Liquity scare hits DeFi as Ethereum Foundation sinks $120M into sector
While the frequency of once-common nine-figure hacks has waned in recent months, the decentralized finance (DeFi) sector remains a dangerous place.
An $85 million scare and a $9.5 million hack have directly preceded the Ethereum Foundation’s show of confidence in DeFi, as it deposits $120 million of ether (ETH) into key protocols Aave, (Maker spin-off) Spark, and Compound Finance.
However, just yesterday, users of DeFi protocol Liquity V2 were advised to withdraw their funds, after the team discovered a “potential issue” in the project’s Stability Pools.
Liquity, the issuer of LUSD and BOLD stablecoins, is an immutable protocol and therefore unable to pause or upgrade the affected pools. In the event of a critical vulnerability, it would be up to users to be aware of the issue and withdraw any funds.
Read more: Ethereum Foundation’s response to community backlash — dump more ETH
Liquity is a well-established DeFi protocol, whose V1 has accrued over $300 million in total value locked (TVL) since launching in 2021, according to data from DeFiLlama.
Its V2 launched last month and grew to almost $85 million TVL before yesterday’s news. Despite the warning, $68 million still remains in the V2.
The scare came the day after a $9.5 million hack of another DeFi platform, zkLend, for $9.5 million on Starknet. After announcing the incident, the team offered the hacker a 10% bounty via X and an on-chain message in exchange for the return of the remaining funds 3,300 ETH.
Blockchain security firm SlowMist identified the root cause of the exploit as a rounding issue during the withdrawals process and linked the attacker’s address to the 2023 EraLend exploit.
Putting ETH to work
Following recent criticism over focus and leadership, the Ethereum Foundation has followed through with a show of support for its decentralized finance (DeFi) sector.
Three weeks after setting up a multisig wallet aiming “to participate in the DeFi ecosystem,” the foundation is putting its money where its mouth is, with a total of 45,000 ETH ($120 million) deposited into DeFi lending protocols Aave, Spark, and Compound Finance.
Read more: Vitalik to Ethereum Foundation critics: ‘This is not how this game works’
Blockchain security firm PeckShield, better known for alerting the DeFi community to devastating hacks, flagged the movements, with the foundation confirming the deposits an hour later.
Will funds be SAFU?
The protocols trusted by the foundation are so far well-established and have a generally strong reputation for security — though not without some incidents.
Last August, Aave was hit by a minor hack of $56,000 from a periphery contract, likened to a raid of the tip jar. In May 2023, unintended effects of an update to Aave’s V2 on certain chains froze assets worth over $100 million for a week.
A similar issue hit Compound Finance on a larger scale in 2022, with $830 million of ETH lending markets bricked for a week. The previous year, Compound accidentally distributed an excess $80 million in COMP rewards, and a further $69 million while the fix was pending.
More recently, the Compound DAO was targeted by a malicious governance “attack” which passed, seemingly due to a lack of interest, after a notorious DeFi “whale,” known as Humpy, bought up COMP tokens for voting purposes.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.