FreeCryptoCurrency.Me

Quick Take

• Tether’s *Q4 blacklistings on Ethereum grow about 130% on a quarter-over-quarter basis.
• Tether’s increased blacklisting activity is likely correlated with a more active involvement in recent community efforts to recover funds from prominent exchange / DeFi hacks.

This research piece is available to
members of The Block Genesis.
You can continue reading
this Genesis research on The Block.

In a cryptocurrency ecosystem where the programmable-money juggernaut has long been Ethereum, Polkadot, a project that has been quietly developing an alternative solution since 2016, is ready to take on the blockchain world.

The move follows the latest sanction from the Trump administration.

Decentralized finance (DeFi) protocol Origin was exploited late Monday night and lost nearly $7 million worth of funds.

The amount includes user funds, as well as $1 million worth of deposits by Origin founders and employees. The attacker exploited Origin Protocol’s Origin Dollar (OUSD) vault and drained most of its stablecoins. OUSD is Origin’s native stablecoin, backed by three other stablecoins: Tether (USDT), Circle and Coinbase’s USDC, and MakerDAO’s DAI.

The exploit resulted in the attacker gaining at least 7,137 ETH (worth about $3.3 million) and 2.25 million DAI (worth about $2.25 million). How did the funds move out of the OUSD vault to the attacker’s wallets?

Matthew Liu, Origin’s co-founder, said a reentrancy bug in Origin’s smart contracts made the attack possible. Such bugs can allow attackers to withdraw more funds from a contract than they are eligible for via re-entrancy.

“The attacker exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake ‘stablecoin’ under their control,” said Liu. “This ‘stablecoin’ was then called ‘transferFrom’ on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.”

“The attacker was able to create a rebase event inside the second mint after funds had moved to OUSD from the first large mint, but before the supply of OUSD increased. This created a massive rebase for everyone in the contract, including the attacker. The attacker then also received their first large OUSD mint, giving them in total more OUSD than the contract had assets.”

The attacker then sold the extra OUSD on Uniswap and SushiSwap for USDT, said Liu. They also used crypto-mixing service Tornado Cash and wrapped bitcoin renBTC “to wash and move funds,” Liu noted.

Crypto researcher who goes by the name “Frank Topbottom” analyzed the attack in detail and said a flash loan was used in the process. The attacker took a flash loan of 70,000 ETH from decentralized exchange dYdX and swapped these ETHs into USDT and DAI on Uniswap. They then rebased Origin’s contract and minted OUSD with USDT.

Specifically, with the MintMultiple() function of Origin, the attacker was able to create “fake” tokens and swap them on Uniswap and SushiSwap for ETH and DAI. According to Topbottom, the attacker was able to pocket about $7.7 million in the form of 11,804 ETH and 2,249,821 DAI.

Origin is currently analyzing the attack in detail and is expected to post more updates soon. Meanwhile, Liu has urged users to not buy OUSD on Uniswap or SushiSwap as the current prices do not reflect the stablecoin’s underlying assets. OUSD is currently worth near $0 and has no liquidity, according to Uniswap.

OUSD was launched by Origin this September to work like a savings account. Origin is backed by venture firm Pantera Capital, which led its $3 million round in 2017.

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Litecoin is now the seventh-largest cryptocurrency by market capitalization after a rise to $75.

Twitter has hired Peiter Zatko, a prominent white-hat hacker going by the handle “Mudge,” to help prevent future security breaches.

If its application is approved, Anchorage would be the first crypto company to get a national bank charter.

Blockchain project Origin Dollar (OUSD) has sustained an oracle manipulation attack. The attacker used flash loans to grab $3.25 million.

On Nov. 18, CoinDesk’s Ben Powers explores the data dividend: Is it an opportunity to restructure the digital economy on more equitable terms, or merely a redesign of the current data ecosystem?

The liquidity mining reward program for decentralized exchange Uniswap has come to an end.

Uniswap had originally said in September — when its UNI token first launched — that its liquidity program would last through November 17 at 12am UTC. A full breakdown of the token’s elements can be found here.

“After 30 days, governance will reach its vesting cliff and Uniswap governance will control all UNI vested to the Uniswap treasury,” the blog post explained at the time. “At this point, governance can vote to allocate UNI towards grants, strategic partnerships, governance initiatives, additional liquidity mining pools, and other programs.”

As explained at the time, four pools were initially seeded: ETH/USDT, ETH/USDC, ETH/DAI, and ETH/WBTC. Some 20 million UNI was allocated to the pools, with each receiving 5 million tokens apiece.

All told, there is roughly $2 billion in digital assets deployed to farming the four pools. A lingering open question is whether some of these funds will migrate out of Uniswap once the liquidity program ends in search of other sources of yield farming. According to DeFi Pulse, the total locked value in Uniswap has fallen by more than 3% in USD terms.

As for what comes next, discussions at the community level have been put forward to extend the duration of the liquidity program. But as of the time of writing, nothing has moved beyond the discussion phase.

© 2020 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.