SushiSwap

Ledger patches vulnerability after multiple DApps using connector library were compromised

Multiple decentralized applications using Ledger’s connector library have been compromised, including SushiSwap and Revoke.cash. Ledger claims the issue has been fixed.

Update (Dec. 14 at 2:45 pm UTC): This article has been updated to clarify that Ledger has reportedly fixed the issue.

The front end of multiple decentralized applications (DApps) using Ledger’s connector, including Zapper, SushiSwap, Phantom, Balancer and Revoke.cash were compromised on Dec. 14. Nearly three hours after the security breach was discovered, Ledger reported that the malicious version of the file had been replaced with its genuine version around 1:35 pm UTC.

Ledger is warning users “to always Clear Sign” transactions, adding that the addresses and the information presented on the Ledger screen are the only genuine information. “If there’s a difference between the screen shown on your Ledger device and your computer/phone screen, stop that transaction immediately.”

Read more

SushiSwap approval bug leads to $3.3 million exploit

Only users who have traded on the decentralized exchange in the last four days are apparently affected.

A bug on a smart contract on the decentralized finance (DeFi) protocol SushiSwap led to over $3 million in losses in the early hours of April 9, according to several security reports on Twitter. 

Blockchain security companies Certik Alert and Peckshield posted about an unusual activity related to the approval function in Sushi’s Router Processor 2 contract — a smart contract that aggregates trade liquidity from multiple sources and identifies the most favorable price for swapping coins. Within a few hours, the bug led to losses of $3.3 million.

According to DefiLlama pseudonymous developer 0xngmi, the hack should only affect users who swapped in the protocol in the past four days.

Sushi’s head developer Jared Grey urged users to revoke permissions for all contracts on the protocol. “Sushi’s RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We’re working with security teams to mitigate the issue,” he noted. A list of contracts on GitHub with different blockchains requiring revocation has been created to address the problem.

Hours after the incident, Grey took to Twitter to announce that a “large portion of affected funds” had been recovered through a whitehat security process. “We’ve confirmed recovery of more than 300ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH.”

The Sushi’s community has had an intense weekend. On April 8, Grey and his counsel provided comments on the recent subpoena from the United States Securities and Exchange Commission (SEC).

“The SEC’s investigation is a non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws. To the best of our knowledge, the SEC has not (as of this writing) made any conclusions that anyone affiliated with Sushi has violated United States federal securities laws,” he stated.

Grey claims to be cooperating with the investigation. A legal defense fund in response to the subpoena was proposed on Sushi’s governance forum on March 21.

Magazine: Crypto audits and bug bounties are broken: Here’s how to fix them

SushiSwap approval bug leads to $3.3M exploit

Only users who have traded on the decentralized exchange in the last four days are apparently affected.

A bug on a smart contract on the decentralized finance (DeFi) protocol SushiSwap led to over $3 million in losses in the early hours of April 9, according to several security reports on Twitter. 

Blockchain security companies CertiK Alert and Peckshield posted about an unusual activity related to the approval function in Sushi’s Router Processor 2 contract — a smart contract that aggregates trade liquidity from multiple sources and identifies the most favorable price for swapping coins. Within a few hours, the bug led to losses of $3.3 million.

According to DefiLlama pseudonymous developer 0xngmi, the hack should only affect users who swapped in the protocol in the past four days.

Sushi’s head developer, Jared Grey, urged users to revoke permissions for all contracts on the protocol. “Sushi’s RouteProcessor2 contract has an approval bug; please revoke approval ASAP. We’re working with security teams to mitigate the issue,” he said. A list of contracts on GitHub with different blockchains requiring revocation has been created to address the problem.

Hours after the incident, Grey took to Twitter to announce that a ”large portion of affected funds” had been recovered through a white hat security process. “We’ve confirmed recovery of more than 300ETH from CoffeeBabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH.”

The Sushi community has had an intense weekend. On April 8, Grey and his counsel provided comments on the recent subpoena from the United States Securities and Exchange Commission.

