Silicon Valley Bank and DeFi; The Rise of GMX

The Fall of Silicon Valley Bank; DeFi has a "Come to Jesus" Moment; The Rise of GMX; The Wormhole hacker gets Jumped

Mar 23, 2023

Dear Bankless Nation 🏴,

In this edition of the DeFi Download, we’re going in a slightly different direction but still giving you the education content you’re used to. Today, we’re focusing on the fall of Silicon Valley Bank and some of the waves it made in the DeFi ecosystem, specifically Circle’s USDC and Maker’s DAI. Buckle up, this one gets into the weeds.

Afterwards, Austin gives us the down low on GMX and how it grew to overtake dYdX as the dominant derivatives protocol. Finally, he takes us through a stranger-than-fiction story of how the Wormhole hacker lost their stolen funds.

If you like the new direction of the DeFi Download, let us know in the comments!

This is the DeFi Download ⚡️

Contributors: BanklessDAO Writers Guild (Jake and Stake, Austin Foss)

This is the official newsletter of BanklessDAO. To unsubscribe, edit your settings.

Silicon Valley Bank | Jake’s Take

Author: Jake and Stake

Background

Banks earn money by borrowing money from depositors and loaning that money (and more) to borrowers. They make money by earning a greater return on their loans than what they pay out in interest on their deposits. Depositors are technically creditors to their banks.

During COVID lockdowns from 2020 through 2021 banks received a ton of deposits.

“Between the end of 2019 and the first quarter of 2022, deposits at US banks rose by $5.40 trillion. With loan demand weak, only around 15% of that volume was channelled towards loans; the rest was invested in securities portfolios or kept as cash.” - Marc Rubinstein

We’ll talk about two kinds of fixed income securities: Available for Sale (AFS) and Hold to Maturity (HTM). From ChatGPT:

What is the difference between AFS bonds and HTM securities?
AFS securities are those that a company holds as investments with the intention of selling them in the future, but not necessarily in the short term. These securities are reported on the balance sheet at fair value, with unrealized gains or losses recorded as a separate component of shareholders' equity.
HTM securities are those that a company intends to hold until they mature. These securities are reported on the balance sheet at amortized cost, which takes into account both the purchase price and any interest earned over time.
The main difference between AFS and HTM is how they are accounted for on the balance sheet. AFS are marked to market, meaning their value is adjusted to reflect changes in market interest rates, and unrealized gains or losses are recorded in shareholders' equity. HTM, on the other hand, are accounted for at amortized cost, meaning that their value is not adjusted for changes in market interest rates, and unrealized gains or losses are not recorded on the balance sheet.
Companies may choose to hold AFS or HTM securities based on their investment objectives, risk tolerance, and accounting considerations. AFS securities may be more appropriate for companies that want the flexibility to sell their investments in the short term and are willing to accept greater volatility in the value of their investments. HTM securities may be more appropriate for companies that want a stable source of income and are willing to hold their investments until maturity.

The economic environment in 2020 was that of high inflation and low interest rates. Banks were holding a ton of AFS bonds and after 2020 reclassified them to HTM in 2021 in order to avoid future losses on their balance sheets because the unrealized loss would no longer appear on the bank’s account. As a result, ratios of AFS went from ¾ to ½ of all bank securities.

Silicon Valley Bank

SVB is one of the premier financial service providers to the tech ecosystem in Silicon Valley. Founders use it for personal accounts (checking and savings), to receive home and auto loans, and hold company funding.

They make most of their money (73%) through Net Interest Income—loaning money received by depositors to start ups and earning yield in fixed income investments (treasuries and mortgage backed securities. And from 2020-2021 business was booming.

Silicon Valley Bank (SVB) received a ton of deposits during that time because the economy was flush with cash (money printer go brr). The banking industry’s deposits grew by a staggering 37%, but SVB deposit balances tripled to $198 billion.

⅔ of these deposits were into plain checking accounts with 0% interest
⅓ of these deposits were into accounts with small interest rates

They had just received a butt load of money and were figuring out what to do with it. The bank wanted to achieve yields of 1.65%-1.75% so they ended up investing some into short-duration AFS assets, and in search of more yield, they put the rest into long-dated HTM assets.

And it was profitable:

[The] AFS book grew from $13.9 billion at the end of 2019 to $27.3 billion at its peak in the first quarter of 2022; the longer duration HTM book grew by much more: from $13.8 billion to $98.7 billion. - Marc Rubenstein

Like many other bond portfolios, HTM securities took an ever larger portion of the bank’s assets, and the vast majority of those assets were mortgage-based loans. These are considered high-quality assets unlike the junk bonds that caused the 2008 housing crisis.

But this strategy is very sensitive to interest rate risks; something SVB’s Chief Risk Officer would have told them if they had one. The previous risk officer left in April 2022, just before the Fed raised rates and just after selling $4 million in shares.

