Happy Ending of Ethereum DeFi Hack Still Leaves Much to Be Desired
It has been a tumultuous ride for users of Ethereum’s decentralized finance (DeFi) over the past few days.
The evening of April 18th saw DeFi protocol Lendf.me go into a tailspin, with the protocol’s primary address bleeding funds at a rapid clip. In fact, within a few hours, $25 million worth of value, held mostly in Ethereum and Tether’s USDT, was wiped from the protocol, revealed to be stolen by an attacker utilizing an exploit.
But in a dramatic turn of events, the funds have been returned. Over the past 24 hours, the hacker has slowly siphoned coins back to the users, with $25 million worth of Ethereum and ERC tokens now sitting snug in dForce’s admin address.
This is insane. The lendf/dForce hacker is in the process of returning all the hacked funds to the admin:
$10M of ETH
$6.6M of USDT
$2.2M of HBTC
$750K of USDC
$381K of HUSD
$137K of DAI
$132K of MKR
$126K of PAX
— Haseeb Qureshi (@hosseeb) April 21, 2020
While those affected by the hack are making it off lucky this time around, it would be a stretch to say that Ethereum DeFi is back to normal or that this industry sector is ready to go mainstream.
DeFi Isn’t Ethereum’s Killer Use Case Yet
Camila Russo — a Bloomberg journalist turned Ethereum content creator — pointed out that prior to the Lendf debacle, there were exploits in March, in February, and then June of last year. Each attack differed in size, but took place across a swath of protocols and involving a series of different cryptocurrencies, showing that these issues are “not just one project’s problem.” She elaborated:
“It’s not just one project’s problem. DeFi needs better security standards or we’ll continue seeing the downside of that composability double-edged sword.”
This shows how despite DeFi being classified by one of Ethereum’s killer use cases, it’s not there yet, with there being clear kinks in these decentralized systems that need to get ironed out if mainstream adoption is to be seen.
The Need for Insurance
It seems that Ethereum DeFi has escaped the grasps of defeat once again, but this hack is likely to spark more questions than ever about decentralized insurance products.
A big theme of the hack of dForce’s Lendf.me protocol was that the users affected lost a large portion of their savings — after all, $25 million in holdings were thought to be lost forever.
As you can include messages in Ethereum transactions by converting text into hexadecimal code, one wrote to the hacker: “That money, the $10,700, was basically all of my cash savings. I don’t know what you’re [sic] situation is but I’m personally hurting. Please do what you think is right.”
Others followed suit, echoing the feelings of loss, with another penning a story about how they are apparently going to lose their belongings as the Ethereum that was stolen was purchased through a loan.
An insurance product, whereas users pay a fixed fee or third parties audit the code of protocols, could have been a great benefit amid this debacle.
Think about it, if bank accounts aren’t insured, why should decentralized “bank” accounts be left uninsured?
Photo by Rahul Chakraborty on Unsplash