DeFi Bulletin: CAKE to shift to a deflationary model, while Yearn Finance hacked for $11 million

The decentralized finance (DeFi) sector continues to draw heightened attention from cryptocurrency investors. ForkLog has gathered the most significant events and news of the past weeks in this digest.

Key metrics for the DeFi segment

The total value locked (TVL) in DeFi protocols fell to $48.76 billion. Lido led with $11.45 billion, while MakerDAO ($7.39 billion) and AAVE ($5.16 billion) held second and third places.

TVL in Ethereum applications fell to $28.79 billion. Over the last 30 days the figure dropped by 3.2% (on 22 March the value stood at $29.75 billion).

Trading volume on decentralized exchanges (DEX) over the last 30 days stood at $70.4 billion.

Uniswap continues to dominate the non-custodial exchange market — it accounts for 62.1% of total turnover. The second DEX by volume is PancakeSwap (14.4%), the third is SushiSwap (6%).

PancakeSwap developers will move CAKE to a deflationary model

The PancakeSwap proposed to change the tokenomics of the DeFi project. The initiative envisions a transition from the current inflationary model of CAKE’s utility token to neutral issuance or deflation with real yield and utility.

CAKE Tokenomics v2.5 envisages reducing the annual CAKE issuance from 20% to 3-5% through:

• lower staking rewards — 0.35-1 CAKE per block versus 6.65 CAKE;
• real yield derived from protocol revenues — stakers will receive 5% of PancakeSwap v3 fees with monthly levels at 0.01% and 0.05% depending on the duration of the stake of the utility token;
• increasing the weight of long-term stakers in CAKE emissions;
• participation in the rapidly growing PancakeSwap product suite with a focus on the aforementioned user category.

The developers emphasised that the proposal will leave unchanged the following components:

• % of fees allocated to buyback and burn CAKE;
• % from other products to implement the above process;
• rewards for the most loyal stakers with the largest share of emissions and trading fees.

The team expects to gather community feedback via a feedback form and reactions on social media.

SafeMoon agrees with the hacker to return 80% of funds

The attacker about $9 million from the SafeMoon DEX liquidity pool on the BNB Chain agreed to return 80% of the withdrawn funds in exchange for ceasing the pursuit.

The team said in the transaction’s signing that the agreement had been reached.

“In particular, SafeMoon will take 80% of the amount, and the other side will keep the remainder as a reward. The platform also agreed not to file any lawsuits. After careful consideration of the circumstances we believe this best serves the interests of SafeMoon and the community,” the team wrote.

The attacker, immediately after the incident, began communicating with the project’s developers and reassured them of returning the funds. He described the attack on the protocol as “accidental.”

Hacker extracted $11 million from Yearn Finance DeFi protocol

On 13 April the attacker stole crypto assets worth $11.6 million from Yearn Finance’s DeFi protocol via an exploit in the platform’s stablecoin contract — yUSDT.

The main cause of the bug was the incorrect configuration of yUSDT, which is the analogue of Tether’s stablecoin.

According to PeckShield analysts, the hacker managed to mint more than 1.2 quadrillion yUSDT, using a deposit of 10,000 USDT. After that, he swapped the minted coins for other stablecoins, including DAI, USDT, USDC, BUSD, TUSD.

The attacker used the first version of the Aave protocol to create a large array of swaps. However, the project team stated that the network itself was not harmed.

Yearn Finance representatives also said that the investigation had begun. They said the issue is related to “an outdated iearn protocol launched in 2020, and the liquidity pool.” The v2 vaults are safe.

Analysts at Nansen noted that the hacker has already distributed funds across three addresses in ETH, DAI, USDC and BUSD.

Hacker extracted around $7 million from Hundred Finance DeFi protocol

The lending protocol Hundred Finance came under a hacker attack targeting pools on the Optimism-based L2. Developers put the damage at roughly $7 million.

According to PeckShield, the attacker manipulated the price of the hWBTC token to drain the lending pools:

“The primary cause is that the attacker sacrificed 200 WBTC to push up the exchange rate of hWBTC, so even a tiny amount (2 Wei) can empty the current lending pools.”

The project team said they were in contact with the hacker and are negotiating with cybersecurity firms. They say they aim to reach an agreement with the attacker.

Also on ForkLog:

• The Kyber Network urged withdrawals due to a vulnerability.
• The Uniswap community approved deployment of the protocol on Polygon zkEVM.
• The developers of 1inch Network added support for zkSync Era.