The Fed raises rates

After a couple years of “transitory inflation”, and advising that they would not raise rates, the Fed raised rates in 2022. This would be the sharpest interest rate hike since World War II.

As interest rates rose, the yields on newly issued bonds were improving against those previously issued, causing the value of the old bonds to decrease. Why buy a 10 year treasury with 1% interest when you could get a new one with 3.5%?

The value of the HTM portfolio fell by 17% over the course of 2021-2022 with unrealized losses of $16 billion. At the end of September SVB was technically insolvent because they only had $11.8 billion in tangible common equity on hand to absorb those losses, leaving more than $4 billion of liabilities unpayable.

Note that these losses were unrealized. Meaning SVB didn’t have to record it on their balance sheet, and as long as they held them to maturity, they could weather the storm.

But as the economy began to cool down, deposits began to fall from that $198 billion peak I mentioned before to $165 billion in 2023. Remember, startups get money by raising capital from VCs and VC money is drying up.

Science Is Strategic @scienceisstrat1

Venture funding hits 9 year low: - VC firms raised $20.6bn Q4, a 65% drop from the year-earlier quarter and the lowest Q4 amount since 2013 - LPs invested in 226 VC funds in Q4 2022 compared to 620 funds in Q4 2021

The bank’s customers (startups and VCs) have less money to deposit, meaning SVB’s credit line was falling, and the bank’s balance sheet wouldn’t be able to handle much more without selling a bunch of AFS securities and raising capital (~$2B).

In short, SVB management (and a lot of other banks) f***ed up big-time by trying to chase greater yields and SVB needed to cover their hides before Moody’s downgraded their debt. From the Financial Times:

The deal was announced on Wednesday night but by Thursday morning looked set to flop. SVB’s decision to sell the securities had surprised some investors and signalled to them that it had exhausted other avenues to raise cash. By lunchtime, Silicon Valley financiers were receiving last-ditch calls from Goldman, which briefly attempted to put together a larger group of investors alongside General Atlantic to raise capital, as SVB’s share price was tanking.
At the same time, some large venture investors, including Peter Thiel’s Founders Fund, advised companies to pull their money from SVB. Becker, in a series of calls with SVB’s customers and investors, told people not to panic. “If everyone is telling each other SVB is in trouble, that would be a challenge,” he said. Suddenly, the risk that had been building on SVB’s balance sheet for more than a year became a reality. If deposits fell further, SVB would be forced to sell its held-to-maturity bond portfolio and recognise a $15bn loss, moving closer to insolvency.

Unfortunately, deposit outflows were outpacing the sale process and that $2B wasn’t raised before they made the announcement, but they would be fine as long as they didn’t have to sell their HTM securities (and realize those huge losses). They would be fine as long as there wasn’t a bank run.

The Bank Run

Basically, in a classic run, whoever tries to take their money out of a bank first will be able to get all of it out, while the latecomers will lose their money when the bank fails. This means that runs are self-fulfilling prophecies — as soon as a critical mass of people all believe a bank is likely to suffer a run, they all stampede to pull their money out at once in an attempt to get in ahead of everyone else. And this stampede is the run. - Noah Smith

The Banking Act of 1933 established federal deposit insurance limited to $2,500. The bill was in part created to stem the bank runs that had been occurring in years prior and give depositors confidence in the US banking system. Once everyone understood that the Federal government would cover any losses, there was no fear of losing money and the bank run stopped.

Today, the FDIC insurance limit is up to $250,000. This is reasonable for everyday individuals. Very few people need more than $250K for everyday expenses and the people do likely have other risk management tools at their disposal.

But businesses are a different story. Many businesses need to have liquid cash in order to pay salaries, operating costs, and other various expenses. Most are not thinking about managing banking risks. Especially in a place like Silicon Valley, where there are hundreds of small startups focused on surviving and finding product-market fit and not on interest rate risk.

There was a lot of uninsured money in SVB. Over 37,000 accounts in SVB (93%) held balances in excess of $250,000, with an average balance of $4.2 million ($155.4 billion total). VCs realized that a lot of their companies had money in the bank that was not insured, so they urged their portfolio companies to move their money ASAP. One domino fell after another in what would be the fastest bank run in history: $42 billion in withdrawals was initiated on March 9th, 2023.

The Fed, Treasury, and FDIC walk into a bank

The Federal Reserve released a statement on March 12, 2023 that they would step in to make sure depositors would not lose their money in the Silicon Valley Bank closure:

“After receiving a recommendation from the boards of the FDIC and the Federal Reserve, and consulting with the President, Secretary Yellen approved actions enabling the FDIC to complete its resolution of Silicon Valley Bank, Santa Clara, California, in a manner that fully protects all depositors. Depositors will have access to all of their money starting Monday, March 13. No losses associated with the resolution of Silicon Valley Bank will be borne by the taxpayer.” - Joint Statement by Treasury, Federal Reserve, and FDIC

Suspiciously, Signature Bank would also be closed by the FDIC.

