With the Chainalysis KYT tool, Tether hopes to gain full-cycle monitoring capability of its stablecoin tokens from the moment of issuance to the point of redemption. The KYT tool can also potentially provide data on the risk profile of USDT token holders. Thus, Tether will be able to monitor suspicious USDT movements across the different blockchain platforms that support the stablecoin. With transaction monitoring tools often comes the possibility of user-privacy violations. According to Ardoino, Tether’s drive to ensure robust AML compliance will not come at the expense of exposing vital user information.
“Bux Acquires Blockport”
Bux, the Amsterdam-based fintech that wants to make investing more accessible, has acquired the European “social” cryptocurrency investment platform Blockport. Terms of the deal remain undisclosed, although Bux says the move paves the way for the company to launch its own branded cryptocurrency investment app. Dubbed “BUX  Crypto,” it will be available in the nine countries in which Bux operates, and is planned to go live in Q1 this year. In addition, we are told the founders and core team members of Blockport will join Bux and “take ownership” of the Bux cryptocurrency offering.
“NBA Team Launches Blockchain-based App”
Many people think that cryptocurrencies only serve as an alternative payment option. While there are coins that fit this bill, there are other cryptocurrencies that can perform a host of other functions. The NBA can be considered an early adopter of crypto. In 2014, the Sacramento Kings became the first NBA franchise to accept bitcoin as payment for store products and season tickets. Four years later, the same team began mining Ethereum. Recently, Nets guard Spencer Dinwiddie tokenized his contract to get a lump sum payment and reward token holders. Now, the Kings are once again ahead of the curve in combating fake NBA merchandise.
Crypto Twitter Pick
Ryan Sean Adams - rsa.eth
9 teams racing to build the best rollup

We'll get

A DeFi rollup for all money protocols

A payments rollups for blazing fast DAI

All secured by Ethereum & scalable to 100s of TPS

"no sneaky research or usability challenges in sight" as a researcher put it

Rollups are ETH 1.5
What We Are Reading / Listening To
Overnight Performance of Top 10 Currencies
You are getting this newsletter because you or someone in your organization signed up for this. You can find more stuff to read at our news and research portal, our crypto index token and our upcoming relayer.
Brought to you by Satoshi&Co
Brought to you by Satoshi&Co
This newsletter does not constitute an offering of securities in any jurisdiction. The contents of this note should not be construed as investment advice or as a recommendation to purchase securities. This note is intended for the consumption of the recipient alone and not for public distribution. Please consult a certified financial advisor or other appropriate practitioner as may be appropriate as per your jurisdiction.
ZPX Copyright © 2019
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue
ZPX | 21-01, Clifford Center, Raffles Place, Singapore- 048621