Cryptocurrencies To Watch

Tag: DeFi

  • Sky Faces Investigation for Potential $756M Exploit Vulnerability

    Sky Faces Investigation for Potential $756M Exploit Vulnerability

    Sky, the decentralized project formerly known as MakerDAO, has come under fire for a potential vulnerability that could put $756 million in USD Coin (USDC) reserves at risk. The funds are held in Sky’s lite peg stability module (PSM), which plays a crucial role in maintaining the stability of its flagship stablecoin, DAI.

    User Highlights System Issues

    According to a recent post on X, a user highlighted issues with the system’s use of an externally controlled account to handle a large share of its assets, totaling $756 million in stablecoin reserves.

    Observers also contended that this custodianship approach may expose the assets to possible security breaches or internal mismanagement.

    Following its recent transition to the Sky brand and ongoing debates over the feasibility of introducing a freeze mechanism, the potential for exploitation or misappropriation of funds managed via EOAs could further erode the protocol’s credibility and stakeholder confidence.

    The lite PSM is a tool that enables Sky to maintain the peg of its stablecoin against the United States dollar, permitting users to exchange the stablecoin for USDC at a fixed rate.

    As part of the migration plan, Sky intends to shift reserves from the older PSM to the Lite PSM in three stages, starting with an initial transfer of $20 million. However, the Lite PSM’s reserves are reportedly managed through an externally owned account (EOA), according to claims made by an X user and Sky official forum, sparking concerns about transparency and security.

    EOA-Based Custodianship

    On the other hand, EOA is a standard Ethereum wallet managed via a private key, in contrast to a smart contract, which operates based on predefined code and security protocols without external control.

    Critics of using EOAs for custodianship assert that these accounts are fundamentally more prone to risks and less transparent, as they lack mechanisms such as multi-signature verification or time-locked transactions.

    This approach to fund management would leave the $756 million reserve vulnerable to private key breaches or possible malicious activities, especially in the absence of protections to limit the movement of the assets.

    Meanwhile, the Sky co-founder’s perspective fails to adequately address questions about who has ultimate control over the wallet, how transactions are approved, or whether governance mechanisms can enforce actions related to fund management.

  • HyperLiquid’s Native Token Launches, Sees $4.2B in Fully Diluted Value

    HyperLiquid’s Native Token Launches, Sees $4.2B in Fully Diluted Value

    HyperLiquid, a decentralized perpetual trading platform and layer-1 blockchain, has distributed its native token, HYPE, as an airdrop. Since its launch, HYPE has surged over 11%.

    The price shift has propelled the fully diluted value (FDV)  to approximately $4.2 billion. More than 333 million tokens are circulating from a total supply of 1 billion, resulting in a market cap of roughly $1.4 billion.

    The HYPE token’s supply will be restricted to 1 billion tokens. Upon token issuance, 31% (or 310 million) of the fully unlocked supply was airdropped to qualifying community members.

    An airdrop is a marketing strategy where a cryptocurrency project distributes free tokens or coins to numerous wallet addresses, usually to generate awareness of a new project and encourage adoption.

    Hyperliquid Exceeds $250M Trading Volume

    The token’s debut has fueled significant market engagement, with trading volume exceeding $250 million in the last 24 hours, highlighting robust interest.

    Additionally, HYPE was allocated via a community airdrop, granting eligibility to users who accumulated reward points over six months, concluding in May. For every point earned, qualified participants received five tokens.

    Although airdrop distributions often lead to selling pressure, demand for HYPE exceeds supply, reflecting strong market confidence and a bullish trend.

    Recipients of HyperLiquid’s airdrop have shared stories of their unexpected profits on X. One trader from the decentralized derivatives platform revealed earnings of over $300,000 from their token allocation. Another user shared a screenshot showcasing more than $18,000 gained, captioning it, “I got a nice drop too.”