Later it was announced that:

“[...] additional funding will be made available through the creation of a new Bank Term Funding Program (BTFP), offering loans of up to one year in length to banks, savings associations, credit unions, and other eligible depository institutions pledging U.S. Treasuries, agency debt and mortgage-backed securities, and other qualifying assets as collateral.” - The Federal Reserve Board

In essence, a buyout from the private sector was not made as many expected. Instead, the Federal Reserve will provide for institutions’ deposits in order to instill faith in the US banking system. The United States government is loaning money to SVB against the purchase price of their assets.

This means two things. One, the federal government is injecting liquidity into the banking system in exchange for these particular securities (Treasuries/MBS). In effect, there’s no risk to buying these bonds because you can always exchange them for cash, no matter what their mark-to-market value is.

Two, the $250,000 insurance limit is meaningless. All deposits will be insured by the FDIC.

There will, though, be long-term consequences for fundamentally changing the nature of a bank: remember, depositors are a bank’s creditors, who are compensated for lending money to the bank; if there is no risk in lending that money, why should depositors make anything? Banks, meanwhile, are now motivated to pursue even riskier strategies, knowing that depositors will be safe; the answer will almost certainly be far more stringent regulation on small banks, of the sort imposed on the big four after 2008. That, in turn, will mean tighter credit and more fees for consumers, in addition to what will be a big increase in FDIC insurance premiums. And, while taxpayers may not be directly infusing money into failing banks, taking on all of those low-interest rate securities is [a] real opportunity cost. - Ben Thompson

We’ll see increased regulation on smaller banks, increasing transaction costs and tighter credit for consumers. All of this leads to a lower velocity of money and an economic slow-down in the US. Finally, if the regulation is ineffective (and depending on the length of the program), we’ll continue to see the government handing out cash in exchange for underwater assets.

As yields on savings accounts fall, I expect more people to put their assets in money market funds. Those with an appetite for more risk and an exhaustion with the US dollar might put their money in DeFi. As the banking sector heats up (explodes?) more people will see the value-proposition of crypto economic systems and flee hard assets like gold, energy, real estate and, of course, digital currencies.

The Crypto Ecosystem

Ethereum would go on to rally at the news of SVB’s effect on the financial system. Maybe having an economic system independent of a centralized government is actually useful.

Meanwhile, the stablecoin market would be affected quite differently by news of SVB and a possible banking collapse.

Impact on USDC

Circle’s USDC is backed by a combination of cash and US Treasuries and USDC is always redeemable 1 for 1 with the U.S. Dollar. But Circle was already going through turbulent times as it had been impacted by the closures of two core transaction banking partners: Silvergate and Signature Bank.

Circle @circle

Silicon Valley Bank is one of six banking partners Circle uses for managing the ~25% portion of USDC reserves held in cash. While we await clarity on how the FDIC receivership of SVB will impact its depositors, Circle & USDC continue to operate normally.

circle.comTransparency & Stability - CircleCircle-issued stablecoins — USDC and Euro Coin — are designed for stability. Learn more about our stablecoin backing and reserve transparency.

On Thursday March 9th Circle initiated a transfer out of SVB, but $3.3 billion of those assets were held in SVB before Circle’s transfers could be settled.

As uncertainty around SVB’s solvency created panic in crypto Twitter, USDC would lose its peg over the weekend.

But once the Federal Government stepped in, Circle moved cash deposits to BNY Mellon, and all was well. Today, most of the Circle Reserve Fund (which helps back USDC) is held in Blackrock and BNY Mellon. Note that BNY Mellon has a wider margin of safety as of Dec. 31 2022:

39% HTM securities
61% AFS securities

Though the US banking industry is far from safe.

DAI and Maker’s Response

If you didn’t already know, a lot of DAI is backed by USDC.

Maker provides a way for users to swap USDC (and other stablecoins) for DAI and vice versa using their Peg Stability Module (PSM). This module helps keep DAI’s peg to $1 USD by way of USDC-DAI arbitrage opportunities. Currently, the PSM holds 3.1 billion USDC.

From my article last September, DAI a Different Stablecoin:

Users can deposit USDC and generate DAI at a 1–1 ratio, no matter the price. The constant one-to-one exchange allows users to arbitrage DAI’s price.
The PSM allows users to swap their stablecoins for DAI and vice versa, and the DAO can take a fee on swaps. So if DAI is trading above its peg, users perform an arbitrage trade. By depositing other stablecoins to receive DAI at a 1–1 ratio (minus the swap fee which is currently 0) and selling it on the open market. Similarly for the inverse.

