The decentralized finance (DeFi) sector continues to attract heightened attention from crypto investors. ForkLog has compiled the most important events and news from the past weeks in a digest.
Key metrics of the DeFi segment
Total value locked (TVL) in DeFi protocols rose to $49.08 billion. The leader was Lido with $10.46 billion, while second and third places are held by MakerDAO ($7.65 billion) and AAVE ($5.6 billion), respectively.
TVL in Ethereum applications rose to $28.93 billion. Over the last 30 days the metric rose by 1% (on February 25 the value stood at $28.68 billion).
Trading volume on decentralized exchanges (DEX) over the last 30 days stood at $127.6 billion.
Uniswap continues to dominate the non-custodial exchange market — it accounts for 64.6% of total turnover. The second DEX by volume is SushiSwap (10.3%), the third PancakeSwap (7.1%).
Euler Finance hacked for $196 million
On March 13, the DeFi protocol Euler Finance was hacked. The damage amounted to more than $196 million.
Allegedly, the hacker used the flash loan option on the platform, depositing an unsecured collateral. Due to a bug in the smart contract, he was able to liquidate the debt and withdraw the funds.
On March 14, the Euler Finance team disabled the vulnerable EToken module, blocking deposits. Company representatives also contacted the hacker and offered a reward for the return of the stolen funds.
On March 15, a demand was made to return 90% of the stolen funds. As there was no response, the company announced a $1 million reward for any information leading to the hacker’s arrest.
Subsequently, the hacker sent cryptocurrency worth about $2.5 million to the Tornado Cash mixer Tornado Cash. Lookonchain analysts also reported that the attacker moved 100 ETH to an address associated with the Lazarus Group, linked to the Ronin network attack in March 2022.
On March 21 the hacker contacted the project developers via on-chain messages and proposed to “establish a secure line of communication and reach an agreement.” Euler representatives expressed willingness to hear his wishes.
Within days the EUL token fell from $6.50 to $1.60. At the time of writing the asset is trading around $2.75, with a market capitalisation of $45 million, according to CoinGecko.
DeFi Llama team forks the project
On March 19, the DeFi Llama developer using the alias 0xngmi announced the launch of a fork of the project named llama.fi on behalf of the team.
He cited disagreement with the decision to issue a token for the platform, which was made by \”the person who controls the Twitter account and the defillama domain.\”
\”There is an ongoing attempt to launch a token that does not represent us. We do not want to be associated with it,\” said the developer.
In response, the owner of the llamaintern account, who claimed to be a DeFi Llama intern, commented:
\”0xngmi and several team members have become scammers. They are actively seeking to seize the IP address and the Defillama community, wrongly claiming that the rightful owner is carrying out a hostile takeover.\”
Some members of the community sided with DeFi Llama’s founders Charlie Watkins and Ben Hauser. The founder of yEarn.finance Andre Cronje wrote:
\”It is easy to stay ideological when you do not pay the bills. Charlie has been financing all the project’s expenses out of his own pocket for many years; it is not cheap.\”
According to him, Watkins’s idea to issue a token is \”not greed, but an attempt to achieve sustainability.\”
\”Let’s see how long they can last without ‘free money’. They will soon start seeking funding or add advertising,\” Cronje said.
Web3 developer going by the handle AnonBuilder noted that paying the bills does not cancel the work of the team.
\”Just because the founder wants to stop draining funds does not give him the right to jeopardise the entire project,\” he added.
Uniswap founder Hayden Adams reminded that the DeFi dashboards project began about three years ago as a fork of the information platform behind the largest DEX. He noted that he had to push the founders to reject the use of the original operations-support system.
On March 20 the DeFi Llama team stated that there are no plans to issue a token, which had led to the internal conflict with the emergence of a fork of the analytics platform.
\”The DeFi Llama team would like to apologise for the events that unfolded yesterday as a result of ineffective communication and misunderstandings within the team,\” the statement said.
As of writing, the llama.fi domain automatically redirects to the original platform.
\”We would like to leave what happened behind. The LLAMA token is not currently planned, and any airdrops will be discussed with the community, as with every important decision,\” the team said.
The platform team emphasised that it intends to adhere to a more transparent policy to avoid repetition of events. All arms of the company behind the project, LlamaCorp, will continue to work on it together.
PeopleDAO hacked for $120,000 in Ethereum via Google Sheets
On March 6, the PeopleDAO community, created to acquire a rare copy of the US Constitution, was subjected to a hacking attack. The damage amounted to 76.5 ETH ($120,000).
As it emerged, PeopleDAO’s accounting posted a Google Sheet link with the monthly payout form on a public Discord channel. The document had editing rights open. An unknown person filled in their wallet address and the payment amount of 76.5 ETH, after which they made that row invisible.
\”The team leads did not detect the hidden row during re-checks. Then the file with the data from the table was uploaded to Safe’s CSV Airdrop tool for distributing the reward. Validators also did not notice the malicious transfer,\” the PeopleDAO team explained.
Subsequently, the hacker moved 69.2 ETH to HitBTC and 7.3 ETH to Binance. Both exchanges, along with law enforcement, were notified of the incident.
PeopleDAO is also conducting an internal investigation with blockchain security experts ZachXBT and SlowMist. The community offered the hacker a reward equal to 10% of the stolen sum for the return of the funds. At the time of writing, he had not responded to the offer.
Separately, the team will work on improving accounting and training validators to operate with multisignatures.
Also on ForkLog: