This is great: "stable" coin project relies on community governance, so a hacker borrows $1b, uses it to get a 67% voting stake, votes that the project should wire them $182m, then pays back the huge loan and exits -- all in the space of 13 seconds. The "stable" coin immediately crashes.
Even better: The project had been warned about the possibility of flash loan attacks, but the founders had dismissed the concerns.
@firstname.lastname@example.org "takes out a billion-dollar loan and pays in back in 13 seconds" is an absolutely absurd thing for anyone to have done ever
@email@example.com the fact that "stable" is a top feature (whether true or not) for these is already such a red flag for the entire landscape
It's like putting "They always arrived at work on time" on an employee's evaluation (just that it most likely wouldn't even be true, as seen here)
It is as if you were insisting to *exclusively* use the word "drivers" for people taking part in *any* bank heist that involved cars.
That's just silly.
The fact that computers were involved, or that unintended consequences were exploited, does not make it okay to slander a whole community of creative people.
By insisting to use the word "hacker" in such cases you effectively insist on painting that community with that particular brush.
Which is most unexcellent.
@mathew @rysiek @RyunoKi I have to say i agree with @mathew here, it's a clever use of a system to make it do something its creators didn't intend, all without breaking anything. In this case, i think hacker is warranted, even if it's linked to something negative like theft. For hacker to have meaning, we can't either whitewash it.
@mathew >in the span of 13 seconds
a block executes atomically, it doesn't "take time" to execute a transaction so really it all happened instantly
the journalists are kinda crappy here since it's hard to articulate how transactions are included, but it's pointless to say "how long" it took to happen since any flash loan arbitrage like this always happens in the span of a single tx
"Flash Loans allow you to borrow any available amount of assets without putting up any collateral, as long as the liquidity is returned to the protocol within one block transaction."Wow, that's a pretty cool hack actually. And in hindsight predictably leads to exactly this.
@mathew The best part is that's not even a complicated attack. Only basic financial and cryptocurrency knowledge required
@mathew There is going to be UNENDING shenanigans with consensus voting and so-called smart contracts.
Its like a whole generation of people have to learn the hard way why financial regulations exist and are so complicated.
These motherfuckers should learn to play D&D. Then they will figure out what rules lawyering, unintended consequences, min-maxing, and system loopholes are.
@gudenau @mathew AFAIK, this is a vulnerability particular to proof-of-stake currencies. They're meant to replace computation intensive proof-of-work schemes by giving verification powers to the largest stakeholders. That's how this transaction happened: The trader in question borrowed enough to become the largest single stakeholder in the system, which gave them unilateral powers to verify their own transaction. It's a known vulnerability that PoS schemes struggle to defend against.
@mathew ngl I’m surprised they were able to turn a profit out of it, guess they found a trade where this one obscure currency was able to be sold out within a few seconds – what a mess lol
also I concur with @rysiek – nothing was hacked, all that was done is quickly buying votes and using them to transfer cash
@mathew Also, let’s be specific – this is a DAO governance issue where no mitigations were put in place, not inherently crypto or stablecoin. But it does show the role trust tends to have to mitigate all the weird, nitpicky situations and rules that are disregarded in daily life.
The raider borrowed $1Bn, paid it back 13 seconds later, and paid about $100M for the privilege. So that's 10% interest over 13 seconds, which works out to an annualized percentage rate of 24,275,077%.
This is awesome 👍
Sounds like a similar clever hack as the original DAO. A bunch of script kiddies with no adversarial thinking skills set up some (dumb) system and someone who actually is smart, takes advantage of them.
I expect we'll see many more cases like this as the whole Ethereum/web3 world is full of these clueless people.
The original server operated by the Mastodon gGmbH non-profit