The PSM mechanism will tighten DAI’s range to its peg of $1 by acting as a release valve when the value of DAI swings too widely—usually as a result of volatility. After the SVB collapse, USDC holders were suddenly spooked, so the USDC-PSM saw a flurry of activity:

Maker @MakerDAO

In the last 24 hours, a total net of 736 million DAI has been minted against USDC through the PSM. → makerburn.com/#/collateral/P…

Maker’s exposure to USDC doubled to $4 billion over the weekend following SVB’s closure.

This is good if DAI is more volatile than other PSM tokens, but this arbitrage opportunity means that DAI is correlated with stablecoins. The PSM acts as a tether that pulls the two assets together, and where one goes so does the other, and DAI fell too:

This was enough to push Maker’s Risk Core Unit to submit an emergency proposal to limit exposure to USDC. They reduced the USDC-PSM daily USDC/DAI mint to $250 million DAI. This way Maker could loosen that tether mentioned before. They also increased the USDC → DAI swap fee to 1%.

To tie DAI more closely to a different stablecoin (and encourage users to hold DAI), they did the reverse for the USDP-PSM:

Raised debt ceiling
Lowered fees for USDP → DAI swaps
Raised fees for DAI → USDP swaps

On the bright side, Maker saw a big bump in fees from PSM usage:

Two things strike me about MakerDAO’s response. First, Maker is integrated with a lot of the DeFi ecosystem. Not only were they arguably over-exposed to USDC, but they had vaults with USDC LP positions as collateral and deep integrations with Compound and Aave via the D3M module.

Remember, Compound v2 has a fixed $1 price for USDC and a single pool of USDC. If USDC fell below the peg for long, users could supply USDC valued at <$1 and get $1 of DAI in return. This could lead to an accumulation of bad debt, that the D3M system has no idea about. While Aave v2 doesn’t have the same risks (they use an oracle to calculate price), Maker opted to shut it down in an abundance of caution.

Now, Maker is going to use $750 million USDC to purchase money market assets like treasuries and other fixed rate securities. Maker wants to control its own destiny when it comes to custody risk and go directly to the source, hedging against USDC. Inching away from DeFi, Maker is continuing to make inroads towards the traditional financial system.

Second, these changes were proposed on the Saturday March 11th, one day after the SVB closure, in the middle of price volatility. Depending on your perspective, this was a fast response by a relatively small team or a slow response due to governance procedures.

Is decentralized governance agile enough to respond to the fastest bank run in history? In this case, the Risk Core Unit doesn’t think so. Later, they would propose an emergency “PSM Breaker” to halt PSM activity without governance delays. Note that MakerDAO is in many respects the gold standard for decentralized governance. It utilizes small teams with very specific responsibilities as a way to move quickly and efficiently.

Can smart contracts be designed well enough to withstand the maelstroms of the digital age? An age where a $42 billion bank run can happen in 24 hours? Or will we need to rely on humans to do the dirty work of adjusting?

Final thoughts

While the idealized DeFi protocol has minimal human intervention, realistically, humans are still at the core of crypto. The protocols rise and move because humans will it. And while “don’t trust, verify” is, and should be, the motto of our industry, we also have to be aware who controls the protocols where we put our money: forthright and competent actors or not. DeFi is always live, so protocols and teams have to be too.

Collapse happens gradually, then suddenly. Silicon Valley founders and VCs learned that the hard way. There is real risk in who you’re banking with, and while the federal government has ensured all deposits, this just means that the federal government is now on the hook. But don’t worry, everything will be fine…

Jake and Stake 🏴🦇🔊 @JakeAndStake

"The capital and liquidity positions of the U.S. banking system are strong and the U.S. financial system is resilient." - The US Federal Reserve federalreserve.gov/newsevents/pre… lmao

fuckyouandfuckoff.eth @buythedipagain

@santiagoroel User deposits are safe We have enough liquidity There are no issues Deploying new capital soon

Wait a minute... That sounds familiar…

Do Kwon 🌕 @stablekwon

Deploying more capital - steady lads

SBF @SBF_FTX

4) BlockFi is financially strong; all operations are normal, as they always have been, and assets are safe.

SBF @SBF_FTX

3) But the important thing is that customers are protected.

Over the last 2 years, many people got lost in the jpegs, pump-and-dump schemes and the web of lies spun bad actors, but the foundation of crypto has always been economic freedom. That is why we stay. For many, our economic freedom, more than ever, is not in our control—but now we have a new path forward.

Action Steps

📖 Read The Demise of Silicon Valley Bank | Marc Rubinstein

⛏️ Dig into The Stablecoin Edition | DeFi Download

🎧 Listen Balaji Bets the Dollar will Hyperinflate | Bankless Shows

🎧 Listen Arthur Hayes Says, “Get your Bitcoin, and Get Out!” | Bankless Shows

GMX

By: Austin Foss

Under the larger synthetic asset umbrella is another subclass of assets called derivatives.

