$106,268.00
0.95%$2,451.98
1.90%$2.19
1.72%$643.97
0.54%$146.13
1.32%$0.999926
0.00%$0.273607
0.11%$0.165698
1.18%$2,452.61
2.02%$0.588591
1.13%$106,200.00
0.87%$37.53
-1.05%$2,960.42
2.13%$2.80
-0.30%$13.41
4.33%$455.26
-1.54%$9.00
-1.45%$0.249017
1.39%$18.28
1.19%$1.00
0.01%$2.90
-0.36%$48.12
0.46%$0.00001172
0.82%$0.154326
1.02%$2,454.91
2.02%$84.81
-0.33%$2,620.13
1.92%$0.99985
-0.17%$314.74
0.93%$1.001
0.02%$3.44
0.68%$4.31
2.64%$106,365.00
0.99%$7.08
4.38%$0.00001006
1.39%$0.543963
1.52%$265.21
3.81%$1.18
0.02%$4.92
13.81%$345.00
-1.15%$50.51
-3.11%$1.00
0.00%$2.19
2.98%$4.97
0.48%$0.084437
-0.31%$177.10
1.39%$1.057
0.02%$16.44
-0.03%$0.784442
3.84%$28.66
4.71%$0.999214
-0.17%$0.614236
1.67%$16.37
-2.15%$0.07403
0.75%$4.43
-0.14%$0.02160727
0.28%$4.07
0.12%$9.28
0.75%$0.08357
-0.15%$0.676769
-1.95%$106,069.00
0.35%$0.303856
22.77%$3.22
0.40%$0.18458
1.89%$0.269314
0.39%$0.182869
1.61%$0.315585
4.55%$2.30
2.08%$0.930338
0.57%$0.99905
0.32%$4.41
0.85%$2,451.98
1.83%$0.999741
-0.06%$100.13
1.91%$11.02
-0.31%$154.37
0.83%$1.001
0.13%$0.212817
1.87%$1.34
11.26%$0.419392
3.88%$1.21
1.53%$0.01738661
1.44%$2,793.96
1.96%$1.67
5.51%$2,567.55
1.91%$11.57
5.62%$0.352352
10.42%$0.00001418
0.54%$1.61
-5.11%$0.677607
7.37%$1.032
-0.03%$1.00
-0.02%$0.999645
-0.12%$0.555716
1.64%$0.059541
1.44%$0.999629
-0.02%$2,630.29
2.10%$2,572.72
1.91%$106,046.00
0.84%$1.11
0.04%$3,348.54
-0.57%$643.68
0.36%$2.98
-7.52%$0.868311
3.74%$106,340.00
1.12%$0.084276
3.31%$2,581.12
2.19%$106,827.00
0.59%$3,329.10
-0.69%$0.510064
-0.48%$0.425634
1.62%$0.576957
0.04%$163.42
1.28%$0.861812
2.83%$2.11
-0.95%$190.60
1.56%$0.00007422
1.99%$111.55
0.01%$2.21
1.23%$0.691594
3.00%$2,650.60
2.03%$42.86
3.31%$0.998721
-0.04%$0.01365929
5.63%$0.01014863
0.02%$0.721449
1.96%$0.0142476
1.86%$1.092
0.21%$0.01009845
1.62%$19.00
1.52%$0.163103
0.85%$0.25655
0.18%$30.77
-0.63%$0.565125
15.21%$0.229238
-2.04%$0.00000061
0.85%$105,568.00
0.89%$0.997788
-0.01%$1.96
-1.32%$106,309.00
0.94%$3.55
-0.96%$0.420526
-1.43%$0.537662
0.60%$37.57
0.23%$106,396.00
1.28%$0.096822
1.47%$2.07
1.04%$2,455.61
2.15%$2,454.89
2.10%$0.533621
1.99%$0.330726
-0.22%$2,622.14
1.88%$2,560.14
1.81%$0.261855
-0.31%$0.628841
2.48%$0.01471986
2.26%$0.999779
0.23%$8.62
7.93%$1.38
1.34%$2,454.69
2.04%$0.999819
-0.03%$0.414229
-2.37%$0.999972
0.00%$1.40
3.32%$46.49
-3.12%$37.61
0.46%$1.00
0.06%$2.32
-1.33%$0.059553
-2.85%$0.165523
1.22%$0.04241662
-1.80%$0.417479
2.23%$1.091
0.01%$0.155995
-8.10%$0.994839
0.09%$0.00000041
1.01%$1.00
-0.05%$5.65
1.51%$0.332579
4.07%$0.00675785
3.09%$13.79
2.60%$1.002
0.28%$0.116485
1.49%$2,439.49
1.71%$0.00422459
-0.74%$0.00001916
1.89%$2,627.69
2.86%$0.00380336
18.66%$0.501745
2.87%$2.29
1.33%$0.072349
3.98%$0.980848
0.99%$0.510025
-0.69%$0.00000093
1.47%$1.16
0.67%$0.356364
2.58%$1.46
1.23%$0.352258
-0.82%$0.00404492
-2.83%$0.0352353
0.44%$1.21
0.53%$0.03576324
1.73%$2,706.68
2.21%$0.16371
-1.73%$0.135052
-2.10%$5.07
-3.44%$106,168.00
1.01%$105,685.00
0.51%$2,684.76
2.06%$19.82
0.93%$1.00
0.00%$0.01670197
-0.36%$159.06
1.37%$2,454.92
2.08%$0.999366
-0.01%$0.99967
-0.12%$0.00005597
0.88%$0.760101
3.61%$1.00
0.03%$1.11
1.84%$0.03045545
-3.56%$0.04624145
3.02%$2,451.32
1.99%$9.99
-0.65%$0.450294
1.34%$0.063023
3.37%$0.702144
-1.39%$110.24
0.62%$0.00345189
2.11%$0.295441
-1.46%$106,076.00
0.72%$18.28
1.05%$0.621134
6.09%$0.0053004
3.51%$0.611073
1.88%$1.003
0.23%$1.67
-1.06%$0.184491
1.81%$1.20
0.19%$2,136.50
1.02%$1.017
0.04%$101,397.00
-1.72%$0.00000128
-5.77%$103,702.00
0.47%$6.14
1.40%$0.182834
0.57%$0.00367864
1.18%$20.16
1.79%Reading
A potential exploit in the decentralized financedecentralized finance (DeFi) ecosystem has been exposed and it won’t be fixed until noon on Friday. The reveal comes just days after two exploits used DeFi tools to take home $1 million.