    Why Hyperliquid Network Matter

    HYPE is a vital component of the HyperLiquid ecosystem, performing several functions that boost the platform’s utility and decentralization. Users can stake HYPE to support HyperBFT, a refined proof-of-stake consensus mechanism that strengthens network security and fosters decentralization. Moreover, HYPE is the native gas token for HyperEVM, the platform’s execution layer, enabling transaction fee payments.

    Introduced in late 2022, the HyperLiquid network has achieved the capacity to handle around 100,000 orders per second. Notably, its consensus algorithm and networking infrastructure are designed to scale seamlessly, enabling the processing of millions of orders per second as market demand grows.

    Furthermore, the Hyperliquid L1 was explicitly built to optimize performance for a derivatives exchange, focusing on practical, real-world use cases. The network incorporates a versatile Ethereum Virtual Machine (EVM) called HyperEVM.

    Once development is finalized, ERC20 tokens can seamlessly interact with the L1 network. The network’s validators have been responsible for securing the EVM bridge.

  • Tron Founder Justin Sun Becomes Largest Investor in Trump’s WLFI

    Tron Founder Justin Sun Becomes Largest Investor in Trump’s WLFI

    The founder of Tron blockchain, Justin Sun, has recently invested $30 million in World Liberty Financial (WLFI), a decentralized finance (DeFi) project backed by President-elect Donald Trump, making him the largest investor.

    Notably, WLFI initially aimed to raise $300 million but later reduced its target to $30 million due to disappointing sales. Sun’s investment significantly boosted the project, and his involvement may attract more investors and attention to WLFI.

    Why Invest in WLFI?

    Sun publicly announced via X (formerly Twitter) that his reasons for investing in WLFI are rooted in the growing significance of the United States as a blockchain hub. He seized the opportunity to praise Trump for the recent Bitcoin development, which was mainly attributed to his election win. The crypto entrepreneur said, “Bitcoin owes it to Donald Trump.”

    He also expressed that the investment is a strategic move that aligns with Tron’s commitment to innovation and making America great again. The post hints that Sun’s support is likely driven by WLFI’s potential to play a vital role in the United States’ blockchain and crypto involvement.

    On the other hand, World Liberty Financial tweeted Sun’s post and expressed gratitude for his $30 million investment, stating they are “honored to have the support” of the Tron founder.

    Sun Keeps Making Industry Moves

    Sun is known for being vocal and active on social media, sharing his achievements in the crypto industry and beyond. Between 2018 and 2020, he acquired a Maltese residency card through investment, and in 2021, he participated in a $65 million funding round for Animoca, a Hong Kong-based blockchain gaming company.

    The entrepreneur also made notable investments in ether, becoming the largest individual staked ether holder with a balance of $500 million in February 2023. Furthermore, he launched SunPump in August, enabling users to create tokens. The crypto mogul is also associated with the exchange HTX, formerly known as Huobi.

    Last week, he purchased Maurizio Cattelan’s “Comedian” artwork, a duct-taped banana, for $6.2 million at a Sotheby’s auction in New York. He plans to take his ownership to the next level by consuming the banana, which he believes will make him a part of the artwork’s history. However, other crypto users think this may be a bullish move for NFTs, which have lost initial hype.

  • Solana Protocol Jupiter Ranks Second in October’s Most Visited DEX

    Solana Protocol Jupiter Ranks Second in October’s Most Visited DEX

    Web traffic data from Similarweb shows that Jupiter, a decentralized protocol on Solana, ranked second in October’s most visited DEX protocol. Its 2.9 million visits is an over 59% increase from its September 1.86 million. Uniswap leads the pack, with Raydium holding the third position.

    Jupiter is not an absolute DEX but acts as a DEX liquidity aggregator. It claims to provide the best rates for users by pulling liquidity and pricing data from all other Solana exchanges, such as Raydium and Orca.

    Why the Increase in Monthly Visitors?

    Though launched in 2021, Jupiter gained significant traction after launching its JUP token in January. The token’s utility, including staking and governance, boosted user engagement and trading volume, putting Jupiter’s position among the top Solana protocols.