Among the many early DeFi projects dYdX made derivatives their niche and in 2019 had reached 150,000 ETH of TVL. Almost a year later they announced a partnership with Starkware to help scale up dYdX transactions and settlement times using Starkware’s brand new zk-rollup tech, launching the DEX in April 2021. According to charts from DeFi Llama, dYdX peaked with a TVL worth over 1 billion USD.

Another year later, dYdX announced their plans to migrate to their own dYdX Chain built using the Cosmos SDK and plans "to be a leader in the Cosmos ecosystem..." Unfortunately it seems this news may not have been received well because around the same time dYdX's TVL dropped sharply. However, this was also at the start of the deepest lows of last year's bear market. Still, they have not yet managed to reverse that downward trend; today they have about 340 million USD worth of TVL.

Enter GMX; according to DeFi Llama, the top competitor in their derivatives category for DeFi protocols with more than 580 million USD worth of TVL; and while it did experience a dip around the same time dYdX did, GMX managed to maintain a steady upward trend through the rest of 2022 to today and has overtaken dYdX's head start in the market.

Derivatives

First, let’s define derivatives with the context of DeFi. Vanilla DeFi, such as AMM’s like Uniswap, don’t have ability to perform advanced trading actions, but with the power of derivatives features like limit orders and margin trading can be enabled natively without compromising on decentralization by having to use a CEX or an alternate L1.

Derivatives are generally defined as:

"... contracts with values derived from underlying assets... Although the derivative's value is based on an underlying asset, a contract’s owner doesn’t necessarily own the underlying asset. - Hedera"

This sub-class of assets has two further categories called "... lock and option derivatives."

An option derivative allows the owner of the contract to purchase an asset at a given price at any time before the option expires. This allows for limit orders; if you wanted to buy ETH but only when it reaches a price of 1500 USD for example.

Lock derivatives bind the owner to an obligation where they must purchase the asset at some point in the future. This enables futures trading: holding a long position if you think the price will go up or a short position if you think the price will go down. Modified lock derivatives called perpetual contracts allow traders to keep positions open perpetually as long as their collateral ratio doesn't fall within liquidation range.

How it Started, How it's Going

Originally launched under the project name Gambit in early 2021 on the BSC Chain the project brought a new stable coin to DeFi, USDG, to act as fee rewards for their DEX. Over several months, the project organically evolved, eventually migrating to a simple liquidity provider token, GLP.

GMX was obtained by migrating the other legacy tokens Gambit used. This consolidated several tokens into just a few and removed the headache of needing to maintain a stablecoin peg.

On Sept 14, 2021, a few months after GMX deployed to Arbitrum, GMX announced they had obtained the GMX.io domain, allowing the completion of the migration from Gambit. Four months after that, GMX launched on Avalanche.

Following the migration, this left the protocol with a GMX token supply distribution as follows:

6 million GMX from the XVIX and Gambit migration.
2 million GMX paired with ETH for liquidity on Uniswap.
2 million GMX reserved for vesting from Escrowed GMX rewards.
2 million GMX tokens to be managed by the floor price fund.
1 million GMX tokens reserved for marketing, partnerships and community developers. 250,000 GMX tokens distributed to contributors linearly over 2 years.

In the first two weeks of September, 2021:

~$150 million has been traded on GMX
~$300,000 in fees have been earned by the protocol, including Gambit fees
~$900,000 added to the floor price fund

Since then, looking at a Dune Analytics dashboard created by gmxtrader, GMX has done more than 112 billion USD of volume, and more than 170 million in fees, from more than 172,000 unique users.

Current daily volume is at about 62 million USD from 670 unique traders and the total assets under management (AUM) in the vault has grown to ~600 million USD. Earlier in the year dYdX had migrated to Starkware’s StarkEx platform, using a zk-rollup which one might think would give them a head start, while GMX opted to migrate from BSC to an Ethereum native optimistic-rollup just a few months later.

It wouldn’t be until a year after launching on Arbitrum that GMX surpassed dYdX’s TVL, breaking through the 400k USD milestone, once dYdX announced their intent to move to Cosmos and their own app-chain.

Audits

GMX has undergone two audits in its history. One done by ABDK Consulting conducted in April, 2021 and another by Quantstamp on September 14, 2022.

In the most recent audit, a vulnerability titled "Ability to Rug-Pull" stands out at the top of the list. Its description reports that the admin of one of the protocol contracts is capable of conducting a rug-pull of the protocol's Vault.sol contract. It was marked only as moderate because there would be time, 1-5 days but likely just 1 day, where users could close all positions and exit before getting rugged.

In partnership with Immunefi there is a bug bounty program available with rewards of up to 5 million USD for critical smart contract bugs.

Up Only?

Bucking the bear trend in the market throughout all of last year — TVL is up, token price is up — GMX certainly stands out from the rest of the DeFi protocols as TVLs across the whole ecosystem are trending in the opposite direction, and has become the dominant Ethereum native protocol operating in the derivatives niche.

