CFTC Initiates Enforcement Sweep Targeting Opyn and Other DeFi Operations
Coinbase-Backed Insurance Disruptor OpenCover Launches on Layer 2 Blockchain
DeFi and Credit Risk
An attack on one of the platform's liquidity pools earlier this week caused a new stablecoin (aUSD), based on the Acala platform and built on the Polkadot blockchain, to drop from its $1 peg to $0.009 (which, in my opinion, rounds to zero). It's understandable if the words that come after "attack on" strike you as being unusually precise.
Acala wasn't actively attacked, hacked, or stopped. Instead, the Acala-based iBTC/aUSD liquidity pool was directly targeted, hacked, and stopped. The effective exploit allows criminals to generate billions of dollars for themselves. This massive supply dilution caused by the influx of new aUSDs destroyed the stablecoin's price.
Since then, the aUSD has rebounded, but only after the Acala community decided to burn the billions of erroneously issued aUSD. Let's look at how cryptocurrency protocols are only as safe as what is built on top of them rather than focusing on the fact that the aUSD that was incorrectly coined wasn't actually minted incorrectly or the necessity for a centralizing force to intervene to correct this error.
Acala wasn't actively attacked, hacked, or stopped. Instead, the Acala-based iBTC/aUSD liquidity pool was directly targeted, hacked, and stopped. The effective exploit allows criminals to generate billions of dollars for themselves. This massive supply dilution caused by the influx of new aUSDs destroyed the stablecoin's price.
Since then, the aUSD has rebounded, but only after the Acala community decided to burn the billions of erroneously issued aUSD. Let's look at how cryptocurrency protocols are only as safe as what is built on top of them rather than focusing on the fact that the aUSD that was incorrectly coined wasn't actually minted incorrectly or the necessity for a centralizing force to intervene to correct this error.
Move fast and break everything
Rather, aUSD performed as intended. The liquidity pool was controlled by flawed code, and this flawed code let attackers to print billions of dollars.
This is identical to the other two examples given, with each CoinDesk article correctly describing the attacks as a "exploit." The term "exploit"—rather than "hack"—better describes using subpar programming to one's advantage, thus we should apply it here.
Of course, exploits aren't restricted to obscure protocols. For example, Polkadot is the foundation of Acala. Polkadot is not Ethereum, despite the fact that its native currency, DOT, is the 11th most valuable cryptocurrency. However, Ethereum did experience a flaw in 2016 known as The DAO Attack, which resulted in a chaotic chain split (search for Ethereum Classic) and a drop in reputation.
This is useful ammunition for the baby boomer Bitcoin developers who are adamant about making no changes to the cryptocurrency because they are concerned about breaking the system. I'm not here to argue that new Bitcoin or other cryptocurrency protocols should not be developed; rather, I just want to add some context as a warning given how simple it is to draw a comparison between Silicon Valley tech businesses and cryptocurrency.
The motto of Silicon Valley innovation is (was?) "move fast and break everything," but with cryptocurrency, the stakes are only bigger. If a Salesforce developer creates a fault that negatively impacts a customer's experience, fixing that defect really simply costs time (there may be a reputational blow, but a company can get through a few blunders a year without any problems).
Unlike in crypto. If a flaw in a crypto protocol is created by a new, flashy layer, smart contract, or other mechanism and is ultimately exploited, the harm could be extensive and irreparable. Cryptographic protocols should be used to build things, and they should be updated, but with caution.
All things considered, the primary message is: Unless you don't want to break everything, moving quickly is OK.
------------
