Drift lost $280M to an admin key exploit. A big issue is that most 'DeFi protocols' are not actually decentralized at all. Wanted to give a shoutout to the teams that take decentralization seriously: Liquity - Liquity V2 is one of the only stablecoin protocols with fully immutable code and no admin keys Uniswap - Uniswap AMM smart contracts have been immutable from the very beginning Aave - Aave uses a 5-of-9 multisig wallet that can pause the protocol in case of an emergency, but only AAVE DAO can approve a code change Curve - Curve Finance is controlled by Curve DAO and is one of the very few protocols that use decentralized oracles Sky - All major changes to Sky have to be voted by the DAO and they are enforced only after a mandatory delay that acts as a safety checkpoint I am sure there are also others, but those are a few well-known examples.
Suhail Kakar
@SuhailKakar
defi is fucked lol
drift just got drained for $200M+ and here's how:
- attacker minted 750M fake tokens
- made a raydium pool with $500 liquidity, priced at ~$1/token
- compromised admin key listed the fake token on drift
- disabled all withdrawal guards in one tx
- deposited
From Twitter
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
Relevant content