    The token’s launch was the genesis of many events that incentivized users. Jupiter launched the JUP 4 JUP (J4J) initiative, which aims to reward active users and put more JUP in the hands of the community. One of these events is the Active Staking Reward (ASR), which comes quarterly for stakers who participated in voting rounds.

    Another important event for the Jupiter community is the Jupuary, which distributes JUP tokens via airdrop to its users in January. Users who actively traded with the exchange were prioritized during the event. Snapshot for last year’s eligible users was executed in November, and most users may have viewed October as the last month to participate, hence the increase.

    Generally, October saw a significant shift in market sentiment, driven by favorable macroeconomic factors, including decreased US federal rates. This optimism led to better market sentiment and upward price movements, improving and positioning the market for further growth and stability. Most Solana users gunning for the best price may have turned to Jupiter.

    What’s Currently Trending in Jupiter?

    The Jupiter community is currently deliberating on the requirements for the next Jupuary event, scheduled for January 2025, following the snapshot taken on November 2 and the co-founder’s suggestion to exclude stakers from rewards. The team wants to put up a voting round for the community to decide what it deems best for the event.

    Meanwhile, the JUP price is $1.1 at press time, down 7% in the last 24 hours. Its day trading volume is $290.34 million, and its market capitalization is $1.5 billion.

  • DeFi Trader Suffers Over $1 Million Loss After Phantom Wallet Upgrade

    DeFi Trader Suffers Over $1 Million Loss After Phantom Wallet Upgrade

    Crypto trading requires a balance between security, accessibility, and management. When this balance is disrupted, unpleasant consequences can follow. A recent incident involving the Phantom wallet app highlights this. A trader’s $1.2 million SPL tokens vanished after an update.

    Trader Suffers Over $1M Loss

    The trader identified as 0xFiyopi on X (formerly Twitter) had acquired 618,117 POPCAT and  1.56 million SCS tokens with two Solana wallets logged in the same Phantom app. According to the DeFi analytics tool DEX Screener, these digital assets were bought with $270,000 worth of SOL, putting the trader at over 344% unrealized gains.

    According to a deleted tweet by 0xFiyopi, the incident started with an update by Phantom, the popular wallet application, which promised enhanced security and features. For the meme trader, it began a financial nightmare, as he lost the accounts “5MnBKCzxxbGzGJ43F9o33cdosiwG9CmrHG8o7vuwZmgV” and “Gw95t4zKqsXvZKhADrkQg4RpgVn3dDX2skxfsRqbohwK.”

    Image

    0xFiyopi’s deleted tweet

    After installing the update, the trader was logged out of his wallets. He may have thought it was no big deal initially since he would log back again with his seed phrase. Unfortunately, he realized he had lost access to them when he tried to access his accounts, which were probably created using the same mnemonic phrase.

    Panic may have set in as 0xFiyopi tried to find his recovery phrase. He saved it. However, the recovery phrase he had written down in January 2022 did not work. He recalled that he had switched phones since then and created new accounts after installing the Phantom app on the new device.

    At this point, the horrifying truth dawned on him: he had lost access to his over $1 million worth of meme holdings. The DeFi trader took to X to express regret, noting that he would typically not keep large amounts on his phone, but this time, he had made an exception.

    Trader Responds to Critics

    X users expressed concern over the loss, with some blaming Phantom and others criticizing 0xFiyopi for managing such a significant amount on his mobile device. The trader reacted to these backlashes by taking full responsibility for the incident while exonerating Phantom from any blame. He said, “It’s a $1M lesson—even newbies wouldn’t make this mistake.”

    Meanwhile, amid these exciting times for most traders whose crypto assets are already on profit due to the recent surge, some users are left off in the excitement. Recently, a victim clicked a phishing link, which led to the loss of $6 million. Another crypto user lost $25 million by accidentally transferring to a smart contract wallet.

  • Crypto User Loses $25 Million to Accidental Transfer

    Crypto User Loses $25 Million to Accidental Transfer

    In an unfortunate turn of events, a cryptocurrency investor has suffered an unprecedented financial setback after accidentally transferring $25 million worth of Renzo restaked ether tokens to their safe module rather than their intended secure wallet.