That's not to say this is a one-size-fits-all or meant to be a ringing endorsement of the project; especially with the admin vulnerability mentioned in the second audit. Margin trading is not for everyone and is one of the easiest ways to lose your shirt trading. Only put in what you can afford to lose.

Congratulations to the GMX team for managing to build such a successful project during the bear market and experiencing continued organic user adoption.

andrewwww (💙,🧡)✍️ @andrewtalksdefi

Hello Web3☎️ By TVL, @arbitrum is currently the 4th LARGEST Chain overall, with more than 28.5% ($450M) of its volume coming from @GMX_IO! With this, @GMX_IO is referred to as the leading heir of @arbitrum & a successful project in the bear market✅ Let's dive deeper👇🧵 $GMX

Project Releases 🎉

Hand-picked updates to help you understand the current state of the DeFi ecosystem

Coinbase Wallet as a Service

Allow companies to integrate crypto directly into their applications
Use Coinbase infrastructure to automate wallet creation, access, and restoration without seed phrases
Uses advanced multi-party computation

Coinbase @coinbase

1/ Today we introduce Wallet as a Service, making it easier for any company or brand to seamlessly onboard their users to web3 🛠️⛓️ ...even if they have never used cryptocurrency before.

TornadoCash Privacy Pools Demo

TornadoCash is still live, just sanctioned
Privacy Pools allows users to prove that they’re not part of a subset of depositors (i.e. hackers)
This is still a demo and is not audited—use with caution

ameen.eth @ameensol

1/ We fixed @TornadoCash 😇 v0 of privacypools.com is live on @optimismFND test out the demo, but please note: - this is experimental code - it has not been audited - the trusted setup is untrusted read the full story anon 🧵👇

ameen.eth @ameensol

I sincerely hope no one thought we were finished https://t.co/YVpSMtjeCd

Uniswap Launches Wallet

Limited early release of mobile app on Optimism, Polygon, Arbitrium
Uniswap is moving up the stack to eventually become a fiat ramp
Watch token and wallet address activity
Uniswap is being held up by Apple

Uniswap Labs 🦄 @Uniswap

1/ Introducing the Uniswap mobile wallet 🦄✨ A completely self-custodial, open-sourced mobile app from the most trusted name in DeFi. Now available as a limited early release - through Apple TestFlight.

RocketPool Atlas Upgrade

Allow withdrawals upon Shanghai Upgrade
Lower ETH bond minimums to 8 ETH (3x capacity, 42% improvement over solo staking and 25% improvement over 16 ETH minipools)
Solo stakers can become rocketpool minipools without exiting the staking pool

Rocket Pool @Rocket_Pool

Questions about Atlas? Whether you're one of the thousands of permissionless Rocket Pool node operators validating today, planning to launch soon, or thinking about migrating from "solo" 32 ETH validators, check out the recording below to stay up to date!

youtu.beRocket Pool Atlas Upgrade AMA | 17 March 2023Atlas is getting closer! Rocket Pool’s biggest protocol upgrade to date is now just one month away. Hosted by Ken, join over 50 community members on Discord ...

Arbitrum $ARB Airdrop, DAO, and L3 solution Launched

The $ARB token will be used for DAO governance
~56% will go to the community distributed in the airdrop Thursday, March 23, based on snapshot from Feb 6, 2023
Created a 12-member “Arbitrum Security Council” to take emergency action
Arbitrum Orbit allows developers to launch Layer 3 blockchain on Arbitrum

Arbitrum (💙,🧡) @arbitrum

Today The Arbitrum Foundation is extremely excited to announce the launch of DAO governance for the Arbitrum One and Arbitrum Nova networks, alongside the launch of $ARB.

arbitrumfoundation.medium.comARBITRUM: THE NEXT PHASE OF DECENTRALIZATIONTldr: Nah you should really read this one. OK, OK fine, here are the highlights, but really you should read the post: (1) Today marks the…

Rollups on Bitcoin

Uses Bitcoin as a data availability layer for the Rollkit EVM rollup
Creates a fee market on Bitcoin to increase the security budget
Uses Taproot transactions

Rollkit @RollkitDev

You can now run a sovereign rollup on Bitcoin. Announcing the first research integration of Bitcoin as a data availability layer for sovereign rollups. 🧵 rollkit.dev/blog/sovereign…

rollkit.devSovereign rollups on Bitcoin with Rollkit | RollkitLast week, we introduced Rollkit, a modular framework for rollups. Today, we are proud to announce that Rollkit is the first rollup framework to support sovereign rollups on Bitcoin. This allows Rollkit rollups to use Bitcoin for data availability. The implementation is in alpha, but we invite curio…

Ethereum Shanghai Date announced

timbeiko.eth ☀️ @TimBeiko

6209536 4/12/2023, 10:27:35 PM UTC

Aztec to sunset privacy solution Aztec Connect

Refocusing on Noir programming language to build privacy focused ZK-Rollup
Deposits are disabled
Withdraw funds from zk.money by March 21st, 2024

