DEFISECURITY

COVER White Hat Hacker | CREAM Co-Founder Leo Cheng: Yearn Ecosystem is a Test, We Will Have Comprehensive Protection

share
COVER White Hat Hacker | CREAM Co-Founder Leo Cheng: Yearn Ecosystem is a Test, We Will Have Comprehensive Protection

Cover Protocol COVER was attacked last night, with hackers exploiting a smart contract vulnerability to mint a large number of new COVER tokens for sale, resulting in a significant drop in token price. The vulnerability has since been patched and an incident report has been released. In addition to planning to release a new V2 protocol in the first quarter of 2021, Cover Protocol also expressed gratitude to MachiX CEO and CREAM co-founder Leo Cheng for playing a crucial role in the incident. Leo Cheng was also interviewed to provide his perspective on the event.

Recover 34%! Many hackers profited besides the instigator

According to the official announcement, around 2 p.m. Taiwan time on December 28, 2020, the first attacker began to utilize the Blacksmith contract in the Cover Protocol to mint COVER tokens and profit from it. During this period, other hackers also took advantage of this vulnerability. For details, see: Peckshield explains "business logic error"

According to analysts at The Block, the hacker with the address starting with 0x5d8d9f, may have minted 11,700 COVER tokens, then exchanged them for 83.46 WBTC, 866,300 DAI, and 15,000 ETH on 1inch. The total value is $4.4 million, which has been transferred to a new address. Another hacker with the address starting with 0x8fba30 minted 55,000 COVER tokens, then exchanged them for 464,000 DAI, 18,000 ETH on 1inch, Matcha, and Sushiswap, and dispersed the profits to three wallets. These are just two examples he listed.

Meanwhile, a white-hat hacker labeled as Grap Finance began operations around 8 p.m. Taiwan time, minting a large amount of COVER tokens through the same method and selling them off, draining the funds from COVER in decentralized liquidity pools as much as possible, eventually successfully returning 4,350 ETH.

However, this only accounts for 34% of the $9.4 million losses.

Leo Cheng mentioned on Twitter that this is a classic case of a white-hat hacker and DeFi marketing in sync.

Leo Cheng: A Challenge for the Yearn Ecosystem

Contacting Leo Cheng for comments on this incident, he stated:

"This is ultimately a test for participants integrated into the Yearn ecosystem. Because we are closely linked, we can quickly assemble, establish a war room through a common channel, and cooperate as quickly as possible."

He further mentioned:

"We have learned from this incident. Therefore, we are establishing a 24/7 security contingency protocol that can protect the security of all products. Leo Cheng stated that they are already in development."

Contacting Leo Cheng for comments on this incident

Symbiotic Relationship within the Yearn Ecosystem

In the fourth quarter of 2020, Yearn collaborated with many DeFi platforms, including Cream Finance, Cover Protocol, SushiSwap, and Pickle. Yearn founder Andre Cronje wrote an article on November 30 explaining a series of recent actions.

Regarding the Cover Protocol, Andre Cronje mentioned that the Cover protocol can be divided into four cores: "Core Insurance Products," "Prediction Markets," "Sustainable Insurance," and "Insurance as a Service." The Yearn development team will provide security and auditing assistance for the above four points, but will focus particularly on collaborating on "Sustainable Insurance" and "Insurance as a Service," as "Insurance as a Service" allows the YFI token to become Yearn's own insurance ecosystem, and "Sustainable Insurance" allows Vaults to extract insurance premiums from earnings to hedge risks, although this will lead to lower returns, it can effectively hedge contract risks.

This incident will undoubtedly pose a challenge to the Yearn ecosystem. However, this series of integrations is not like traditional markets where two independent companies are integrated into a single entity. Decentralized finance allows various projects to merge teams and collaborate on protocols while remaining independent entities with a common goal and a vision of mutual symbiosis. The collaboration and response within the Yearn ecosystem this time also serve as a paradigm of decentralized cooperation.