Share this page!

Nick Chong Profile picture
Twitter logo
17 Dec, 14 tweets, 5 min read
The latest flash loan attack?

An account funded by one ETH from Tornado Cash executed a contract that flash swapped $180m from Uniswap and flash borrowed $51m from dYdX.

USDC and DAI vaults of Warp, the protocol affected, are empty.

$1m in ETH is in an EOA.

h/t @CryptoCatVC
What I immediately find interesting here is that it appears that much of the attacker's bounty went to fees.

There was 3.85m DAI and 3.92m USDC in the Warp contracts.

The attacker (seemingly) left with $1 million in ethereum (1,462 ETH).
Warp Finance is a protocol that is creating a money market for LP tokens.

Aave does have a Uniswap LP money market but thus far, it has yet to gain traction.

With LP yield farming programs, this may be an increasingly important market gap to fill.
Circling back to my point about fees,

Rough back of the napkin math indicates that yes, much of the funds are uncoverable at this point (distributed to Uniswap and Sushiswap LPs).

$800m in AMM volume for this transaction = $2.4m in fees

Then slippage on top of that?
I guess the attacker would likely have made away with more if the second phase of the UNI distribution was live as there would have been less slippage on the flash swaps.

The attacker pumped dozens of millions through Uniswap pairs that are relatively illiquid now compared to b4
Interesting...

The account was funded from a Tornado Cash mix three days ago.

3 days ago, they deployed an unverified contract, tried to execute something, then went quiet for three days.
Pardon me, it appears that I missed the part where the attacker minted $6m worth of Uniswap DAI-ETH LP shares.

The LP shares are STILL IN THE Warp contract (0x13db1CB418573f4c3A2ea36486F0E421bC0D2427).

So not fully rekt?
Rough estimate of where we're at right now.

The biggest question right now is if the attacker owns the ETH-DAI LP collateral in the Warp contract.
Warp has a USDT vault that was spared from the attack due to the lack of deposits.
This attack comes two days after Warp began a migration from its v1 to v2.

Here's a Mergely between the v1 USDC vault (left) and the v2 USDC vault (right):

editor.mergely.com/BPzu44WH/

One of the only changed parts of code is this part:
@emilianobonassi is there anything here?
I wonder if these are related at all:

Account gets funded three days ago, deploys unverified contract, executes something but fails.

v2 launched two days ago.

Today, account deploys another contract, executes something but succeeds.

Confirmed - the attacker still owns the collateral in the contract.

Interesting why they haven't withdrawn it.

There's a plan in place to recover the funds.

Hoping for the best for those affected 👍

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nick Chong

Nick Chong Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @n2ckchong

Nick Chong Profile picture
27 Nov
Let's check in with our fund friends: 3 Arrows Capital, Polychain, and Jump Trading.

How did they react to the strong dip in BTC and ETH? Did they buy anything? Sell anything?

Let's take a look 👇 Image
3AC (1/5):

3AC made sure their Aave and Compound loans were healthy.

Through their main address, Three Chads deposited over $20m in stables (some from sales of WBTC) into Aave to maintain the health ratios of their account.

3AC's Aave health factor = 2.06 - pretty safe!
3AC (2/5):

3AC deposited over $40m into Compound over the past day, paying back an outstanding stables loan.

3AC proceeded to withdraw a large amount of ETH ($66,000,000), WBTC, AAVE, and LINK to a secondary address.
Read 8 tweets
Nick Chong Profile picture
21 Nov
Recap of where we're at with Pickle:

Two hours ago, a suspicious transaction was seen involving Pickle's new pDAI jar.

$20m worth of DAI was withdrawn to an EOA, which funded the attack with 10 ETH from Tornado (mixer).

No flash loan was involved as first believed.
At this moment, the attack vector seems to be related to a function in the Pickle controller (v4), which can swap coins from one strategy to another.

Rumor has it that there was no check on the Jar Swap function. Pickle was audited but seemingly before this function was added.
Affected users are already contacting the attacker.

The first image here shows someone, a purported "nurse," asking for $100,000 back from the attacker. The use of the nurse bit was popularized last week with the Value attack, where the attacker returned $50k to a "nurse"
Read 6 tweets
Nick Chong Profile picture
21 Nov
It appears we may have just seen our latest DeFi flash loan attack.

$20m in DAI stolen - potentially the biggest flash loan attack since Harvest a month ago, which took $30m in stables.

(h/t to @mattybchats for spotting this tx)
What's weird now is that Pickle's website currently is not working.

Those that are trying to access the Jars and Farms tab are just stuck with a loading screen.

Also, Discord channel seems to have no public channels. Was it like this before?
Some people are arguing that this isn't an exploit or not an attack - might be some unannounced strategy change they say.

The thing is, the person who did this tx got 10 ETH from Tornado + now owns nearly $20m in DAI in an EOA.
Read 10 tweets
Nick Chong Profile picture
21 Nov
Back by popular demand. Again, with everything on DeFi being on-chain, we can see connect firms & addresses.

A breakdown of some of the known Ethereum addresses of a16z, Celsius, Nexo. Also, a look at addresses *likely* operated by firms like Alameda, Struck Capital, & more.

👇
a16z's (1/2) interesting because it became the first "mainstream" VC to go big on DeFi tokens.

They have $26m in MKR, $2m in SNX, and $1.5m in REP.

Of note, they're up $11m in their MKR.
a16z (2/2)

What I really remember about this address is others in the space eyeing it last year:

Someone deposited $250k of SNX into the address.

We still don't know if it was a16z.

Not much else to say though - I guess Pool 2 yield farming isn't in their mandate.
Read 16 tweets
Nick Chong Profile picture
19 Nov
Wanted to bump this thread due to the Saffron Finance craze.

What I said about BarnBridge applies to Saffron - they're fundamentally similar projects with similar goals.

Saffron just launched first.

Here's a brief explanation of why $SFI is rallying so hard (up 400% today).
Tranches in finance are when a financial product/vehicle is split up into separate baskets to divvy up risk and yields to appeal to different investors.

There are junior tranches, which carry the most risk. If there is a default/crash, junior tranche holders take most losses.
To acquire Saffron Finance's governance token, SFI, users must deposit ETH-SFI Uniswap LP tokens or deposit into the two supported tranches, the "S" (senior) tranche and the "A" (junior) tranche.

- S tranche gets 71.25% of emissions
- A tranche gets 3.75%
- Uniswap LPs get 25%
Read 9 tweets
Nick Chong Profile picture
19 Nov
Hands down one of the coolest DeFi products I've seen in recent months is Alpha Homora by @AlphaFinanceLab.

The product has seen a lot of attention over recent days as investors seek higher yields on Ethereum yield farming and liquidity mining.

Let's take a closer look.

👇
To put it simply, Alpha Homora allows users to obtain leverage on Ethereum yield farming.

It also automates the yield farming process, even if the user does not want to take leverage.

This is similar to what the @zapper_fi team did in its early days with Zaps.
When you want to LP one ETH into ETH/WBTC on Uniswap, you swap 0.5 ETH into WBTC, then supply both to the pool. Cool.

But let's say you want to collect more in trading fees or in UNI (if rewards are voted back in), you can take leverage of up to 2.5x (used to be like 3x).
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @n2ckchong has new unrolls!

Check out other threads from @n2ckchong!

Read all threads by @n2ckchong