Aztec @aztecnetwork

As we sunset our Aztec Connect product and build toward a next-gen encrypted zkRollup, there are some questions. What's next for Aztec? Rest assured--we aren't going anywhere. Here is an FAQ addressing the most common questions:

Uniswap launches on BNB

Uniswap Labs 🦄 @Uniswap

1/ Uniswap is now live on @BNBCHAIN🔶🦄 Start swapping your fave BNB tokens on the Uniswap web app today! app.uniswap.org/#/swap

Chirping Birds

🔥 and 🧊 tweets from across the DeFi ecosystem

Lefteris Karapetsas | Hiring for @rotkiapp @LefterisJP

"One time bonus of USDC to all existing holders". Scammer who took over Dante's account should have tried harder. Naturally, report the tweet and do not fall for it. https://t.co/xiMYNFNjY5

Aztec @aztecnetwork

As part of our continued sunsetting of Connect, deposits have been disabled, and withdrawals are now free. Users will have 1 year from today to withdraw with *no fees*, after which point Aztec will no longer provide sequencing for Connect. Here's are some other important dates:

Erik Voorhees @ErikVoorhees

Sushi created a legal entity “to reduce liability” and then that entity and an individual associated with it got subpoenaed. PSA: if there’s an entity, it’s not a DAO Don’t let lawyers talk you into incorporation… unless you want to be a corporation.

Matias Nisenson @MatiasNisenson

Ouch, @SushiSwap served with an SEC Subpoena. https://t.co/yYimXUg3Rc

Delphi Digital @Delphi_Digital

1/ Public permissionless networks can advance existing financial infrastructure via: 🔹Transparency 🔹Disintermediation 🔹Decentralization Guest authors @SH_Brennan @lex_node @MarcGoldich propose a regulatory framework that embraces these principles: 🧵⬇️members.delphidigital.io/reports/policy…

members.delphidigital.ioDelphi DigitalDelphi Digital Members Portal

Marc Andreessen @pmarca

I can't convince you to want freedom. But if you do want freedom, it can't come to you in the form of a centralized system, whether that's communism, backdoored cryptography, or centrally controlled AI.

Wong Joon Ian @joonian

ethereum culture and technology is influencing bitcoin culture and technology

Jim @0xJim

*hits blunts* Banks are sovereign rollups that post data availability to the Fed man

DavidHoffman.bedrock 🏴🦇🔊🔴_🔴 @TrustlessState

The crypto class of '21 & '22 have really earned their stripes

RYAN SΞAN ADAMS - rsa.eth 🏴🦇🔊 @RyanSAdams

A whole bunch of tech entrepreneurs and builders just learned why we need crypto. I wonder what they’re gonna do next?

zkSync ∎ @zksync

Security Scares: Go Hack Yourself

Author: Austin Foss

Almost exactly a year after 120k ETH was stolen via the Wormhole Bridge exploit, the hack took second place in 2022's record-setting year for DeFi hacks, more ETH than was initially stolen has been recovered.

From their own blog Oasis announced that on February 21, 2022:

"... received an order from the High Court of England and Wales to take all necessary steps that would result in the retrieval of certain assets involved with the wallet address associated with the Wormhole Exploit on the 2nd February 2022." - Oasis

Chainalysis created a detailed illustration of the hacked funds movements over the last year in their larger report on the incident.

An update on January 30, 2023 was added to the report stating that 95k ETH was traded for stETH which was used to borrow DAI using the Maker protocol, which was subsequently used to purchase more collateral and borrow even more DAI, effectively leveraging up their position.

This decision by the attacker proved fatal; not for themselves as they are still at large, but for their profits.

Oasis' Self Exploit

In a report published on February 24 by Blockworks Research titled Jump Executes Counter Exploit Against Wormhole Exploiter, analyst Dan Smith details how the "120.69k wstETH and 3.21k rETH ($225M of assets)" were recovered.

When "The Exploiter added a stop-loss trigger to vault 30100 just 9 minutes after opening the vault..." the game was over.

Stop-loss or other automation controls available to manage Maker vaults, provided by both Oasis and DeFi Saver, are automated through bot contracts. Oasis launched automation of their vaults in July 2022 and while they do report having an audit conducted on their "Multiply Contracts" by Chain Security this was done almost a year prior in September 2021.

Perhaps if an audit had been done the hacker would have known ahead of time not to make use of the very helpful automation features, but unfortunately for them, knowingly or not, Oasis had left a backdoor open to any vault using the same bot contracts.