Dominik Harz, a PhD candidate at Imperial College London, has posted a Medium post detailing the potential weakness. It’s focused on the concept of flash loans and the stablecoin Dai. While he has notified Maker—which runs Dai—the issue won’t go up for a vote until tomorrow. And in the meantime, $700 million is at risk.
A trader has again exploited a number of decentralized finance (DeFi) tools, to take home a large amount of Ethereum (ETH). After netting $350,000 on Valentine’s Day, he or she has now taken a further $645,000—a total just shy of a million dollars. The theft happened in the same way. A clever set of instructions—all executed in one big transaction—enabled the trader to leverage current weaknesses in the DeFi ecosystem for their own gain. By using several decentralized financial tools, and a smal...
“That attacker would be able to steal $700m worth of ETH collateral and be able to print new Dai at will,” Harz wrote. “This attack would spread throughout the whole DeFi space as Dai is used as backing collateral in other protocols.”
A flash loan is a new—and risky—concept in DeFi. It’s essentially the act of lending out money, without asking for anything held as collateral in case the loan is defaulted upon. The only reason that they exist is that the loan gets paid back, in the same transaction. This is possible because on Ethereum—the blockchain platform in question—transactions can be made up of multiple components.
Can an attacker use flash loans to attack @MakerDAO? Find out!
We quantify the required MKR and show that an attacker can increase his chances by:
- combining loans from @dydxprotocol and @AaveAave to increase liquidity
- oracle tampering on DEXshttps://t.co/CxzpUnUPCy— Dominik Harz (@dominik0_) February 20, 2020
So, in the case of the first DeFi exploit the other day, the trader made one big transaction that triggered a bunch of actions across various DeFi protocols. Within the transaction, they made a flash loan, used the money for nefarious goals, profited $350 million, and returned the loan. The lender is safe because they know that—due to the power of the blockchain—if the money doesn’t come back, the transaction is (kind of) reversed so it never happened in the first place. Either way, they keep their money.
Now, here’s how Harz argues that flash loans could be used to exploit Maker.
MakerDAO is a decentralized governance system that runs the Dai stablecoin. Holders of the governance token MKR vote on how Dai should be programmed. But it’s possible to exploit the governance system.
“The basic idea is to accumulate enough MKR tokens to replace the existing governance contract with the attacker’s, malicious, governance contract,” Harz said. “The malicious governance contract is then able to give the attacker full control over the system and withdraw any collateral in the system as well as create arbitrary amounts of new Dai.”
However, when this attack vector was suggested before, the idea was to crowdfund the MKR tokens needed to carry it out. And that’s where flash loans come in. They make it much easier for an attacker to build up a large supply of MKR tokens—and use them to take over the system.
Not only can they use a flash loan to buy a large amount of MKR, but they can also use flash loans to manipulate the price of MKR—in the same way as the recent DeFi attacks. With a cheaper MKR price, it becomes much easier to snap up more coins.
Harz said that this strategy could be used in combination with a crowdsourcing strategy for maximum effect at a low cost. Maker is set to vote on a solution to stop flash loans from affecting the governance mechanism tomorrow—but the clock is ticking.
Major Ethereum validators controlling a significant share of the network's stake have begun testing OptimumP2P, a high-performance memory layer that could help address some of the network's limitations through its networking stack. Kiln, P2P.org, Everstake, Blockdaemon, Infstones, Luganodes, and Ebunker are participating in the testnet for OptimumP2P, which has introduced a novel application of MIT-developed tech for Ethereum. "The networking layer relies largely on traditional gossip approaches...
While President Donald Trump has heralded the weekend strike on three Iranian nuclear sites as a success, verifying the destruction of uranium stockpiles in Iran is a challenge for U.S. and international intelligence agencies. The International Atomic Energy Agency has not been able to inspect the damage to the U.S. military’s main target, the Fordow uranium enrichment facility, which is built deep inside a mountain in central Iran, and thus cannot independently verify Trump’s claim that the sit...
North Korean hackers are luring crypto professionals into elaborate fake job interviews designed to steal their data and deploy sophisticated malware on their devices. A new Python-based remote access trojan called "PylangGhost," links malware to a North Korean-affiliated hacking collective called "Famous Chollima," also known as "Wagemole,” threat intelligence research firm Cisco Talos reported on Wednesday. "Based on the advertised positions, it is clear that the Famous Chollima is broadly tar...
