COVER White Hat Hacker | CREAM Co-Founder Leo Cheng: Yearn Ecosystem is a Test, We Will Have Comprehensive Protection
Cover Protocol COVER was attacked last night, with hackers exploiting a smart contract vulnerability to mint a large number of new COVER tokens for sale, resulting in a significant drop in token price. The vulnerability has since been patched and an incident report has been released. In addition to planning to release a new V2 protocol in the first quarter of 2021, Cover Protocol also expressed gratitude to MachiX CEO and CREAM co-founder Leo Cheng for playing a crucial role in the incident. Leo Cheng was also interviewed to provide his perspective on the event.
Table of Contents
Recover 34%! Many hackers profited besides the instigator
According to the official announcement, around 2 p.m. Taiwan time on December 28, 2020, the first attacker began to utilize the Blacksmith contract in the Cover Protocol to mint COVER tokens and profit from it. During this period, other hackers also took advantage of this vulnerability. For details, see: Peckshield explains "business logic error"
According to analysts at The Block, the hacker with the address starting with 0x5d8d9f, may have minted 11,700 COVER tokens, then exchanged them for 83.46 WBTC, 866,300 DAI, and 15,000 ETH on 1inch. The total value is $4.4 million, which has been transferred to a new address. Another hacker with the address starting with 0x8fba30 minted 55,000 COVER tokens, then exchanged them for 464,000 DAI, 18,000 ETH on 1inch, Matcha, and Sushiswap, and dispersed the profits to three wallets. These are just two examples he listed.
4/7 The little discussed today address (0x8fba30), in turn, was able to mint 5.5k tokens.
Everything was successfully swapped via 1Inch, Matcha, and Sushiswap to 464k DAI, 1.8k ETH.
The funds are now split between three wallets. pic.twitter.com/fi2wKl0xDh
— Igor Igamberdiev (@FrankResearcher) December 29, 2020
Meanwhile, a white-hat hacker labeled as Grap Finance began operations around 8 p.m. Taiwan time, minting a large amount of COVER tokens through the same method and selling them off, draining the funds from COVER in decentralized liquidity pools as much as possible, eventually successfully returning 4,350 ETH.
However, this only accounts for 34% of the $9.4 million losses.
Leo Cheng: A Challenge for the Yearn Ecosystem
Contacting Leo Cheng for comments on this incident, he stated:
"This is ultimately a test for participants integrated into the Yearn ecosystem. Because we are closely linked, we can quickly assemble, establish a war room through a common channel, and cooperate as quickly as possible."
He further mentioned:
"We have learned from this incident. Therefore, we are establishing a 24/7 security contingency protocol that can protect the security of all products. Leo Cheng stated that they are already in development."
Symbiotic Relationship within the Yearn Ecosystem
In the fourth quarter of 2020, Yearn collaborated with many DeFi platforms, including Cream Finance, Cover Protocol, SushiSwap, and Pickle. Yearn founder Andre Cronje wrote an article on November 30 explaining a series of recent actions.
Regarding the Cover Protocol, Andre Cronje mentioned that the Cover protocol can be divided into four cores: "Core Insurance Products," "Prediction Markets," "Sustainable Insurance," and "Insurance as a Service." The Yearn development team will provide security and auditing assistance for the above four points, but will focus particularly on collaborating on "Sustainable Insurance" and "Insurance as a Service," as "Insurance as a Service" allows the YFI token to become Yearn's own insurance ecosystem, and "Sustainable Insurance" allows Vaults to extract insurance premiums from earnings to hedge risks, although this will lead to lower returns, it can effectively hedge contract risks.
This incident will undoubtedly pose a challenge to the Yearn ecosystem. However, this series of integrations is not like traditional markets where two independent companies are integrated into a single entity. Decentralized finance allows various projects to merge teams and collaborate on protocols while remaining independent entities with a common goal and a vision of mutual symbiosis. The collaboration and response within the Yearn ecosystem this time also serve as a paradigm of decentralized cooperation.
Related
- $EIGEN to be Available for Trading: What You Need to Know About Content and Market Dynamics
- EigenLayer's EIGEN token will be transferable on September 30th. Daily Coin Research: Being criticized now is better than being unnoticed.
- TON lockup value plunges by 53%, Telegram DeFi protocol assets hemorrhage, TON staking decreases