“The SEC’s investigation is a non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws. To the best of our knowledge, the SEC has not (as of this writing) made any conclusions that anyone affiliated with Sushi has violated United States federal securities laws,” he stated.

Grey claims to be cooperating with the investigation. A legal defense fund in response to the subpoena was proposed on Sushi’s governance forum on March 21.

Magazine: Hodler’s Digest, April 2-8: BTC white paper hidden on macOS, Binance loses AUS license and DOGE news

Sushi sets up legal defense fund after SEC subpoenas head chef Jared Grey and DAO itself

The DAO said it would not be commenting on “ongoing legal investigations,” but its existing $100,000 defense fund was apparently not enough.

Sushi DAO proposed the creation of a legal defense fund on March 21 in response to the “recent” subpoena of Sushi head Jared Grey and the decentralized autonomous organization (DAO) itself by the United States Securities and Exchange Commission. 

The DAO’s proposal did not provide details about the SEC subpoena. It stated that it was cooperating with the SEC and that “we do not intend to comment publicly on ongoing investigations or other legal matters.” One community member commented:

“How does ‘sushi’ even get subpoenad [sic]? The human I get, but sushi is a dao. […] How are they trying to get the dao? By pressuring us with going after Jared [Grey]? I got no letter in my mail and I am the Dao just like all the other members.”

Japan-based Sushi DAO operates the SushiSwap decentralized exchange using the SUSHI (SUSHI) token. The DAO proposed a redesign of SUSHI tokenomics at the end of last year after losing $30 million on incentives for liquidity providers in 2022.

The new proposal suggests dedicating $3 million to the fund, with a top-up of $1 million if needed. Sales of SUSHI would pay for 15% of the fund. It pointed out that Maker DAO proposed a similar fund in December. Sushi first created a legal defense fund in March 2022, with funding of between $85,000 and $100,000.

Related: Gary Gensler’s SEC is playing a game, but not the one you think

Sushi is reportedly the first DAO the SEC has “targeted” under the chairmanship of Gary Gensler, although the agency has been widely seen as cracking down on the crypto industry in recent months. It has concentrated on staking and custody in particular. In February, the SEC forced centralized exchange Kraken to discontinue its staking service for U.S. clients. Kraken paid $30 million in penalties.

DeFi protocols unite to promote permissionless Web3 experiences

The collaboration of over 30 DeFi projects is an effort to counteract the negative sentiments built in 2022 due to numerous CeFi ecosystem crashes.

The damage caused by the fall of major crypto ecosystems last year is on a path of steady recovery as good actors take proactive measures to rebuild trust among investors. Major players from the decentralized finance (DeFi) ecosystem came together to showcase the incentive behind operating trustless, interoperable and permissionless platforms.

For 24 hours, from Feb. 6 to 7, over 30 DeFi protocols joined in an initiative to “permissionlessly” share tweets from other protocols — thus highlighting the permissionless and interoperable nature of Web3. Projects participating in this campaign include Yearn.finance, MakerDAO, SushiSwap and Aave, among others.

DeFi has amassed mainstream acceptance with significant institutions making their entrance into the space, but it still has a shaky reputation due to its many exploits.

Mamun Rashid, the chief marketing officer at MakerDAO, said that to realize the “full potential” of DeFi, there needs to be a collaboration between the ideas and expertise in the space.

“Together, we can push the boundaries of traditional finance and build a more inclusive and accessible financial system through DeFi.”

The projects collaborating in the campaign defined the “spirit” of DeFi as a more collaborative ecosystem, rather than a competitive one.

Jared Grey, the CEO of SushiSwap, said DeFi is being built to challenge the current status quo of known financial frameworks, which historically create barriers and reduce economic freedom.

“Leveraging the composability of this new technology, we can democratize and provide more equitable, safer, and transparent financial tools and products to reach a global audience.”

Grey said the responsibility to portray the true message of DeFi comes first from within the space. Therefore, the initiative and solidarity of more than 30 builders within the space come at a critical time.

