What happens when you attack DeFi? (Market Monday - Lite)

Market Monday for February 17, 2020

Level up your open finance game 3x per week. You’re on the free version of the program so you’re missing the best level ups. Become a paying subscriber & get the full program below.

Dear Crypto Natives,

This weekend a DeFi pirate snapped together some DeFi money legos to exploit a low liquidity Uniswap market and take $350k in profits in a single transaction.

Here’s what he did:

  • Borrowed $2.7m of ETH for 15 seconds from DyDx

Then used that ETH to simultaneously:

  1. Short wBTC using 5x margin on Fulcrum

  2. Profit on the short by manipulating the wBTC price

(Above: how a DeFi pirate made $350k by Kerman Kohli)

He lowered price by market selling wBTC on Uniswap—easy to do given wBTC’s low liquidity. All this was done in one transaction using these money legos:

  • ETH as a reserve asset

  • Compound as a collateral loan

  • wBTC as a low-liquidity asset

  • Uniswap and Kyber for liquidity and price manipulation

  • bZx on Fulcrum for shorting

  • A flash loan from DyDx to execute all this a few thousand dollars 🤯

In the aftermath there’s been upset on the degree of decentralization of DeFi—it was a surprise to some (not Bankless subscribers) that Fulcrum could take actions to pause its protocol and even use its admin access to liquidate the attacker and make Fulcrum users whole. Probably worth an article.

But let’s zoom out. Because you know what I saw this weekend?

DeFi leveling up.

We have to appreciate something first. The fact that it’s possible to do a transaction like this means DeFi has already won—it’s just a matter of time. I don’t say this lightly. People have no idea the power we’ve unlocked in permissionless money protocols. This power compounds every day and with every new money lego we make.

Second, did you feel the level-ups? We saw…

  • The strength of our immune system. Social media sprang into action & studied all facets of the transaction in 24 hrs—we learn 100x faster because it’s all open

  • That liquidity is security. Attacks are easy on low-liquidity assets like wBTC—having high economic bandwidth assets is vital to reduce risk

  • That a new money lego—like a flash loan—can impact the security assumptions of all other protocols—DeFi is an interconnected organism

We also learned more about the pros and cons of granting developer access to the pause, restart, and withdraw buttons of a protocol. Standard disclosures about access are the thing to focus on as we simultaneously work to design protocols w/o buttons.

Lop off the head of a hydra—what happens? It absorbs the attack and gets stronger. Every attack of this kind:

  • Makes the DeFi immune system stronger (+20 social)

  • Makes DeFi protocols better (+20 oracles, +30 protocols)

  • Strengthens the system (+70 DeFi)

To the critics: last weekend wasn’t DeFi failing. It was DeFi leveling up. This is exactly what we expect it to look like.

What happens when you attack DeFi?

DeFi wins.


A Grayscale report said ETH is a store of value—that’s the largest institutional crypto investment firm & a former Ethereum critic now saying ETH is moneyjoin the club!


Scan this section and dig into anything interesting

Market numbers

  • ETH rockets to $260 from $222 last Monday

  • BTC down to $9,628 from $9,850 last Monday

  • DAI stability fee steady at 8% with savings rate steady at 7.75%

Market opportunities

New stuff

What’s hot

Money reads


Check out a few opportunities I’m capturing right now with my crypto money


Make time to complete this assignment before next week

Extra Credit Learning


Read my takes but draw your own conclusions


Tweet me your question—I reply to one per week

Question from Twitter:
Any tips on where to start exploring ethereum defi?

Some recent tweets…


Subscribe to Bankless. $12 per mo. Includes archive accessInner Circle & Deal Sheet.

Pay with cryptousing ETH, BTC, or USDC. Annual subscription only.

Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. I’ll always disclose when this is the case.