Browsing Tag: arbitrage attacks


    After the black swan, the DeFi data mutation!

    July 5, 2020

    On February 6, 2020, the total value of ETH and ERC-20 tokens locked in Ethereum’s DeFi ecosystem exceeded US $1 billion. After a series of high-level “smash” incidents, a series of “black swan” events coincide.

    bZx attack event

    In mid February 2020, two arbitrage “attacks” occurred in bZx protocol. After the event data statistics show that the two attacks before and after bZx protocol caused the total loss of 3649 ETH. Because Uniswap uses algorithmic price, the price is easy to change dramatically when the transaction depth is limited; arbitrage “attacker” just takes advantage of the algorithm price defect of Uniswap to manipulate the transaction price of some assets maliciously, which causes the users of the related DeFi protocol who introduce the Uniswap data as the Oracle price to suffer huge asset losses.

    ETH Locked in DeFi
    total value locked in DeFi

    After the bZx incident, from February 18 to February 19, the ETH lock up amount of Ethereum head DeFi protocol decreased by about 175000, about 5.8%; while the lock up amount of USD stable currency assets did not change significantly.

    The bZx protocol attack event led to a significant decrease in the number of ETH lockups, which indicates that a large number of DeFi users have doubts about the security of the DeFi protocol. At the same time, the bZx incident triggered a collective discussion on the issues related to the oracle and the flasloan in the industry.

    The encryption market plummeted on March 12

    At the end of the first quarter of 2020, the new crown epidemic is spreading rapidly around the world, which has a serious impact on almost all walks of life. The US stock market has experienced several historic fusions, and the crypto investment market is no exception. On March 12 (later known as “Black Thursday”), the U.S. stock market collapsed, and BTC, ETH and other mainstream encryption assets fell sharply by nearly 40% in a single day. According to the data, during the period from March 12 to March 13, all kinds of trading activities on Ethereum network increased significantly, resulting in serious network congestion for a long time, and many of the DeFi protocols had the highest active period in history.

    The market crash on March 12 affected almost all types of investment assets, including cryptocurrency, except for the stock market. Although the relationship between crypto investment market and traditional financial market does not always exist, the one-day crash and stock market crash are almost caused by the same reasons: the global panic and liquidity crisis caused by the new crown epidemic.

    Enlightenment from the collapse of encryption market on March 12: what is missing in DeFi?

    ETH locked in DeFi 2

    Based on the analysis of the data of online DeFi, we found that there was a large fluctuation in the amount of ETH lock positions from March 7 to 18

    3.07-3.10: ETH lock up volume increased from 2.893m to 3.03M, up 4.7%

    3.10 ~ 3.12: ETH lock up volume began to decline sharply, from 3.03M to 2.928 m, a decrease of 3.4%

    3.12-3.13: ETH lock up volume began to increase again, from 2.928m to 3.037m, up 3.7%

    3.13-3.18: ETH lock up volume began to decline all the way from 3.037m to 2.792m, a decrease of 8%

    This kind of volatility is the true reflection of Ethereum DeFi ecology in the case of a large drop in the price of ETH: at the beginning, the price of ETH fell slightly, the bondholders continued to make up their positions, and the amount of ETH locked positions increased; however, after the great fall of ETH price, some creditors did not have time to make up their positions, or gave up covering positions At the same time, there are also some debt holders who actively redeem the mortgage assets to avoid closing positions, which also makes ETH lock position decrease.

    From the above data performance, the instantaneous negative impact of 312 crash event on ETH lock up is less than the previous bZx attack event; however, as the price of ETH continues to fall, the impact of the event on the lock up of DeFi ecological ETH is growing: in the week after March 12, ETH lock up volume decreased by 12.2%.

    total value locked in DeFi 2

    On the other hand, on the day of 312 sharp fall, the scale of USD stable currency assets locked in DeFi declined significantly, from 893.43m on March 12 to 559.211m on March 13, and the 24-hour stable currency lock position decreased by more than 37%, which is also related to the “liquidity crisis” in the encryption market proposed by later industries.

    ERC777 protocol reentry attack

    On the morning of April 18, 2020, the Uniswap protocol was successfully attacked by hackers using the re-entry vulnerability. The hacker carried out this reentry attack through the compatibility defects of Uniswap and ERC777 standards, which exhausted about 1278 ETH assets in the Uniswap ETH-imBTC pool.

    What’s worse, just 24 hours later, at 08:45 a.m. on April 19, another DeFi protocol, dForce, was attacked by hackers in a similar way. In the dForce attack, hackers successfully borrowed a variety of encryption assets from dForce platform by using inflated imBTC as collateral, resulting in heavy losses to dForce platform users, with a total amount of up to 25 million US dollars. (Note: the stolen funds were recovered successfully under the coordination of various efforts)

    total value locked in DeFi 3
    ETH locked in DeFi 3
    total value locked in DeFi 4

    After the incident, the encryption funds of dForce lock warehouse dropped to nearly 0, and the head of the difi users suffered a serious impact, which greatly damaged the vitality of the whole industry. However, this re-entry attack is not a major technical vulnerability with high complexity, but a low-level development vulnerability, which does not have more impact on other Ethereum DeFi protocols. Therefore, from the data performance point of view, after the attack event, the lock up amount of ETH and USD stable currency assets of DeFi ecology did not fluctuate significantly.


    However, on the 19th, there was a huge increase in the related transactions of USD stable currency assets on Compund; in addition, the trading volume of USD stable currency on Kyber and IDEX also increased. Some of these data changes are closely related to the operation after hackers steal dForce assets.

    The incident of this reentry attack has triggered collective speculation in the DeFi industry, which is of great significance to the development of the entire DeFi industry. It makes more and more DFI developers begin to reexamine security issues, decentralization principles, rights and responsibilities involved, and even so-called moral issues.

    The above is about some accidents and data in the DeFi ecology since 2020.

    DeFi has just started, and it will be more wonderful next time. Let’s look forward to it!