Related: DeFi should complement TradFi, not attack it: Ava Labs CEO | Davos 2023

Over the last year, the DeFi space was a major target for exploits. According to a report from Beosin, DeFi-based projects experienced the highest number of attacks in 2022.

This vulnerability led to a 47.4% rise in security losses in 2022 compared with the previous year, which totaled $3.64 billion in losses.

Additional industry insights revealed that the trend of DeFi exploits should be expected to continue into this year due to new projects entering the market and more sophisticated hackers.

Nonetheless, the space started the year with significant growth, according to a DappRadar report. In January, a new $150 million ecosystem fund was created by Injective to boost DeFi and Cosmos adoption. 

SushiSwap passes 100% fee relocation, 10.9M SUSHI clawback proposals

100% of trading fees on the platform will soon be redirected to the SushiSwap treasury for maintenance and expenses.

According to a governance proposal passed on Jan. 23, decentralized exchange (DEX) SushiSwap will soon redirect 100% of the platform’s trading fees to its treasury for operations and maintenance for one year’s duration. The move came after CEO Jared Grey warned that the exchange “only has 1.5 years of treasury runway left,” even after slashing annual operating expenses from $9 million to $5 million amid the ongoing crypto winter. 

“Revenue to the treasury will be in the form of 50% ETH and 50% USDC, with projection of ~$6m being earned over the next year if this proposal were to pass.”

In a separate proposal that passed the same day, 99.85% of voters elected to “clawback” 10,936,284 unclaimed SUSHI ($14.8 million) tokens awarded to early liquidity providers during the DEX’s launch in 2020. The rewards were available to SushiSwap users who provided trading liquidity for the exchange from August 2020 to February 2021 and had been open to claim for close to two years. Some users argued that “people have earned these SUSHI fair and square,” and their claim to these assets should not be denied. Others said that they support the clawback as “idle SUSHI that can be put to better use.” The assets will be returned to the SushiSwap treasury. 

SushiSwap, the sixth-largest DEX by 24-hour trading volume, has been hit hard by the crypto market downturn and product-market-fit woes. Last December, Cointelegraph reported that the DEX lost $30 million over 12 months alone on incentives for its liquidity providers due to “unsustainable” token emission rates. As a result, the DEX is currently seeking to revamp its tokenomics model. 


DeFi should complement TradFi, not attack it: Finance Redefined

Top 100 DeFi tokens continued their bullish momentum into third week of January with majority of the tokens trading in green on weekly charts.

Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week.

Following FTX’s demise, the DeFi space is up for a complete remodel as crypto users demand better security and compliance practices.

SushiSwap’s roadmap for the coming year includes the development of a decentralized exchange (DEX) aggregator, a decentralized incubator and “several stealth projects.” All these projects combined can grow its market share 10x, said the CEO.

The co-founder and CEO of Ava Labs spoke with Cointelegraph at the World Economic Forum in Davos, Switzerland, on the future of DeFi and traditional finance (TradFi) and said DeFi should complement TradFi, not attack it. Another DeFi report suggests that decentralized forex could reduce costs by as much as 80%.

The top 100 DeFi tokens saw a second week of bullish price action, with a majority of the tokens trading in the green on the weekly charts.

SushiSwap’s new DEX aggregator will ‘10x our market share’ — head chef

Just a month after warning of a “significant deficit” in its treasury, the CEO of decentralized exchange SushiSwap has shared several planned updates to the platform, which he said are intended to “10x” its market share in 2023.

SushiSwap CEO, Jared Grey, laid out the plans for the DeFi platform in a Jan. 16 Medium post, saying it will focus on its product stack in line with prior plans to make Sushi more sustainable.

Continue reading

DeFi should complement TradFi, not attack it: Ava Labs CEO | Davos 2023

DeFi is moving from becoming a small niche within the financial industry to something TradFi is trying to incorporate.

In an interview with Cointelegraph at the World Economic Forum in Davos, Switzerland, Emin Gun Sirer, the co-founder and CEO of Ava Labs, spoke on DeFi’s role in TradFi ecosystems and what users can expect in a future where both are center stage.

