1. Home
  2. Lending


Euler Finance exploiter returns another $37.1M worth of ETH and DAI

The exploiter originally drained $195 million worth of ETH and tokens from the protocol but has now returned around $138 million.

The architect of the March 13 Euler Finance exploit returned an additional $26.5 million worth of Ether (ETH) to the Euler Finance deployer account on March 27, on-chain data shows.

At 6:21 pm UTC, an address associated with the attacker sent 7,738.05 ETH (worth approximately $13.2 million at the time it was confirmed) to the Euler deployer account. In the same block, another address associated with the attacker sent an identical amount to the same deployer account, for a total of 15,476.1 ETH (around $26.4 million) returned to the Euler team.

Then, at 6:40 pm UTC, the first wallet sent another transaction to the deployer account for $10.7 million worth of the Dai (DAI) stablecoin. This brings the total of all three transactions to approximately $37.1 million.

Both of these addresses have received funds from the account that Etherscan labels “Euler Finance Exploiter 2,” which seems to imply that they are under the control of the attacker.

These transactions follow a previous return of 58,000 ETH (worth over $101 million at the time) on March 25. In total, the attacker appears to have returned over $138 million worth of crypto assets since the exploit.

Ethereum-based crypto lending protocol Euler Finance was exploited on March 13, and over $195 million worth of ETH and tokens were drained from its smart contracts. Several protocols within the Ethereum ecosystem depended on Euler in one way or another, and at least 11 protocols have announced that they suffered indirect losses from the attack.

According to an analysis by Slowmist, the exploit occurred because of a faulty function that allowed the attacker to donate their lent Dai to a reserve fund. By making this donation, the attacker was able to push their own account into insolvency. A separate account was then used to liquidate the first account at a steep discount, allowing the attacker to profit from this discount.

After draining Dai through this first attack, the attacker then repeated it for multiple tokens, removing over $196 million from the protocol.

Funds stolen from Euler Finance. Source: BlockSec

Circle announces USDC launch for Cosmos via Noble network

Experts Predict More Bank Failures in the US Following Interest Rate Hike and Unsettled Banking Crisis

Experts Predict More Bank Failures in the US Following Interest Rate Hike and Unsettled Banking CrisisAfter the recent bank collapses in the U.S., a number of people believe that more failures are coming following the Federal Reserve’s increase of the benchmark interest rate by 25 basis points (bps). American journalist Charles Gasparino insists that Wall Street’s “low-rate” junkies are ignoring the U.S. banking crisis. Quill Intelligence CEO Danielle DiMartino Booth […]

Circle announces USDC launch for Cosmos via Noble network

Euler Finance blocks vulnerable module, working on recovering funds

Euler is working with law enforcement agencies and blockchain security firms to contact the exploiter and recover the funds.

Decentralized finance (DeFi) lending protocol Euler Finance became a victim of a flash loan attack on March 13, resulting in the biggest hack of crypto in 2023 so far. The lending protocol lost nearly $197 million in the attack and impacted more than 11 other DeFi protocols as well.

On March 14, Euler came out with an update on the situation and notified its users that they had disabled the vulnerable etoken module to block deposits and the vulnerable donation function.

The firm said that they work with various security groups to perform audits of its protocol, and the vulnerable code was reviewed and approved during an outside audit. The vulnerability was not discovered as part of the audit.

The vulnerability remained on-chain for eight months until it was exploited, despite a $1 million bug bounty in place.

Sherlock, an audit group that has worked with Euler Finance in the past, verified the root cause of the exploit and helped Euler submit a claim. The audit protocol later voted on the claim for $4.5 million, which passed, and later executed a $3.3 million payout on March 14.

In its analysis report, the audit group noted a significant factor for the exploit: a missing health check in “donateToReserves,” a new function added in EIP-14. However, the protocol stressed that the attack was still technically possible even before EIP-14.

Related: More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm

Sherlock noted that the Euler audit by WatchPug in July 2022 missed the critical vulnerability that eventually led to the exploit in March 2023.

Euler has also reached out to leading on-chain analytic and blockchain security firms, such as TRM Labs, Chainalysis and the broader ETH security community, in a bid to help them with the investigation and recover the funds.