    Renzo is a decentralized finance (DeFi) protocol built on EigenLayer. The protocol is specifically designed to streamline Ethereum restaking, enhance yield optimization, and improve liquidity provision. The project’s platform utilizes innovative liquid restaking technology to streamline the staking process, optimizing yields and efficiency for users.

    The crypto user inadvertently transferred their tokens to the protocol’s safe module, designed for storing assets securely, thereby rendering them inaccessible or frozen.

    User Offers $2.5M to Recoup Lost Funds

    In a desperate bid to recover the $25 million worth of misplaced Renzo tokens, the affected crypto user has tweeted an offer of $2.5 million to anyone who can help retrieve the assets.

    In the comments section of the post, numerous X users empathized with the victim’s predicament and suggested seeking assistance from the Renzo team, emphasizing that it may be the sole viable solution for recovering the lost funds.

    Specifically, DefiLlama’s anonymous founder, 0xngmi, recommended that the Renzo team potentially implement a contract upgrade, adding a specialized function that could rescue and restore access to the stranded assets.

    Not the First

    Crypto users are increasingly suffering significant financial losses due to erroneous transfers resulting from either human error or exploitation by malicious entities.

    In May, an unsuspecting trader lost about $68 million in Wrapped Bitcoin (WBTC) due to an address-poisoning scam. The attacker manipulated the transaction’s destination address, redirecting the funds to their own wallet.

    In another incident that same month, a crypto user fell prey to a sophisticated phishing scam and lost 1,155 Wrapped Bitcoin (WBTC), valued at approximately $71 million.

  • 2024 Set to Record New 4-Year-Low of $464M in DeFi Exploits: IntoTheBlock

    2024 Set to Record New 4-Year-Low of $464M in DeFi Exploits: IntoTheBlock

    This year is on track to become remarkable for decentralized finance (DeFi) security. According to IntoTheBlock, the year’s exploits are currently worth $464.11 million and may hit a four-year low. This significant drop is a welcome relief, especially after the over $1 billion stolen in DeFi hacks in 2023.

    2024 Top Exploits

    Orbit Bridge experienced the first and largest hack of the year, losing over $81 million in crypto. Despite using multisig wallets, considered a best practice for security, the attackers exploited compromised private keys to generate unauthorized transactions. Suspicion falls on the notorious Lazarus Group, infamous for high-profile hacks.

    Munchables suffered the second-largest hack of 2024, losing $62.5 million in ETH. The attacker exploited an upgradeable proxy contract, controlling the deployer address. After an upgrade, users deposited sufficient ETH, and the hacker transferred the assets into owned wallets. Investigator ZachXBT tied the hack to the notorious Lazarus Group.

    This month, Radiant Capital lost $58 million to hackers exploiting its multi-sig wallet, marking the third-largest crypto hack this year. The attackers used malware to trick signers into approving malicious transactions, allowing them to upgrade contracts and access user funds on the BNB Chain and the Arbitrum network.

    Notably, the protocol’s latest loss follows a $4.5 million breach earlier this year. The newest incident cumulates its losses to $62.5 million. It now shares the stage with Munchables in a competition for the second-most hacked protocol of the year.

    Further Insights Into 2024 Exploits

    According to IntoTheBlock data, lending protocols, and bridge platforms incurred the largest share, accounting for over 50% of total losses. Lending protocols suffered the most, losing 29.80% of total funds. This is due to their inherent complexities and risk exposures, making them more vulnerable to exploits than other decentralized applications (dApps).

    Nearly half of the exploits targeted vulnerabilities in smart contracts, most perpetrated in Ethereum and its layer-2 networks. Several platforms, including Deltaprime and Banana Gun, were unaudited by blockchain security firms. January, March, and September saw the highest number of incidents, with the first losing the most value.

    DeFi exploits are declining due to improved security, increased awareness, and government regulations; however, continued vigilance is necessary.

    Meanwhile, time will tell if the DeFi sector will unlock this feat as two months remain this year.