Read on Twitter
1/x Not a dull day in #DeFi land. After the glorious exploits on $EMN, $FARM, $AKRO now $VALUE gets the heat of a flash loans attack, ironically only a few hours after they announced they have the safest pools and an anti flash loan mechanism. The attacker even schooled them 
2/x Although this looks bad, and certainly feels bad for anyone that lost money, i think it is actually good, and i will tell you why. So what do we know :
a) The exploiter seems to be the same or same team as in the other exploits, as it has same modus operandi,
a) The exploiter seems to be the same or same team as in the other exploits, as it has same modus operandi,
2a/x stopping his attack without rugging the entire liquidity and reimbursing a part of the exploit proceeds to the contract deployer
b) He is clearly involved in ETH and DeFi, understand all concepts and mechanics, he probably lurks in all projects Discords and even engages in
b) He is clearly involved in ETH and DeFi, understand all concepts and mechanics, he probably lurks in all projects Discords and even engages in
3/x c) He not only knows Solidity, but he's like an auditor or bug hunter since he snipers for faulty code and attack points
d) he targets fairly "reputable" projects with high activity and TVL
e) he doesn't want to destroy the projects (The FARM exploiter could have easily 10x
d) he targets fairly "reputable" projects with high activity and TVL
e) he doesn't want to destroy the projects (The FARM exploiter could have easily 10x
4/x the amount drained, but he stopped at 24M
f) he returns a part of the proceeds to the attacked project, probably as a sign of good faith
f) he returns a part of the proceeds to the attacked project, probably as a sign of good faith
5/x So how can this be good?
Well, it is good because it happens at an early stage when the TVLs are relatively small and let's face it, most people loosing money in these things are more or less gamblers. so, we're actually scamming each other without attracting much heat from
Well, it is good because it happens at an early stage when the TVLs are relatively small and let's face it, most people loosing money in these things are more or less gamblers. so, we're actually scamming each other without attracting much heat from
6/x the outside world, like the authorities and regulators who are waiting for a big mistake to be made and take our toys and end the game.
We want mass adoption right? we want the financial system replace right?
Well, imagine a shit show like this happening when an app
We want mass adoption right? we want the financial system replace right?
Well, imagine a shit show like this happening when an app
7/x has trillions in TVL but the same faulty code and attack surfaces?
Somebody could wipe out billions and end crypto for good or send it to the stone age, as authorities will clearly ban it after such a debacle
Somebody could wipe out billions and end crypto for good or send it to the stone age, as authorities will clearly ban it after such a debacle
8/x So i think this exploiter is basically a bounty hunter. He finds faulty code and he takes his payment for his findings, leaving the team to handle the mess, to improve their code and security and to prove worthy to their communities.
9/x In order to move forward we need fuckups like this to make us better, wiser, more vigilent, more agile.
Maybe a few projects will die alltogether after an exploit, if that happens it is their own fault for not being able to improve. Few must sacrifice for many to live
Maybe a few projects will die alltogether after an exploit, if that happens it is their own fault for not being able to improve. Few must sacrifice for many to live
10/x Another thing that projects need to take into consideration is sizeable rewards for bug hunters, as these were completely ignored or handled like shit. We know a lot of cases of white hackers finding critical bugs and not being paid not even what was advertised for such bugs
11/x So to all teams out there, make honest and big bug bounty campaigns early in your development, don't be greedy and don't be fooken avaricious, there are people wanting to help your ass and they deserve to be well paid. Audits mean shit at this point and they cost a lot
12/x so pay honest people who help you, reward them big for critical bugs, don't hide dirt under the carpet, admit the bugs and praise the bug hunters, as it will make your project stronger, your community tighter and overall make you look good and trustworthy
13/x I'm once again addressing the elephant in the room which is flash loans. Sorry @AaveAave @dydxprotocol , you guys are great, you're visionaries and will lead this place forward, but you created a weapon of mass DeFi destruction available for anyone to use
14/x Yes, it is useful in the aspects you guys created for, but it is also very distructive if used by the bad actors, and there will be many in the future as TVL will grow this place will be a honeypot for attackers and real exploiters.
15/x I think you should whitelist the projects and people allowed to use flashloans, this way you can be sure it will only be used for arbitrage and other intended purposes, and whoever use it for doing harm will support consequences.
Thanks for reading this far! Fin
Thanks for reading this far! Fin
