How to Understand the Latest DeFi "Hack" in 3 Steps Correction: In the original article, I talked about how the hacker profited by crashing the price of WBTC - in reality, the hacker actually crashed the price of WETH and a few details in this article have been corrected accordingly. I was able to come to a better understanding of the event via this very detailed analysis on Medium with breakdown of the hacker’s balance, if you’re interested in doing the math yourself. Recently, a “hacker” started from nothing and made $360,000 in one single transaction by taking advantage of (there are some controversies regarding whether the event qualifies as a "hack" since technically the “hacker” did not do anything illegal). Given the number of DeFi components involved in this “hack", a detailed explanation is required for DeFi beginners to understand it. In this article, I will walk you through the “hack” step-by-step, taking a pause along each of the 3 steps to explain the factors at work, so that you could gain a high-level understanding of what happened, beyond the jargons. Let’s call the “hacker” Joe. flash loan First Step: Flash Loan to Gain Capital First, Joe took out a of 10,000 (about $3million) from the open trading platform dYdX. This served as his initial capital. Usually, to borrow money in DeFi, you need to undertake a , which basically means that in order to borrow $80 worth of BTC, you need to deposit something like $100 worth of ETH as a collateral. If you fail to pay back the $80 of BTC you borrowed, you lose your collateral. In comparison, flash loan, a relatively new way to borrow money in DeFi, requires no collaterals. A flash loan smart contract lets you borrow a large sum of capital with (hence the name "flash loan”). If you fail to pay back the borrowed amount, the transaction will simply revert. Via flash loan, Joe started with near $0 (besides a few dollars for transaction fees) and gained access to $3million capital right away. Wrapped-ether. It’s backed 1-to-1 with real ether except that it is ERC20, meaning that you can trade it directly with other ERC20 tokens, including , which becomes important later. If this confuses you, just think of it as regular Ethers and keep reading. flash loan WETHs Flash loan: CDP (collateralized debt position) no questions asked, as long as you pay back the borrowed amount during the same transaction WETH: WBTC Second Step: Use the Capital for a Short Position & Manipulate the Market to Profit from the Short Position Second, Joe sent about half of the 10,000 WETHs to and half to . Fulcrum Compound On (a trading platform built from bZx), Joe opened a of 112 WBTC, meaning that he would Fulcrum short position profit if WBTC price lowered. To , he went to (a decentralized lending platform), borrowed 112 , using his WETHs as collateral (via a collateralized debt position, which I explained earlier). With these 112 WBTCs, he went and crashed the price of WBTC on (and thereby ), allowing him to A technique in financial markets in which you when an asset’s price . When you short 112 WBTC, you borrow 112 WBTC from others and sell them now for let’s say $10,000 per WBTC (pocketing $1,120,000). But you need to pay back this loan of 112 WBTC later and when you do, if the price of WBTC has dropped to $9,000 during that time gap, it only costs you 112 * $9,000 = $1,008,000 to pay back your loan. You still have $1,120,000 - $1,008,000 = $112,000 left in your pocket, which is your profit from the short position. You could multiply your profit via leverage, which Fulcrum allows; however, for simplicity’s sake I won’t go into too much details here. The bottom line is that Joe makes money when WBTC price goes down, loses money when WBTC price goes up - but in this case, Joe would use his capital to crash the price on Fulcrum so that he would profit from the short position. A decentralized exchange. Fulcrum only uses the Uniswap price feed to determine its WBTC price, meaning that to profit from shorting on Fulcrum, one only crash the price of WBTC , Uniswap. Crashing the price on Uniswap = crashing the price on Fulcrum. An ERC20 token backed 1-to-1 with real Bitcoins. Similar to WETH, you can think of WBTC as BTC with much smaller market cap, which makes it easier for price manipulation (perhaps the reason why Joe chose to short it instead of real BTCs on Uniswap). A decentralized lending platform where you can take out loans of different cryptoassets with CDPs (collateralized debt positions). A trading platform built on bZx that allows for margin trading (long/short positions). make sure that WBTC price indeed lowered Compound WBTC Uniswap Fulcrum profit massively from the short position he just opened on Fulcrum. Short position: make money goes down definitely Uniswap: on one exchange WBTC: Compound: Fulcrum: Third Step: Take Profit and Pay Back Loan Third, with the profit from the short position in step 2, Joe paid back the flash loan and walked away with the rest of the profit, which amounted to a staggering $360,000. So to recap, Joe first took out $3million from flash loan on dYdX as his initial capital. Next, with half of the capital, he opened a short position of WBTC on Fulcrum; with the other half, he crashed the price of WBTC to make sure he profited massively from the short position. Finally, with the new profit, he paid off the flash loan and walked away with the handsome profit. While nuanced debates around the morality of such practices are needed, one could at least appreciate the - with the emergence of flash loan, with a huge sum of capital and participate in the financial market in a nontrivial way. If you understand everything in this article, you’ve understood the gist of what happened. Some exact details and numbers may require further investigation; therefore, if you’re interested in EXACTLY what happened, you can read the entire transaction on Etherscan and the source I referenced while writing this article . accessibility of DeFi literally anyone anywhere in the world can be empowered Disclaimer: here here