Continue reading

Decentralized forex will reduce costs by as much as 80%: Report

If the foreign exchange market starts using DeFi protocols instead of the current centralized systems, the cost of remittances could be reduced by “as much as 80%,” according to a Jan. 19 paper jointly published by researchers at Circle and Uniswap.

The authors studied the trading activity of Circle’s USD Coin (USDC) and Euro Coin (EUROC) on Uniswap from July 2022 to January 2023. They found that the coins had $128 million in total volume, with trading volume as high as $8 million on some days.

Continue reading

Raydium exploiter moves $2.7M to crypto mixer Tornado Cash

In an alert, blockchain security firm CertiK reported that the Raydium protocol exploiter had sent 1,774.5 Ether (ETH) to the Tornado Cash cryptocurrency mixer. The amount is worth around $2.7 million at the time of writing.

While security teams from various exchanges continue to combat the efforts of hackers, funds continue to flow to the sanctioned Tornado Cash.

Continue reading

DeFi market overview

Analytical data reveals that DeFi’s total market value remained over $40 billion this past week, trading at about $44.9 billion at the time of writing. Data from Cointelegraph Markets Pro and TradingView show that DeFi’s top 100 tokens by market capitalization had a bullish week, with nearly all the tokens breaking past multi-week highs.

Convex Finance (CVX) was the biggest gainer on the weekly charts, registering a 37% price surge over the last seven days, followed by Kava (KAVA) with a 34% surge. Synthetix (SNX) recorded a 29% surge on the weekly charts, while the rest of the tokens in the top 100 also saw bullish gains over the past week.

Thanks for reading our summary of this week’s most impactful DeFi developments. Join us next Friday for more stories, insights and education in this dynamically advancing space.

SushiSwap’s new DEX aggregator will ‘10x our market share’ — Head Chef

SushiSwap’s roadmap for the coming year includes the development of a DEX aggregator, a decentralized incubator and “several stealth projects.”

Just a month after warning of a “significant deficit” in its treasury, the CEO of decentralized exchange (DEX) SushiSwap has shared several planned updates to the platform, which it says is intended to “10x” its market share in 2023.

Sushi CEO Jared Grey laid out the plans for the decentralized finance (DeFi) platform in a Jan. 16 Medium post, saying it will focus on its product stack in line with prior plans to make Sushi more sustainable.

“Sushi commands ~2% of the AMM market & 0% of the aggregation market. By executing our vision, we intend to 10x our market share in 2023.”

Newly announced plans include a DEX aggregator set for launch in Q1 and a “decentralized incubator” on the cards for 2023.

Grey said the upcoming DEX aggregator — a tool giving users access to various DeFi protocols — was built in “stealth mode” throughout last year, and is part of its plans to drive scalability and sustainability of its business.

Grey also laid out the vision for Sushi Studios, a so-called decentralized incubator where Sushi will help launch self-funded projects “to support ecosystem growth without burdening the DAO treasury.”

He added “several stealth products” are currently in development along with its long-awaited nonfungible token (NFT) marketplace, Shoyu, expected for a first-quarter launch along with a perpetual DEX platform.

The push for more offerings comes after a Dec. 6 governance proposal put forward by Grey revealed that Sushi’s treasury only had one and a half years of runway left, which he said at the time “threaten[ed] Sushi’s operational viability.”

On Dec. 11, Grey said that DEX lost $30 million over the prior 12 months on incentives for liquidity providers (LPs).

Later that month he put forward a proposal to redesign the tokenomics of the SushiSwap (SUSHI) token to try to strengthen Sushi’s treasury reserves.

Grey confirmed in his latest post that “we took measures to secure our runway for multi-year operations.”

Related: As DEXs struggle, new approaches kindle hope

As for Sushi’s other 2023 plans, the platform is also building a governance dashboard and focusing on user experience.

The dashboard showcases Sushi’s budget, crypto wallets for each project and Treasury expenditure audit results.

