4 Aug 2023

Hello,

Hello there,

July wasn’t a great month for crypto – Bitcoin declined 4%, registering the second red month of an otherwise good year. However, Bitcoin isn’t giving up just yet. It continues to fight above $29,000. This comes even as S&P 500 and other stock indices lost value this week after Fitch, a rating agency, cut US Government’s rating from AAA to AA+.

Meanwhile, Curve Finance’s exploit to the tune of $60 million is the focus this week. We have been here before – exploits in crypto have become commonplace. Today, we cover security concerns that plague decentralized exchanges (DEXs) like Curve and what you, as an end user, can do to mitigate exposure.

Let’s jump in.

Top-3 stories of the week:

1

Coinbase Sets Public Launch of ‘Base’ Layer-2 Blockchain for Next Week

Coinbase's layer-2 blockchain, Base, will be open to the public on August 9. Users can bridge their ETH to Base, and over $68 million worth of Ether has been already bridged. The launch coincides with ‘Onchain Summer,’ featuring collaborations with Coca-Cola, Atari, and OpenSea.

2

Bitcoin Whale Michael Saylor Might Buy a Lot More BTC

In July, Microstrategy bought an additional 467 BTC for $14.4 million. The company’s founder and executive chairman, Michael Saylor, confirmed these figures on Twitter. In addition to increasing its Bitcoin holdings, Microstrategy has revealed plans to buy more Bitcoin using proceeds from sales of its common stock of up to $750 million. The company has entered into a sales agreement with three companies to sell shares of its class-A common stock ‘from time to time’ to raise the funds.

3

Seven Major Asset Managers File Ethereum ETF Applications

Seven applications for Ether futures ETFs have been filed with the SEC in recent days. Observers suggest the flurry of applications may be driven by a belief that the SEC is more likely to approve a spot Bitcoin ETF, which could in turn increase the chances of Ethereum ETFs getting approved. If approved, these Ethereum ETFs could offer retail investors an accessible way to gain exposure to digital assets without dealing with the technical complexities of crypto

The newsletter is put together by Giottus Crypto Platform and The News Minute’s Brand Studio. You can read all the previous issues of Cryptogram here.

Was this newsletter forwarded to you?

WEEKLY MACROS

• Total crypto market cap - $1.16 trillion - DOWN 1.7%

• Bitcoin price - $29,130 - DOWN 0.3%

• The dollar index (DXY) - 102.38 - UP 0.6%

• Bitcoin Dominance - 50.29% - UP 1.1%

• Crypto Fear and Greed Index - 51 - the market is in neutral state

ICO CALENDAR

• 8 Aug 2023 - Octavia ($VIA)

THE HOT TAKE

Curve’s vulnerability highlights a recurring concern

Here is the gist of what happened with Curve Finance this week.

On July 30, Curve Finance experienced a hack due to a vulnerability in Vyper. This is the programming language used in certain aspects of their system. Due to certain smart contracts running different versions of Vyper, an attacker exploited certain pools in Curve protocol.

Hackers stole around $60 million, causing a ripple effect throughout the crypto sector and raising questions about the strength of the decentralized finance ecosystem.

Robert Chen, a Whitehat engineer who worked on the viper recovery, has created a timeline report, that explains the events.

Curve is one of the largest decentralized exchanges (DEX) today, with about $1.7 billion in total value locked (TVL), according to data on DeFi TVL aggregator DeFiLlama. Therefore, the hack was limited to about 4% of the TVL. Still, it shouldn’t have happened.

The ramifications could be severe as we note below.

1. A liquidation crisis has been averted

Michael Egorov, the founder of Curve, has high-stake debt positions in several staking protocols such as Aave, Frax, Abracadabra, Inverse, etc with a majority of it locked into Aave. He has close to 365 million CRV valued at $211 million according to blockchain analytics site DeBank.

A sudden decline in CRV’s price led to some concerns on his ability to back these loans. If CRV trades below $0.37, his position of 250 million CRV gets liquidated. CRV is currently trading at $0.57.

Given major centralized and decentralized exchanges do not have high circulating liquidity, if CRV collapses, Aave is left with bad debt. To avert this collapse, many individuals and companies did over-the-counter (OTC) deals at a discount this week to keep CRV’s price afloat.

Blockchain data from Tuesday shows Justin Sun of Tron purchased about 5 million $CRV from a wallet tagged ‘Curve.fi Founder’ at an average price of $0.4 in an over-the-counter transaction. Several other DeFi players stepped in to pick up discounted $CRV tokens via OTC trading shortly after Sun's purchases. Crypto investor Jeffrey Huang, known online as Machi Big Brother, bought 3.75 million tokens, while crypto fund DWF Labs and DeFi protocol bought 2.5 million CRV each.

2. Looming interest rate risks on LPs

On Frax Finance, Egorov currently has 38 million CRV supplied against 9.1 million FRAX of debt.

Though this is comparatively lower CRV collateral and stablecoin debt than his Aave position, it poses a larger risk to CRV due to Fraxlend’s Time-Weighted Variable Interest Rate. According to Delphi Digital, at 100% utilization, which it is currently at, the interest rate will double every 12 hours. The current interest rate is 81.2%, but can be expected to increase to nearly 10,000% APY after just 3.5 days.

Egorov has attempted to lower his debt and the utilization rate twice, repaying a total of 4 million FRAX this week while the liquidity providers have rushed to remove liquidity as soon as he pays.

These implications pose a greater risk for CRV and could lead the token to tank, having knock off effects to other lending defi protocols.

3. DeFi hacks are a commonplace

This hack is neither new nor was it unexpected. In February this year, more than $21 million worth tokens were stolen from 7 DeFi protocols. “Reentrancy, price oracle attacks, and exploits across seven protocols caused the DeFi space to bleed at least $21 million in crypto in February,” – notes Cointelegraph. Curve’s issue is also related to a ‘reentrancy’ issue.

There have been 18 documented attacks in DeFi protocols this year before Curve happened.

This begs the question: Why are DeFi protocols not strong enough to withstand these attacks? It may come down to the working of a DEX. Developers are usually in different time zones and don’t often interact the way they would in a centralized company. Given a trivial thing like not updating software versions can possibly provide a loophole to hackers, consistency in commitment and ability to follow unidirectional messages become key.

Another moot point: why are DeFi founders having exposure to high-risk loans predicated on the value of a token? Curve Finance could have absorbed (or lived with) the $60 million loss over time if not for the loans pegged to CRV asset.

Instead, they are offering a 10% bounty to the hackers to return their heist.

Key takeaway

DEXs are an important element of the crypto ecosystem. They have the potential to drive innovation, source analytics at a larger level as well as provide ways to seek alternate finance opportunities world over. However, they must work on a fix for some perennial issues – being vulnerable to hackers and market realities.

As this plays out, we urge our readers to not hold any assets from Aave or any other lending market that has exposure to CRV. To be doubly sure, it would be better to remove liquidity from all the crypto pools in Curve.

In general, a lot of centralized exchanges (CEXs), including Giottus, offer fixed rewards/returns comparable to that of DEXs – thereby obviating the need to use DEXs for these purposes.

While hardware wallets are the best to store your crypto, having a minor portion of your assets in hot wallets including in DEXs is understandable but do acknowledge the risks involved.

Disclaimer: Crypto-asset or cryptocurrency investments are subject to market risks such as volatility and have no guaranteed returns. Please do your own research before investing and seek independent legal/financial advice if you are unsure about the investments.

Was this newsletter forwarded to you?

If you have any questions or feedback for us, write to us at [email protected]. You can check out the previous issues here.