Euler notified that they are also trying to contact those responsible for the attack in order to learn more about the issue and possibly negotiate a bounty to recover the stolen funds.

Circle announces USDC launch for Cosmos via Noble network

SEC of Thailand wants public feedback on crypto lending, staking ban

Thailand's securities regulator believes that crypto firms should not be allowed to deploy users’ deposits and provide lending services.

Thailand's Securities and Exchange Commission (SEC) is preparing to hold a new public hearing on a potential ban on staking and lending services in the country.

Thailand’s SEC officially announced on March 8 that the authority is seeking public comments on a draft regulation prohibiting virtual asset service providers (VASPs) from providing or getting involved in any type of crypto staking and lending transactions.

According to the SEC’s policy, VASPs should not be allowed to deploy users’ deposits and provide lending services in order to prevent possible damage to investors in a possible event of services’ termination. Additionally, the draft regulation is expected to further clarify the scope of supervision of digital asset businesses because they are currently not fully supervised, the SEC stated, adding:

“The proposed regulation aims to provide greater protection to investors, reduce associated risks, and prevent a misunderstanding that deposit taking and lending services are under the same supervision as regulated digital asset businesses.”

In the announcement, the securities regulator mentioned that the SEC conducted a public hearing on the principle of the proposed regulation in September and October 2022. The draft regulation would essentially prohibit VASPs from operations like accepting user deposits for lending, staking and any further deployment of such assets, offering interest payouts on crypto holdings, as well as advertising any of such services.

The authority has invited stakeholders and interested parties to submit their feedback and suggestions via the SEC’s website or email by April 7, 2023.

Related: SEC snubbed as Voyager wins court approval for sale to Binance.US

The news comes amid the SEC of Thailand beefing up the country’s cryptocurrency rules in response to the ongoing crisis in the crypto lending industry.

A wide number of major industry lenders — including Voyager Digital, Celsius Network, Genesis Global, Babel Finance and Hodlnaut — have encountered serious liquidity issues amid the ongoing crypto bear market, pushing some firms to either restructure or liquidate their business. Gemini, a major crypto exchange founded by Tyler and Cameron Winklevoss, is facing a lawsuit from the United States’ SEC for alleged violations in its “Earn” program, designed to offer investors up to 8.05% in annual gains.

Circle announces USDC launch for Cosmos via Noble network

Crypto Sleuth Turns $71 Into $1,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform

Crypto Sleuth Turns  Into ,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform

A savvy crypto coder has transformed $71 into $1.59 million in an instant through a new Ethereum-Arbitrum lending platform. According to the on-chain analysis firm Looksonchain, an ethical white hat hacker discovered and leveraged a major vulnerability in the borrowing and lending protocol Tender.fi (TND). “Due to the misconfigured oracle of Tender.fi, a white hat […]

The post Crypto Sleuth Turns $71 Into $1,590,000 in an Instant on New Ethereum-Arbitrum DeFi Platform appeared first on The Daily Hodl.

Circle announces USDC launch for Cosmos via Noble network

DeFi lender Tender.fi suffers exploit, white hat hacker suspected

DeFi lending platform Tender.fi sees $1.59 million of assets drained by alleged white hat hacker taking advantage of a misconfigured oracle.

An alleged ethical hacker has drained $1.59 million from the decentralized finance (DeFi) lending platform Tender.fi, leading the service to halt borrowing while it attempts to recoup its assets.

Web3-focused smart contract auditor CertiK and blockchain analyst Lookonchain flagged an exploit that saw funds drained from the DeFi lending protocol on March 7. Tender.fi confirmed the incident on Twitter, citing ‘an unusual amount of borrows’ through the protocol:

The latest update from the platform claims that a white hat hacker has made contact, and discussions are underway to recoup assets taken during the exploit. White hat hackers are also known as ethical hackers and typically look for and take advantage of security flaws in different protocols before returning funds.

Cointelegraph reached out to CertiK to unpack the situation, which highlighted that the exploiter left an on-chain message which has been verified on the Arbitrum Blockchain Explorer:

The input data reads: “It looks like your oracle was misconfigured. contact me to sort this out.”

