FreeCryptoCurrency.Me

Decentralized finance (DeFi) protocol Origin was exploited late Monday night and lost nearly $7 million worth of funds.

The amount includes user funds, as well as $1 million worth of deposits by Origin founders and employees. The attacker exploited Origin Protocol’s Origin Dollar (OUSD) vault and drained most of its stablecoins. OUSD is Origin’s native stablecoin, backed by three other stablecoins: Tether (USDT), Circle and Coinbase’s USDC, and MakerDAO’s DAI.

The exploit resulted in the attacker gaining at least 7,137 ETH (worth about $3.3 million) and 2.25 million DAI (worth about $2.25 million). How did the funds move out of the OUSD vault to the attacker’s wallets?

Matthew Liu, Origin’s co-founder, said a reentrancy bug in Origin’s smart contracts made the attack possible. Such bugs can allow attackers to withdraw more funds from a contract than they are eligible for via re-entrancy.

“The attacker exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake ‘stablecoin’ under their control,” said Liu. “This ‘stablecoin’ was then called ‘transferFrom’ on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.”

“The attacker was able to create a rebase event inside the second mint after funds had moved to OUSD from the first large mint, but before the supply of OUSD increased. This created a massive rebase for everyone in the contract, including the attacker. The attacker then also received their first large OUSD mint, giving them in total more OUSD than the contract had assets.”

The attacker then sold the extra OUSD on Uniswap and SushiSwap for USDT, said Liu. They also used crypto-mixing service Tornado Cash and wrapped bitcoin renBTC “to wash and move funds,” Liu noted.

Crypto researcher who goes by the name “Frank Topbottom” analyzed the attack in detail and said a flash loan was used in the process. The attacker took a flash loan of 70,000 ETH from decentralized exchange dYdX and swapped these ETHs into USDT and DAI on Uniswap. They then rebased Origin’s contract and minted OUSD with USDT.

Specifically, with the MintMultiple() function of Origin, the attacker was able to create “fake” tokens and swap them on Uniswap and SushiSwap for ETH and DAI. According to Topbottom, the attacker was able to pocket about $7.7 million in the form of 11,804 ETH and 2,249,821 DAI.

Origin is currently analyzing the attack in detail and is expected to post more updates soon. Meanwhile, Liu has urged users to not buy OUSD on Uniswap or SushiSwap as the current prices do not reflect the stablecoin’s underlying assets. OUSD is currently worth near $0 and has no liquidity, according to Uniswap.

OUSD was launched by Origin this September to work like a savings account. Origin is backed by venture firm Pantera Capital, which led its $3 million round in 2017.

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Litecoin is now the seventh-largest cryptocurrency by market capitalization after a rise to $75.

Twitter has hired Peiter Zatko, a prominent white-hat hacker going by the handle “Mudge,” to help prevent future security breaches.

If its application is approved, Anchorage would be the first crypto company to get a national bank charter.

Blockchain project Origin Dollar (OUSD) has sustained an oracle manipulation attack. The attacker used flash loans to grab $3.25 million.

On Nov. 18, CoinDesk’s Ben Powers explores the data dividend: Is it an opportunity to restructure the digital economy on more equitable terms, or merely a redesign of the current data ecosystem?

The liquidity mining reward program for decentralized exchange Uniswap has come to an end.

Uniswap had originally said in September — when its UNI token first launched — that its liquidity program would last through November 17 at 12am UTC. A full breakdown of the token’s elements can be found here.

“After 30 days, governance will reach its vesting cliff and Uniswap governance will control all UNI vested to the Uniswap treasury,” the blog post explained at the time. “At this point, governance can vote to allocate UNI towards grants, strategic partnerships, governance initiatives, additional liquidity mining pools, and other programs.”

As explained at the time, four pools were initially seeded: ETH/USDT, ETH/USDC, ETH/DAI, and ETH/WBTC. Some 20 million UNI was allocated to the pools, with each receiving 5 million tokens apiece.

All told, there is roughly $2 billion in digital assets deployed to farming the four pools. A lingering open question is whether some of these funds will migrate out of Uniswap once the liquidity program ends in search of other sources of yield farming. According to DeFi Pulse, the total locked value in Uniswap has fallen by more than 3% in USD terms.

As for what comes next, discussions at the community level have been put forward to extend the duration of the liquidity program. But as of the time of writing, nothing has moved beyond the discussion phase.

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

The U.S. Securities and Exchange Commission (SEC) has brought 56 court cases related to cryptocurrencies and ICOs since 2017, according to a new statement.

A list of “Select SEC Accomplishments” covering May 2017 to the present time includes a short section on crypto-related issues, highlighting the founding of the SEC Cyber Unit, which is focused on digital issues.

“[The SEC b]rought 56 cases involving ICOs, blockchain or distributed ledger technology, and/or digital assets since the July 2017 issuance of an investigative report regarding the offers and sales of digital assets,” the agency said. “Among others, cases involved efforts to defraud investors through the use of digital asset securities as well as violations of the registration provisions of the federal securities laws in the offer and sale of digital asset securities.”

That July 2017 release was the so-called DAO report, which examined the token issuance of the now-defunct, Ethereum-based funding vehicle TheDAO and set the tenor for the SEC’s future actions on the ICO front.

The list also highlighted “18 suspected frauds involving blockchain or distributed ledger technology and/or digital assets.”

As previously reported, federal regulators from the SEC as well as the Commodity Futures Trading Commission have doled out nearly $200 million in fines for crypto-related cases since 2014.

For the SEC, the busiest year for this activity was in 2019, according to data collected by The Block.

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

A new governance vote would continue liquidity mining rewards for certain asset pairs as the original allocation ends.

The patent was awarded to IBM last week and proposes using a blockchain consensus model to carry out and verify purchases made within multiplayer games.