The concept of "decentralized finance" is popular in the crypt – this is when you can profitably invest your tokens using smart contracts, without unnecessary human involvement. It sounds cool, convenient and reliable – but, as usual, there is a nuance.
Sometimes IT people from North Korea get involved: last weekend there was just another "incident"... Sometimes I think it's worth investing in decentralized finance protocols to make money from it. But I usually come to the conclusion "these few percent additional returns for me personally do not cover the risk that the smart contracts of these protocols will be hacked." They usually tell me, "so you just use the largest and most reliable DeFi protocols with audited contracts, and that's it!!" Here I can only shrug my shoulders.
So, the other day, North Korean hackers broke another protocol. And I want to give you some context so that you can fully experience the enchanting spirit of defai! If you remember, in 2022, the Ethereum blockchain moved from the concept of Proof of Work (like bitcoin, when everyone has to mine new coins together) to Proof of Stake, when the security of the entire system is provided by dudes who have trapped their ether (ETH), and receive a small reward for it.
But for cryptans, these measly 3% annual returns from staking ether are not even funny, some kind of monkey tears. Therefore, they came up with a clever way to force the ether, which has already been blocked once, to additionally "smoke" on the side, ensuring the safe functioning of other protocols (for money, of course). This nipple system is called EigenLayer.
However, double returns on the same coins will not be enough for cryptans either! That's why they came up with such a thing as "liquid restaking": you bring your ETH to a special Kelp protocol, they stake it for you on Ethereum (the money starts dripping once), restake it using EigenLayer (the money drips twice), and to top it off, they also issue a special rsETH–type token, a receipt "we confirm we have a real steamed ETH here, and we are ready, if necessary, to give it to the holder of this token."
Well, the final cherry on the cake: proudly holding this rsETH receipt in their hands, the cryptans went to Aave - this is one of the largest and most famous protocols for issuing loans in the crypt (secured by another crypt). So, on Aave, it was possible to leave these very rsETH tokens as collateral, and borrow some USDC stablecoins, for example, against their security.
"What are we going to do with these USDC's?" – I anticipate your question. Well, are you completely without imagination, or what? Think like a cryptan: with this money, you can buy new ETH, take them to Kelp for liquid restaking, get new rsETH in return... In short, I hope you get the idea.
Well, now let's get closer to the topic of hacking: the ecosystem of decentralized finance has spawned a bunch of different networks: Polygon, Arbitrum, BSC, etc. And everyone wants to be able to seamlessly transfer their tokens between these different networks. Special "bridges" are used for this purpose: they block cryptan tokens in their native network, and in return they issue a new "mirror" token already on the desired network. Yes, in fact, this is the same principle with "authentication receipts".
So, last Sunday, one such bridge was hacked using LayerZero technology, which was used by the Kelp protocol. North Korean hackers have come up with a clever way to create almost $300 million of fake rsETH tokens out of thin air – that is, those that were not backed by real ETH tokens frozen in the bridge. Then they quickly transferred them to the Aave cryptobank as collateral, and took out $200 million in their pocket in the form of real ETH ether.
And now there is a real howl on Twitter from all the participants in the process. Aave shouts, "our smart contracts worked as they should, it was you who allowed some counterfeit crap to be printed there at Kelp!". Kelp's response is to yell, "we have nothing to do with it, we hacked the bridge using LayerZero technology!!" LayerZero makes a muzzle with a hoe and issues a press release in the style of "our technology is infallible, it's just that the handlers from Kelp couldn't set everything up properly."
But in the end, a hole of two hundred lakhs of dollars remained hanging inside the Aave balance sheet - and they are all scratching the turnip together on the subject of "whose money will have to plug it"? So everyone who came up with the idea of "securely placing their crypt to generate income in the largest DeFi protocol" decided to abruptly take it back into their pocket, just in case - because, well, how will they decide to fatten all depositors a little bit, for a common cause?
As a result, approximately $8 billion was withdrawn from Aave in a day, which is a third of the entire crypt that was there. And the fact that not everyone succeeded.: in a number of pools, tokens just stupidly ran out at the moment. It turns out that the cryptans thought that they were putting money into profitable secured smart contracts with the ability to take them away at any time, but in fact it turned out "it won't work right now, alas, - well, we're also discussing with the guys whether to take part of your crypt to plug a common hole..."
That's the way things are, so I'm not going to invest in deffi yet.