[HN Gopher] Attacking the DeFi ecosystem with flash loans for fu...
___________________________________________________________________
Attacking the DeFi ecosystem with flash loans for fun and profit
Author : lawrenceyan
Score : 43 points
Date : 2021-01-16 21:22 UTC (1 hours ago)
(HTM) web link (arxiv.org)
(TXT) w3m dump (arxiv.org)
| paulpauper wrote:
| the problem with defi hacks, from the perspective of the hacker,
| is you get a bunch of eth, which is a lot harder to hide and
| launder than BTC. As the saying goes, in crypto, your wallet is
| the bug bounty.
| code-is-code wrote:
| Do you really have to launder them? I mean, you do as the smart
| contract says, it might not even be illegal.
| VectorLock wrote:
| Everybody thinks "we don't need laws, we let the smart
| contracts handle it" until their smart contract is exploited
| and their funds "robbed."
| Nextgrid wrote:
| Have any of the smart contract exploits actually been
| litigated in court, even if unsuccessfully?
| Vinceo wrote:
| Why is it harder to launder eth? You can just exchange them to
| monero on a non KYC exchange.
| paulpauper wrote:
| KYC exchanges don't really exist anymore because they were
| abused in 2017 and thus either forced to close or comply with
| regulation (such as the wannacry ransomware virus, in which
| the criminals laundered their BTC into monero on shapeshift,
| which at the time had no KYC). Second, cross-chain exchanges
| may not be possible in a fully trustless manner.
| Acrobatic_Road wrote:
| wrong and wrong of course.
|
| Shapeshift just DROPPED its KYC.
|
| https://erikvoorhees.medium.com/no-more-kyc-with-
| shapeshift-...
|
| >Second, cross-chain exchanges may not be possible in a
| fully trustless manner.
|
| Monero <-> Bitcoin atomic swaps (codename: farcaster) are
| coming later this year. In the mean time, you can use Bisq.
| CyberDildonics wrote:
| Why would it be harder to launder? The average bitcoin
| transaction is up to 17 USD, even combining addresses or
| tumbling is going to eat into your balance.
| paulpauper wrote:
| eth uses an accounts model instead of the UTX model for
| transactions. Tis makes it much, much easier to trace payment
| flows.
| phyalow wrote:
| Fairly straightforward in Ethereum to break a audit trail via
| services like tornado.cash etc.
| v64 wrote:
| Flash loans are a great example of how blockchains enable new
| types of financial transactions that either aren't possible or
| are very difficult to do in a traditional financial setting.
|
| If you identify an arbitrage opportunity in the market, you can
| atomically borrow a large sum of money to take advantage of the
| price difference. You also have the added assurance that if the
| arbitrage opportunity goes away before you can take advantage of
| it, the entire transaction fails and you only lose the Ethereum
| transaction fee. It's essentially risk-free arbitrage.
|
| This paper [1] dives into detail about how these arbitrage
| mechanics play out on the blockchain, and how both arbitrageurs
| and miners manipulate transactions in order to make a profit.
|
| [1] https://arxiv.org/abs/1904.05234
| qqii wrote:
| Personally I found this article much clearer than the paper:
| https://www.palkeo.com/en/projets/ethereum/bzx.html
|
| You can actually follow the money yourself:
|
| https://etherscan.io/address/0x148426fdc4c8a51b96b4bed827907...
| https://etherscan.io/address/0xb8C6Ad5fE7CB6cC72F2C4196dca11...
|
| It looks like neither attacker was able to cash out, but the
| seccond attacker is moving his funds around even to this day.
| Acrobatic_Road wrote:
| Ethereum is like a real world PVP system fought with real money.
| And I wouldn't have it any other way.
| dylkil wrote:
| Its more like PvE system
___________________________________________________________________
(page generated 2021-01-16 23:00 UTC)