"Crypto Rallies Despite Turmoil: Major Banks Sink in Bank Run, Algorand Issues Persist, and Euler Finance Hit by Largest DeFi Flash Loan of 2023"
?? Hey everyone! It's time for TrustWare's weekly ???? crypto cybersecurity news roundup! This has been a tumultuous rollercoaster ride of a week, extending into grave uncertainty around the traditional banking sector this weekend. This weeks carnage has abruptly sunk the three most prominent crypto friendly banks, Silvergate, SVB and Signature Bank. This shocking turn of events have few fiat on & off ramps left for US based crypto investors. Crypto markets rallied despite issues. We cover this and more this week.
A white hat hacker who exploited an error in the decentralized-finance (DeFi) platform Tender.fi’s pricing oracle to steal $1.6 million worth of cryptocurrency has returned the funds and accepted an $850,000 bug bounty. After Tender.fi upgraded its price feed to use Chainlink, the PeckShield-audited platform returned a number with too many zeros behind it, enabling the hacker to deposit one GMX token and borrow unlimited funds. Tender.fi has agreed to pay the bounty and will deploy a new oracle contract before resuming borrowing. The TND token dropped 34% following the hack but has since increased 2.4% against Ethereum.
“On chain sleuth” ZachXBT criticized Algorand for failing to acknowledge and act on an ongoing hack that has caused millions of dollars in losses to its users. The attack was reported by wallet providers MyAlgo on February 27, but Algorand has yet to take action in assisting affected users. ZachXBT suspected that hackers have taken over $9.2 million in Algorand’s tokens and USDC between February 19 and 21. Despite calls for action, wallet drains were still happening as of March 7. Algorand Foundation denied any protocol or software development kit vulnerabilities and distanced itself from MyAlgo, advising users to withdraw funds from the wallet provider and recommending PeraAlgo and Defly wallets. The Foundation’s CTO John Woods advised users to store funds on hardware wallets for better security.
Silvergate Capital, a major lender to the crypto industry, has announced it will wind down operations and liquidate its bank in light of recent industry and regulatory developments. The bank had served as one of the two main banks for crypto companies, along with Signature Bank. Deposits will be fully repaid, but the company did not specify how it plans to resolve claims against its business. Silvergate has just over $11 billion in assets, compared to over $114 billion at Signature. The liquidation comes less than a week after Silvergate discontinued its payments platform known as the Silvergate Exchange Network. The company had been struggling for months, laying off 40% of its workforce in January and reporting a nearly $1 billion net loss in the fourth quarter. Investment firms Citadel Securities and BlackRock recently took major stakes in Silvergate, buying up 5.5% and 7%, respectively.
Over the weekend, US regulators worked on a plan to restore confidence in the country’s banking system following the collapse of Silicon Valley Bank (SVB) and the near-collapse of Signature Bank. On Sunday, Treasury Secretary Janet Yellen, Federal Reserve Chair Jerome Powell, and Federal Deposit Insurance Corporation Chairman Martin J. Gruenberg issued a joint statement guaranteeing that SVB and Signature’s customers would have access to all their money starting Monday, including uninsured deposits. This move aimed to prevent bank runs and help companies that had deposited large sums with the banks to continue to operate. The Fed also announced a new program to prevent future collapses by offering banks loans for up to a year in exchange for Treasury bonds and mortgage-backed securities that have lost value. The plan does not put taxpayers at risk, but it does not protect shareholders or holders of unsecured corporate bonds. The announcement was welcomed by investors, and Dow futures were up nearly 300 points on Sunday evening.
Euler Finance, a decentralized finance (DeFi) lending protocol, has become the latest victim of a significant hack resulting in a loss of nearly $200 million. The exploit took place over four transactions, involving various cryptocurrencies such as dai (DAI), wrapped bitcoin (WBTC), staked ether (sETH), and USDC. The attack was carried out using a flash loan, which allowed the attacker to borrow millions of dollars without collateral. Flash loans are becoming a popular method for attackers to gain funds to conduct exploits on decentralized systems.
According to BlockSec, a smart contract auditor, the attacker used the flash loan to trick the protocol into falsely assuming it held a low amount of eToken, a collateral token issued by Euler. A separate dToken, or debt token, is also issued by Euler such that an on-chain liquidation is automatically triggered when the amount of dTokens exceeds the eTokens held on the platform. The attacker took out over $30 million worth of dai stablecoin using flash loans from DeFi protocols Balancer and Aave. Some $20 million of that was sent to Euler, on which the attacker received $19.5 million worth of eDAI. The attacker then borrowed ten times the deposited amount from Euler, receiving 195.6 million eDAI and 200 million dDAI. They repaid part of the initial debt using the remaining funds, tricking the protocol into falsely assuming it owed more to depositors than it held.
DeFi exploits are becoming a significant issue in the industry, where hackers make use of the open-source nature of a platform’s code to gain unauthorized access to its assets. In the past, several attacks have been carried out on various protocols, resulting in significant losses. The industry is continuously working to improve security measures to prevent such attacks, but as seen in this case, vulnerabilities still exist, and attackers are always finding new ways to exploit them.
领英推荐
If you liked this content please consider supporting us by:?
Signing up for our weekly newsletter below:
Following us on Twitter:
Connecting with us on LinkedIn
Signing up for our blog posts at Medium:?