read.cash is a platform where you can earn money for your articles and comments. You can get paid upvotes
from other users or us for writing articles and comments, which are paid in
Bitcoin Cash (BCH) cryptocurrency, which can be used on the Internet or converted to your local money.
On an article I've posted two days ago (link) I discussed what I see as dangers in DeFi and why I see this as a high-risk investment.
Basically, I've explained what I see as red flags and the reasons why we should be afraid to get involved in this craziness. @Read.Cash replied to my post and was on spot pointing out that more hacks will certainly happen and these smart contracts will be exploited.
The first DeFi exploit in a while happened today on Balancer. It was a relatively small amount of a mere $500,000 that didn't create a domino effect but it still gives a clear indication of why this market is juvenile and should be considered high risk.
This is the address of the "hacker" which didn't actually hack anything but just exploited a weakness in the smart contract and bellow are some comments made by possible victims of his actions:
What the attacker did was take advantage of a flash loan and drained a "liquidity pool" with a complex transaction that required more than 300 token transfers but only ~$50 in fees.
Most of us have heard of deflationary coins. These coins have a few lines of Solidity language code and their basic function is to deflate by a certain percentage every time they are moved on the blockchain. Coins as Bomb, Burn, etc once they are moved a certain amount of them (i.e. 1%) is burned (sent to 0x000.. Ethereum address) and the total amount of tokens is reduced.
What the attacker did was abuse a loophole in the Balancer's smart contract that wasn't counting the deflationary effect of a token called Statera (STA). The Balancer smart contract was acting as if no coins were burned on each transaction.
Easy to exploit when spotted and there are guys online that have these things as their job. I'm not sure if this can be counted as a hack either as there was no breach in any system. It was more like a bug-abuse. The "attack" was complex and all steps and transactions made are described in this link.
Balancer announced the incident in this medium post and it seems that they decided to remove deflationary tokens to avoid similar exploits on their platform.
While $500,000 may not be considered too much to destabilize the DeFi market, it proves that the current state of DeFi is weak and easy to exploit. There are people with enough experience and technical knowledge to perform similar actions in all DeFi platforms. I'm not happy about being proven correct but I think that the amount extracted with this exploit will be nothing compared to what is coming.