The decentralised finance (DeFi) sector continues to attract heightened attention from crypto investors. ForkLog has compiled the most important events and news of the past weeks into a digest.
Key metrics in the DeFi segment
The total value locked (TVL) in DeFi protocols fell to $51.7 billion. The leader is MakerDAO with $7.64 billion, while second and third place are held by Lido ($6 billion) and Curve ($5.69 billion), respectively.
TVL in Ethereum applications fell to $29.56 billion. Over the last 30 days the metric rose by 3% (as of 22 September the figure stood at $28.82 billion).
Trading volume on decentralised exchanges (DEX) over the last 30 days amounted to $32.6 billion.
Uniswap continues to dominate the non-custodial exchange market, accounting for 67.3% of total turnover. The second DEX by trading volume is DODO (11%), the third Curve (10.4%).
The European Commission to study the possibility of ’embedded oversight’ for DeFi protocols
The European Commission announced a tender to study methods of automated real-time data collection on DeFi activity in the Ethereum network for regulators.
The document states that the open-source code of DeFi and blockchain projects, including those behind the second-largest cryptocurrency by market capitalisation, will ‘facilitate regulators’ work in identifying regulatory levers.’
The pilot programme is planned for at least six months and is valued at €250,000. Applications are due by 1 December.
Chainalysis: October set a new record for hacker losses
October became the record month for the amount of cryptocurrency stolen by hackers in 2022. According to Chainalysis, losses across DeFi protocols since October 1 from 11 attacks totalled $718 million.
Year-to-date the figure has surpassed $3 billion (125 attacks), closely approaching 2021 levels.
Analysts note that in 2019 the interest of attackers was focused on centralized platforms. Since then it has shifted toward DeFi protocols.
Cross-chain bridges suffered substantial losses. In October three such projects were hacked ($600 million). This accounted for 82% of October’s cumulative total and 64% of the year’s total.
The community proposed closing the DeFi project Yam Finance
The Yam Finance DeFi protocol’s DAO is considering a proposal to distribute treasury funds among users and closing the project.
The author of the proposal, under the alias 1tx, argues that there is still an opportunity to ‘save some value’ stored in the YAM token. The governance asset is trading around $0.19. Compared with the September peak of $41.40, the price has fallen 99.6%.
According to 1tx, the community has long seen little progress in creating and developing projects. Meanwhile, the main development team receives more than $30,000 per month from the treasury, depleting it, the user noted.
Total funds locked in the protocol amount to $196,967, according to DeFi Llama. In April 2021 the figure stood at $6.76 million.
1tx proposed that the treasury could fund the buyback of YAM at $0.207–0.25. The mechanism envisages sending tokens to a dedicated smart contract for burning — in return, users would receive a new replacement token on a 1:1 basis. After treasury distributions according to YAM ownership, the remaining funds would be donated to charity.
One of the project’s leading developers, known by the alias feddas, largely agreed with 1tx’s claims, but opposed closing the project. He said this is a tactical move by those who bought the tokens at prices below the proposed buyback.
The developer said he could make the treasury profitable within 30 days and, in six months, push the YAM price “well above” the $0.207–0.25 range.
Opinions in the discussion were divided. Some considered 1tx’s proposal to be ‘better than doing nothing’, while others argued for giving the team another chance, saying that ‘there is not much to lose at this point’.
Investments in DeFi
The company behind the DeFi protocol of the same name, Uniswap Labs, raised $165 million in a Series B financing round.
The round was led by venture capital firm Polychain Capital. Participants included existing investors such as Andreessen Horowitz, Paradigm, SV Angel, and Variant.
Hacks and Scams
An unknown actor siphoned off around $116 million of digital assets from the Solana-based trading and lending DeFi platform Mango Markets.
The attacker used a deposit of 5 million USDC to manipulate the price of the native token MNGO by opening a large margin position in perpetual swaps. Due to low liquidity on the spot market, the asset’s price briefly surged from $0.038 to $0.91 — about 2,295%.
The increased value of the MNGO collateral allowed the hacker to borrow and withdraw funds in several coins.
The Mango Markets community voted in favour of an agreement with the hacker. He will return $69 million and keep the remaining $47 million as a bounty.
Some 96.6% of users supported the proposal. All participants will be fully reimbursed from treasury funds and will waive any potential claims and legal actions.
Attackers targeted the DeFi platform Moola Market on the Celo blockchain. The loss amounted to around $8.4 million across several tokens.
Hackers moved 243,000 CELO from Binance into the protocol. They used the funds to borrow 1.8 million native MOO tokens. By artificially inflating the price of the token, they could post it as collateral to borrow against other assets and withdraw them.
The Moola Market team paused the platform and launched an investigation. It reached out to the attackers, warning that it has engaged law enforcement to block the liquidation of the stolen funds.
Subsequently, 93.1% of the withdrawn assets were returned.
A unknown actor exploited a bug in TempleDAO’s smart contract and stole $2.3 million from one of its staking vaults. The team promised to return the funds to affected users.
In the sequence of transactions, the attacker moved a total of 321,154 xLP tokens, swapping them for 1,262,438 FRAX and 1,418,303 TEMPLE. He subsequently swapped the latter for FRAX.
The exploit was caused by ‘several misuses’ of the migrateStake function. It allows users to move tokens from an older contract. The attacker invoked the function with a fraudulent address, enabling withdrawal of all funds from the vault to their wallet instead of the new contract.
The team promised a bounty to the hacker if the stolen funds were returned, but he transferred the assets to the Ethereum mixer Tornado Cash.
Also on ForkLog:
- The revenue of the MakerDAO DeFi protocol fell by 86%.
- The European Commission said TradFi norms are inadequate when applied to DeFi.
Read ForkLog’s bitcoin news in our Telegram — crypto news, prices and analysis.