“Ultimately, we will provide deep liquidity, optimal pricing, sustainable tokenomics, & an easy-to-use platform, placing you first in everything we build,” Grey said.

SushiSwap CEO proposes new tokenomics for liquidity, decentralization

The new tokenomics intends to boost liquidity and decentralization in the platform, enabling SushiSwap to continue operations.

Jared Grey, CEO of the decentralized exchange SushiSwap, has plans to redesign the tokenomics of the SushiSwap (SUSHI) token, according to a proposal introduced on Dec. 30 in the Sushi’s forum.

As part of the new proposed tokenomics model, time-lock tiers will be introduced for emission-based rewards, as well as a token-burning mechanism and a liquidity lock for price support. The new tokenomics aims to boost liquidity and decentralization in the platform, along with strengthening “treasury reserves to ensure continual operation and development,” noted Grey.

In the proposed model, liquidity providers (LPs) would receive 0.05% of swap fees revenue, with higher volume pools receiving the biggest share. LPs will also be able to lock their liquidity to earn boosted, emissions-based rewards. The rewards are forfeited and burned, however, if they are removed before maturity.

Also, staked SUSHI (xSUSHI) won’t receive any share of the fee revenue, but emissions-based rewards paid in SUSHI tokens. Time-lock tiers will be used to determine emissions-based rewards, with longer time locks resulting in bigger rewards. Withdrawals before the maturity of time locks are permitted, but rewards will be forfeited and burned.

The decentralized exchange will use a variable percentage of the 0.05% swap fee to buy back and burn the SUSHI token. The percentage will change based on the total time-lock tiers selected. The proposal notes:

“Because time locks get paid after maturity, but burns happen in ‘real-time’ when a large amount of collateral gets unstaked before maturity, it has a sizable deflationary effect on supply.”

The tokenomics redesign comes after SushiSwap’s disclosed to have less than 1.5 years of runway left in its treasury, meaning that a significant deficit was threatening the exchange’s operational viability. As reported by Cointelegraph, SushiSwap experienced a $30 million loss over the past 12 months on incentives for LPs due to the token-based emission strategy, leading the company to introduce the new tokenomics model.

SushiSwap CEO reveals DEX lost $30M on LP incentives this year

“Ultimately, we must harden the business model to produce more swap volumes & generate more fees,” wrote CEO Jared Grey.

According to a new tweet by SushiSwap CEO Jared Grey, the decentralized exchange (DEX) experienced a $30 million loss over the past 12 months on incentives for liquidity providers (LPs). As explained by Grey, SushiSwap currently employs a token-based emission strategy to incentivize LPs, but the current rate is “unsustainable.”

“We commissioned Flipside to build dashboards to showcase these results; we’ll make them available by EOY.”

Moving forward, Grey plans to rework SushiSwap’s tokenomics so that LPs are no longer subsidized with emissions and redesign the entire model of bootstrapping liquidity on the exchange. “In Q1 2023, we will bring innovation to scale swap volume & prioritize TVL. As LPs experience a more profitable swap experience, others should migrate to Sushi,” wrote the DEX executive.

Grey also turned his attention to promoting the “Kanpai” governance proposal, which will divert trading protocol fees earned as rewards from SUSHI (SUSHI) stakers into the SushiSwap treasury. Previously, Grey disclosed that the SushiSwap treasury had only 1.5 years of runway left. 

“Put simply, it [Kanpai] allows the protocol to rebuild its cash reserves to continue to pay competitive wages, pay for critical infrastructure, & to diversify its Treasury with funds collected in the base pairs of assets, like ETH, stablecoins, etc. Kanpai is a temporary solution.”

Curiously, Grey has remained opaque concerning the design of the new SushiSwap for now, stating that he will provide “full financial transparency by releasing public dashboards for DAO & Treasury activity” in Q1 2023. When pressed by a community member on the matter, Grey responded:

“I’ve discussed it at length in the Sushi Discord, on community calls, AMAs, and more. The official whitepaper comes out by EOY. No one is saying, “trust me, bro” I’m saying full details come out at that time.”