It's Complicated: New Attacks Shine Light on DeFi User/Builder Relationship

As in any relationship, communication is key. Also, Ren Alliance launches, saveDai wraps interest and insurance, virtual real estate was used to back a loan.

Hello Defiers! Here’s what’s going on in decentralized finance,

  • A financial attack on the iEarn platform sparks debate on the responsibilities of DeFi users and builders

  • Ren gets closer to delivering cross-chain transactions

  • Insured interest-bearing tokens are coming up

and more :)


Emergencies Complicate DeFi User/Builder Relationship

There was another financial attack to a DeFi platform over the weekend. The scheme resulted in a frenzied community who saw some of the transactions and demanded answers from the project’s founder, and in the resignation of the founder who felt he was the victim of a witch-hunt.

The scheme involved the iEarn platform and three independent traders: 1) the initial schemer, 2) an opportunistic trader who wanted to profit from the imbalances the schemer was creating, 3) a friendly whale who was asked to jump in to fix the mess.

A series of swaps between two stablecoins with the presumably deliberate goal to manipulate the market backfired on the initial schemer and left him down $561,902 because of price slippage. The friendly whale made $420,182 after jumping in, and helped the initial schemer recover some of the losses, which left him down $141,720. The opportunistic trader made $139,957 in the process.

[This is an extremely simplified version of what happened, for a more detailed explanation go to the post mortem by iEearn founder Andre Cronje, and Kerman Kholi’s great posts on the attacks here and here.]

The “Witch Hunt”

The transaction which sparked concern among some DeFi watchers was ironically the one executed by the friendly whale jumping in to rescue the initial schemer from his own attack. With less than a day after the transactions had been executed, Crypto Twitter started demanding an explanation on what was going on, suggesting “something is up” if the team can’t “answer simple questions about people’s money,” and tweeting out alarming and wrong statements, such as one saying the project’s “smart contract has been drained of millions of USD.”

In the meantime, Cronje said in his post mortem of the post mortem that he was busy trying to understand the issue himself (which, if you read the posts referenced above, you’ll see why it could take some time), and also, trying to track down the trader to help minimize losses.

Quitting DeFi

As Twitter mentions piled up, Cronje felt the social pressure was not worth it for a job he had been doing for free and with little help. He announced his departure from DeFi; Building in #DeFi sucks,” the post headline said. In his last update to iEarn, he added slippage protection and disclaimers.

Community Reaction

Some of the most vocal critics, like My Crypto’s Taylor Monahan, said in a post the way to prevent abuse and losses on DeFi shouldn’t be to hurt people, but that users should research and ask questions, and builders should de transparent and answer those questions. Others, like Chris Blec, said in a Twitter thread that while, developers don’t owe the community any answers, they should expect scrutiny as they’re holding millions in users’ money. Still others launched a Gitcoin grant for Cronje to come back and continue working in DeFi, this time for pay.

Should But Can’t

Is it right to expect the same level of response and professionalism from decentralized finance that we get from banks? The answer is we should, but we can’t —for now.

We should because DeFi is supposed to be a better financial system, that’s faster, cheaper, and with more power in the hands of individuals. That includes building platforms which protect users from losing their money and communicating with them when they think they are. Developers are writing code designed to handle people’s money, and they should be held accountable and responsible when it fails.

We can’t because most DeFi platforms simply don’t have the resources to respond as quickly and professionally in an emergency that large financial institutions do, even if they want to.

But because users should get this service, they’ll demand it, and they’re not wrong to do that. There’s a discrepancy in user expectations and projects’ resources, and it will take the space growing and maturing until they’re able to level up.

The rate at which DeFi complexity is increasing is faster than the speed at which projects themselves are growing. This results in traders being able to use and abuse these platforms in mind-blowing ways as funds are pouring in, while the teams behind the platform are still one to a handful of developers trying to keep it together.

Communication Helps Every Relationship

Users should be aware the space is in its very early days and most companies building it aren’t mega-corporations with a help desk available 24/7 and these markets don’t have billions in liquidity and insured funds. That means: research the platforms you’re using, don’t risk more money than what you’re willing to lose, do ask questions, and don’t make unfounded accusations or personal attacks.

Builders of DeFi platforms should expect scrutiny. The best policy is transparency from before the user deposits funds, with proper risk disclosures, to after their funds have been deposited, alerting them when there’s something wrong and disclosing what’s being done about it.

The iEarn and bZx attacks both showed that there’s a complicated balance between speed and accuracy. Trying to immediately answer to the community’s questions and quickly fix damage increases the risk of messing up, while taking the time to give the right questions and make the right fixes can make users nervous. The best way to ease users’ tensions is to clearly communicate the steps being taken.

And lastly —add slippage protection!

Ren Wants to Connect Non-Ethereum Assets to DeFi

Ren announced an alliance of projects helping secure, develop, and use the project’s RenVM system, which has the goal of enabling transfers across different blockchains. The initial members include Aave, AirSwap, Authereum, bZx, and DeFiZap. These projects will integrate assets linked to non Ethereum-based coins such as renBTC and renZEC. The project still hasn’t been released on mainnet.

“Bringing cross-chain assets to Ethereum will expand the utility of DeFi by introducing larger collateral types into the ecosystem.” 

Developers Build First Insured Interest-Bearing Dai Token

As of today, there are plenty of tokens that automatically earn interest. Separately, there are ways to protect against the loss of those tokens. A group of developers want to wrap those things together. saveDai is an Ethereum-based ERC20 token, which earns interest from Compound Finance and is secured via Opyn’s hedging options. The project is still in the works.

A Loan Against Virtual Real Estate Was Just Issued

Someone was able to take tokens representing unique plots of land in a virtual world, and use them to take out a loan denominated in MakerDAO’s Dai stablecoin, in what’s probably the first ever transaction of its kind. Rocket, a non-fungible token based lending platform, announced it issued a loan of 20,000 Dai backed by about $100,000 of virtual real estate on Decentraland. The 6-month loan has an annual interest of 12 percent.

[Correct from previous version which said loan was backed by $10,000 of virtual land]

ProgPoW, The Ethereum Community Speaks: Hudson Jameson

Hudson Jameson, who helps run the Ethereum core developer meetings, wrote a detailed post on the history of the change to the Ethereum mining algorithm known as ProgPow, and his personal opinion on the latest controversy. “In my opinion, ProgPoW isn’t worth it and is dead based on overwhelming evidence of community dissent.”

Bitcoin on Ethereum DeFi is about to surpass Bitcoin on Bitcoin DeFi.


The Defiant is a daily newsletter focusing on decentralized finance, a new financial system that’s being built on top of open blockchains. The space is evolving at breakneck speed and revolutionizing tech and money. Sign up to learn more and keep up on the latest, most interesting developments. Subscribers get full access at $10/month or $100/year, while free signups get only part of the content.

Click here to pay with DAI.There’s a limited amount of OG Memberships at 70 Dai per annual subscription ($100/yr normal price).

About the author: I’m Camila Russo, a financial journalist writing a book on Ethereum with Harper Collins. (Pre-order The Infinite Machine here). I was previously at Bloomberg News in New York, Madrid and Buenos Aires covering markets. I’ve extensively covered crypto and finance, and now I’m diving into DeFi, the intersection of the two.