Lookonchain provided further details of the exploit, citing blockchain data that shows that the white hat hacker borrowed $1.59 million worth of assets from the protocol by depositing 1 $GMX token which was valued at $71 at the time of writing.

Related: $700,000 drained from BNB Chain-based DeFi protocol LaunchZone

Cointelegraph has reached out to Tender.fi to ascertain further details of the exploit and whether funds will be returned by the white hat hacker. DeFi protocols have been the target of hackers in early 2023, with seven different platforms losing over $21 million in February alone. Hackers also took advantage of an oracle exploit in Jan. 2023, seeing over $120 million stolen from BonqDAO. 

Circle announces USDC launch for Cosmos via Noble network

Babel wants to repay creditors via special ‘recovery coins’: Report

Babel reportedly owes $524 million worth of Bitcoin, Ether and other tokens due to “risky trading activities” by co-founder Wang Li.

Babel Finance, one of cryptocurrency lending firms shaken by the bear market of 2022, is exploring new restructuring opportunities involving minting a new token.

Babel co-founder Yang Zhou is planning to build a new decentralized finance (DeFi) project in order to generate revenue to repay debts owed to creditors, Bloomberg reported on March 5.

Called Hope, the potential DeFi project aims to mint a new stablecoin serving as a “recovery coin” for Babel, according to Yang’s restructuring proposal.

Unlike major stablecoins like Tether (USDT) or USD Coin (USDC), Hope’s namesake stablecoin will reportedly use Bitcoin (BTC) and Ether (ETH) as collateral, maintaining its 1:1 ratio with the U.S. dollar through arbitrage incentives for traders, the filing notes.

The document also alleges that another Babel co-founder, Wang Li, was responsible for the losses, stipulating that “the risky trading activities appear to have been instructed solely by Wang.” Wang stepped down from his CEO position at Babel in December amid the company’s issues.

According to Babel’s estimations, the company owes as much as $524 million worth of BTC, ETH and other tokens to customers due to losses allegedly caused by Wang’s risky trading activities. Another $224 million was reportedly lost when Babel counterparties liquidated collateral after the firm became unable to meet a large volume of margin calls.

As previously reported, Babel was one of several crypto lenders that experienced serious liquidity issues due to the cryptocurrency winter in 2022. The Hong Kong-based firm suspended withdrawals and redemptions from its products in June, citing “unusual liquidity pressures.”

Related: Hodlnaut founders propose selling the firm instead of liquidation

Major industry lenders, including Voyager Digital, Celsius Network, Genesis Global and Hodlnaut have faced similar issues. Genesis owes $150 million to Babel, its third biggest named creditor, according to a January Chapter 11 filing. All of these companies are now working hard to come up with restructuring plans to pay their creditors and save their businesses.

In late February, Voyager customers voted for a restructuring plan involving Binance’s United States-based business, Binance.US, acquiring Voyager’s assets.

Circle announces USDC launch for Cosmos via Noble network

Bitcoin leverage ramps up as BTC’s margin long-to-shorts ratio hits a record $2.5B high

BTC traders at Bitfinex and OKX are unwilling to use margin markets for bearish bets, creating an alarming imbalance that investors should pay close attention to.

Crypto traders' urge to create leverage positions with Bitcoin (BTC) appears irresistible to many people, but it's impossible to know if these traders are extreme risk-takers or savvy market makers hedging their positions. The need to maintain hedges holds even if traders rely on leverage merely to reduce their counterparty exposure by maintaining a collateral deposit and the bulk of their position on cold wallets.

Not all leverage is reckless

Regardless of the reason for traders' use of leverage, currently there is a highly unusual imbalance in margin lending markets that favors BTC longs betting on a price increase. Despite this, so far, the movement has been restricted on margin markets because the BTC futures markets remained relatively calm throughout 2023.

Margin markets operate differently from futures contracts in two main areas. Those are not derivatives contracts, meaning the trade happens on the same order book as regular spot trading and unlike futures contracts, the balance between margin longs and shorts is not always matched.