Relevant Addresses

Dan Smith identified five addresses used in the recovery process:

Oasis Multisig (0x85): A 4 of 12 multisig that owns the Oasis proxy contracts.
Holder (0x5f): Currently holds the recovered funds and appears to be owned by Jump.
Sender (0x04): Responsible for executing the counter exploit and appears to be owned by Jump.
Jump1 (0xf8): Funded the Sender with DAI to repay the debt and recover the collateral...
Jump2 (0xf5): Received leftover DAI from the Sender. Commonly labeled “Jump Trading,”...

Recovery Procedure

Sender is added to the Oasis Multsig
Sender upgrades the automation proxy contract
Sender uses the new proxy to move both the attacker's collateral and debt out of their control

There's more nuance to exactly how this played out, so for full details make sure to read Dan's full report.

Jump?

Jump Crypto is involved in this story because, according to Blockworks, they are "the crypto arm of Jump Trading, which was involved in the development of the Wormhole protocol."

CIO of Jump Trading, Dan Olsen, is quoted a month after the initial hack happened to have said that "this is not something that we will become distracted by next month or next year — this is a permanent condition."

Is this Victory?

While Jump could have been motivated purely by recovering funds they had put up to make users whole a year ago:

jump_crypto 🔥💃🏻 @jump_

.@JumpCryptoHQ believes in a multichain future and that @wormholecrypto is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.

Counter-exploiting the attacker by taking over a user's vault by way of upgradable contracts raised eyebrows from across the crypto-ecosystem. Could this be called a white-hat move?

But if Oasis or another signer on the Oasis multisig could do that to the Wormhole hacker, could they do the same to them? Concern from average Maker protocol and Oasis users over the security of their own vaults was great enough that a lengthy response from the Oasis CEO was made:

chrisb.eth 🦇🔊 @chrisbducky

TLDR; OASIS.APP CAN NEVER BE COMPELLED TO DO WHAT IT DID TO THE WORMHOLE HACKER AGAIN - OUR AUTOMATION CONTRACTS ARE NOW FULLY DECENTRALIZED Please read on for a detailed account of how we got here and why we made the decisions we did👇

Implications & Precedents

Ultimately, this story, while may raise mixed feelings among some DeFi users, was an eye-opening event around the risks of upgradable contracts.

It also brought to light the possibility for multisigs to be served a court order if the members are known to the public. In a followup editorial also published by Blockworks:

“The nuance here is that a few days before all of this happened, what they described as a white [hat] group came to [Oasis] and identified a [previous] ‘vulnerability’ within this multisig proxy contract... And once that was realized by them, and apparently realized by the court as well, the opportunity for unilateral action by this multisig was actually possible, and that’s what the court appears to have enforced.” - Joe Coll, Blockworks/Framework Ventures

BANK utility (BanklessDAO token)

With over 5,000 holders, BANK is one of the most widely held social tokens in crypto. So it bears asking, where are the best places to put our BANK to use? The five protocols below will allow you to deposit BANK in a liquidity pool and earn rewards. To get going, just click on the name, connect to the app, filter by BANK, and start earning passive income.

BanklessDAO 🏴 @banklessDAO

Resident tokenomist @ffstrauf turns inward, analyzing BanklessDAO's $BANK token and showing us how a movement becomes an incentivized community of buidlers (Cov @dippudo)

medium.comTokenomics 101: BanklessDAOHow a Movement Becomes a Tokenized Start-up Incubator

⚖️ Balancer

Balancer has two 80/20 liquidity pools, meaning that you are required to deposit 80% BANK and 20% ETH in the pool. There is one pool on Ethereum and another on Polygon. Once you’ve provided liquidity, you’ll receive LP tokens. Keep an eye out for opportunities to stake these LP tokens. There is nearly 500,000 USD in the two Balancer liquidity pools.

🍣 SushiSwap

SushiSwap has a 50/50 BANK/ETH pool. As with Balancer, you will receive LP tokens, and while you can’t stake them on SushiSwap’s Onsen Farm yet, you may be able to in the future. Liquidity providers earn a .25% fee on all trades proportional to their pool share. The SushiSwap pool has a little over 100,000 USD in liquidity.

⏛ Rari Fuse PoolDeprecated Soon

This will be deprecated soon. The Rari Fuse Pool allows you to borrow against your BANK or earn huge APY by providing assets like DAI to the pool. At present, all borrowing is paused for this pool. There is over 450,000 USD deposited in the Pool

🦄 Uniswap

The Uniswap V3 liquidity pool is 50/50 BANK/ETH, and provides a price oracle for the Rari Fuse Pool. By depositing in the Uniswap pool, you can earn fees and help enable borrowing on Rari. This pool currently has over 500,000 USD in liquidity.

🪐 Arrakis

You can also provide liquidity to the Arrakis Uniswap V3 pool. The ratio is about 2/1 BANK/ETH. This pool is new, and only has a bit more than $6,000 in liquidity. In the future, you may be able to stake your BANK/ETH LP tokens within the protocol to earn additional rewards.

BanklessDAO