For instance, after buying 20 Bitcoin using margin, one can literally withdraw the coins from the exchange. Of course, there must be some form of collateral, or a margin deposit, for the trade and this is usually based on stablecoins. If the borrower fails to return the position, the exchange will automatically liquidate the margin to repay the lender.

The borrower must also pay an interest rate for the BTC bought with margin. The operational procedures will vary between marketplaces held by centralized and decentralized exchanges, but usually the lender gets to decide the rate and duration of the offers.

Margin traders can either long or short

Margin trading allows investors to leverage their positions by borrowing stablecoins and using the proceeds to buy more cryptocurrency. When these traders borrow Bitcoin, they use the coins as collateral for short positions, which means they are betting on a price decrease.

That is why analysts monitor the total lending amounts of Bitcoin and stablecoins to understand whether investors are leaning bullish or bearish. Interestingly, Bitfinex margin traders entered their highest leverage long/short ratio on Feb. 26.

Bitfinex margin Bitcoin longs/shorts ratio. Source: TradingView

Historically, Bitfinex margin traders are known for creating margin positions of 10,000 BTC or higher quickly, indicating the participation of whales and large arbitrage desks.

As the above chart indicates, on Feb. 26, the BTC/USD long (bulls) margin demand outpaced shorts (bears) by 133 times, at 105,300 BTC. Before 2023, the last time this indicator reached an all-time high favoring longs was Sept. 12, 2022. Unfortunately, for bulls, the result benefited bears as Bitcoin nosedived 19% over the following six days.

Traders should cross-reference the data with other exchanges to ensure the anomaly is market-wide, especially since each marketplace holds different risks, norms, liquidity and availability.

OKX, for instance, provides a margin lending indicator based on the stablecoin/BTC ratio. At OKX, traders can increase exposure by borrowing stablecoins to buy Bitcoin. On the other hand, Bitcoin borrowers can only bet on the decline of a cryptocurrency's price.

OKX stablecoin/BTC margin lending ratio. Source: OKX

The above chart shows that OKX traders' margin lending ratio increased through February, signaling that professional traders added leveraged long positions even as Bitcoin price failed to break the $25,000 resistance multiple times between Feb. 16 and Feb. 23.

Furthermore, the margin ratio at OKX on Feb. 22 was the highest level seen in over six months. This level is highly unusual and matches the trend seen at Bitfinex where a strong imbalance favored Bitcoin margin longs.

Related: Can Bitcoin reach $25K again in March 2023? Watch Market Talks live

The difference in the cost of leverage could explain the imbalance

The rate for leverage BTC longs at Bitfinex has been almost nonexistent throughout 2023, currently sitting below 0.1% per year. In short, traders should not panic, considering the cost of margin lending remains in a zone that is deemed healthy, and the imbalance is not present in futures contracts markets.

There may be a plausible explanation for the movement, which did not happen overnight. For instance, a possible culprit is the rising cost of stablecoin lending.

Instead of the minimal rate offered for Bitcoin loans, stablecoin borrowers pay 25% per year on Bitfinex. That cost increased significantly in November 2022 when the leading derivatives exchange FTX and their market maker Alameda Research blew up.

As long as Bitcoin margin markets remain extremely unbalanced, traders should continue monitoring the data for additional signs of stress. Currently, no red flags are raised, but the size of the Bitfinex BTC/USD longs ($2.5 billion position) should be a reason for concern.

The views, thoughts and opinions expressed here are the authors’ alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

Circle announces USDC launch for Cosmos via Noble network

Hodlnaut founders propose selling the firm instead of liquidation

Despite Hodlnaut creditors insisting on the firm’s liquidation, the founders keep trying to save the business and sell it to potential investors.

The founders of the troubled cryptocurrency lender Hodlnaut are trying to save the business despite creditors insisting on its liquidation.

On Feb. 28, Hodlnaut’s interim judicial managers released the sixth affidavit of Hodlnaut co-founder Simon Lee reportedly stating the company’s founders proposed selling the business as a better option for creditors than liquidating the firm.

According to a report by Bloomberg, Lee said that he and Hodlnaut’s other co-founder Zhu Juntao have reached out to a number of “potential white knight investors.”

Lee reportedly wrote that Hodlnaut co-founders are confident the company’s user base “can be acquired and on-boarded on digital-asset platforms owned or affiliated to such investors.” He declared that such a business transaction would “maximize” value for creditors.

The affidavit further reaffirms Hodlnaut’s willingness to to sell the firm as the company was working with several potential investors to sell its business and other assets. A number of potential buyers reportedly inquired about purchasing Hodlnaut and its claims against the collapsed crypto exchange FTX as of early February.

The news comes shortly after key Hodlnaut creditors, including Algorand Foundation, in January rejected a restructuring plan offer allowing the current directors to oversee the firm’s operations during the restructuring phase. The creditors argued that the restructuring would do no help and it was in their best interest to liquidate the firm’s remaining assets.

Related: DCG losses top $1B on the back of 3AC collapse in 2022

As of December 2022, Hodlnaut Group owed a total of $160.3 million — or 62% of outstanding debt — to companies and entities like Algorand, Samtrade Custodian, S.A.M. Fintech and Jean-Marc Tremeaux.

Once a major crypto lending platform, Hodlnaut was forced to suspend services in August 2022 due to a lack of liquidity triggered by the bear market in 2022. Hodlnaut’s operations were further breached by the firm’s significant exposure to the collapsed FTX exchange, with the firm having more than 500 Bitcoin (BTC) stuck on Sam Bankman-Fried’s crypto exchange.

The news comes amid another troubled crypto lender, Voyager, announcing on Feb. 28 that customers voted for a restructuring plan with Binance’s United States-based business, Binance.US. In December, Binance.US disclosed an agreement to buy Voyager’s assets for $1.02 billion.

Circle announces USDC launch for Cosmos via Noble network

DeFi ‘fragility’ causes and cures explored in highly technical Bank of Canada study

Researchers affiliated with the Canadian central bank identified weak points in DeFi lending protocols and reported on the potential they saw for mitigating them.

The Bank of Canada has released a working paper that examines lending protocols in decentralized finance (DeFi) with regard to sources of instability and their relation to crypto asset prices. Its findings point to potential ways to optimize DeFi lending platforms, or possibly the practical limits of decentralization.

The authors of the paper, titled “On the Fragility of DeFi Lending” and released Feb. 22, acknowledged the inclusiveness DeFi offers and the advantages of smart contract protocols over the use of human discretion. They went on to identify the systemic weaknesses of DeFi. Information asymmetry, a key issue for regulators, was highlighted here, with the twist that, in DeFi, the asymmetry favors the borrower:

“The collateral composition of a lending pool is not readily observable, implying that borrowers are better informed about collateral quality than lenders are.”

That is because borrowers are at least aware of the quality of the assets they used a loan collateral. Moreover, “Only tokenized assets can be pledged as collateral, and such assets tend to exhibit very high price volatilities.” Price and liquidity produce a feedback loop, the paper argued: the price of an asset affects borrowing volume and that, in turn, affects asset price.

In addition, smart contracts’ lack of human input can have undesired effects. Traditional loan contracts can be modified by loan officers in response to current information. Smart contracts are inflexible because terms are preprogrammed and “can only be contingent on a small set of quantifiable, real- time data” and even minor changes to the contract can require a lengthy discussion process.

“As a result, DeFi lending typically involves linear, non-recourse debt contracts that feature over-collateralization as the only risk control.”

Efficiency, complexity, and flexibility are thus reduced in comparison to traditional finance and “self-fulfilling sentiment-driven cycles” of pricing arise. The authors used advanced mathematics to examine a number of propositions for achieving market equilibrium in those circumstances.

Related: Bank of Canada emphasizes need for stablecoin regulation as legislation is tabled

A flexible optimal debt limit was found to provide equilibrium. However, “simple linear haircut rules” typically designed into smart contracts cannot implement a flexible limit. It would be hard to create protocols with that feature and they would be highly dependent on the choice of oracles. Alternatively to that challenge, “DeFi lending could abandon complete decentralization and re-introduce human intervention to provide real-time risk management.”

Thus, the authors conclude, the DeFi trilemma of decentralization, simplicity and stability remains unconquered.

Circle announces USDC launch for Cosmos via Noble network