High profile exploits belie important nuances

We examine the recent high profile attacks in the crypto space and how these incidents can help us better understand how protocol risk fits into an overall investment thesis.

April 22, 2022

GettyImages-1296451458.jpg

At a glance

The Wormhole Ethereum-Solana bridge, the Ronin side-chain to Ethereum and most recently the Beanstalk stablecoin protocol have all been involved in recent high profile attacks in the crypto space.

Key takeaways

  • In only one out of three of the cases above (Wormhole), the attack was based on a programming error while the others focused on issues of a structural nature.
  • We believe protocol risk often accounts for a non-trivial part of the premium earned by token holders or accrued to DeFi yields.
  • Quantifying these risks is less about transparency and more about gauging the extent of the complexity built into the system.

Written by

  • David Duong, CFA, Head of Institutional Research

Introduction

Protocol risk is an important component of crypto valuation, but quantifying that risk is complex– not least of all because some of the attacks we have seen in this space are not fully technological in nature. Gauging this risk then depends on an analysis of the overall system design as well as its complexity, which can vary widely. We discuss these considerations in this week’s commentary.

Meanwhile, we recently sat down with the Managing Partners at Multicoin and Coinfund to discuss the institutional crypto landscape and other hot topics on the minds of crypto investors. We published a transcript of ​​the event here.

Weekly Market Call

View replays of our weekly crypto market analyses from our Americas, APAC and EMEA Coinbase Institutional teams, available here.

Market view

We’ve seen a few high profile attacks in the crypto space over the last few months, including exploits on the Wormhole Ethereum-Solana bridge, the Ronin side-chain to Ethereum and most recently the Beanstalk stablecoin protocol. While it's easy to lump these incidents together, understanding how these systems were compromised can help us better understand how protocol risk fits into our overall investment thesis and identify vulnerabilities in an idiosyncratic way. For example, in only one out of three of the cases above (Wormhole), the attack was based on a programming error while the others focused on issues of a structural nature.

- Wormhole was breached in early February when a function in the code that was deprecated on January 13 allowed someone to take advantage of improper validation of the cross-chain oracles known as “guardians.” Guardians are responsible for checking that the right amount of ETH is locked up on the Ethereum network before minting wrapped Solana-compatible tokens (whETH) on the other chain. The attacker took advantage of this to create a fake guardianship account and mint 120k whETH (US$320M at the time) on Solana backed by nothing on Ethereum.

- Ronin sidechain (used by pay-to-earn game Axie Infinity) was breached in late March due to a combination of factors, partly social engineering / human error but also a lack of safety mechanisms, as Axie developer Sky Mavis aggregated too much authority among a subset of validator nodes. This led the attackers to gain access to the private keys of five of nine validator nodes (used in Ronin’s proof-of-authority system) to appropriate 173,600 ETH and 25.5M USDC. This has since been linked to a hacker group in North Korea.

- Finally, the recent attack on Beanstalk leveraged the DeFi project’s governance structure by using a flash loan to borrow funds on Aave to acquire enough governance tokens (Stalk) to have a 67% voting majority and approve a governance proposal to drain $182M of the project’s reserves.

We believe protocol risk often accounts for a non-trivial part of the premium earned by token holders or accrued to DeFi yields. However, it’s not always immediately obvious how a protocol’s structure can be susceptible to manipulation. Quantifying these risks is less about transparency and more about gauging the extent of the complexity built into the system, both in terms of the intrinsic code used to write a protocol as well as in the protocol’s overall design. By “design”, we include a protocol’s level of centralization and/or the scope of its administration by key participants.

With respect to Wormhole, this is an example of how the more complex a system becomes, the more attack vectors it introduces. The way functions were called inside multiple nested smart contracts to verify guardianship signatures may have left it open to attack, in our view. Meanwhile, in the case of Ronin, a majority of the validator network was controlled by one entity, leaving it more susceptible to social engineering, without proper controls for independent consensus. However, as these exploits are patched, we think the systems themselves can also become more resilient as a result, if or when they are given the opportunity.

In the case of Wormhole, Jump Capital promptly stepped in to cover the loss, and activity has since returned to normal (see chart 1), suggesting there has been little damage to sentiment. Of course, this may also reflect the fact that there are currently few cross-chain alternatives for users seeking to move assets to Solana. Meanwhile, Sky Mavis was also able to raise $150M via a funding round led by Binance to help restore funds to the Ronin Bridge. They also plan to expand the network from 9 to 21 nodes and adjust the consensus quorum, among other upgrades. However, outcomes do vary. Beanstalk's stablecoin BEAN is currently trading at a major discount to its dollar-peg while the trail of the stolen funds has been obscured, making recovery difficult.

Chart 1. Deposit and withdrawal activity on Wormhole bridge

Deposit and withdrawal activity on Wormhole bridge

Crypto & Traditional Overview

Crypto & Traditional Overview chart april 22 2022 weekly market commentary

Coinbase Exchange and CES Insights

Exchange

Coinbase Exchange volume chart april 22 2022 weekly market commentary

With the holiday weekend out of the way – during which the market saw volumes drop off significantly – we started seeing an increase starting on Monday (April 18) this week again. The bigger picture is still pointing towards range bound volumes as we start to approach the summer time.

Looking at the volume breakdown over the last week BTC and ETH continue to dominate the pack with buy ratios looking solid in both although ETH has been seeing increased selling pressure on the exchange in the wake of the ETH merge delay news. 

SOL has remained in the third spot of assets by volume traded with exchange clients continuing to accumulate positions despite the recent dip.

Jasmy and APE are also noteworthy as there is speculation on social media that the market in altcoins might be bottoming out on the back of which there have been significant rallies in a number of coins.

For instance Jasmy spiked up to 60% over the last few days followed by a retreat lower amid some profit taking as can be seen in the buy ratios on the exchange. 

A similar trend could be observed in APE with a price spike of over 50% over the last few days and the buy ratio starting to drop to as low as 18% during this move as exchange clients were evidently taking profits.

CES Insights chart april 22 2022 weekly market commentary
crypto buy ratios chart april 22 2022 weekly market commentary

Coinbase Execution Services

On the trading desk, the last week was dominated by two themes. Firstly, we started seeing client allocations to major coins such as BTC and ETH increase again. In addition to that, given the spikes in a number of altcoins over the last week, we also saw interest by clients to buy altcoins that are further out on the risk curve. 

The second theme is that following news that the ETH merge would be delayed, we have seen some reallocations from ETH towards other coins, most notably BTC, although as the market has stabilized, this interest has now subsided.

Bitcoin Technicals

bitcoin technicals chart april 22 2022

After 16 consecutive days of closing below its EMA9 and reaching a 1 month low of $38,549.21 on April 18, bitcoin has closed above its EMA9 for two consecutive days. As a result, this has become a short term support level. That said, bitcoin is now rejecting its 23.60% FIB line (as of April 21) for the fifth time in 8 days and has rejected the EMA20, EMA50 and EMA100 for three straight days which is very bearish given the move higher had little volume. The chart remains in a bearish setup (the supertrend formed on April 8) and if we close below the EMA9 on April 21 and that turns into resistance, BTC will likely retest the mid $38k level followed by the next levels of support around $35k and $32k. BTC would need to retest and then close above the EMA100 $42.8k level in order for the bearish formation to be invalidated. The $38k level looks likely given the StochRSI is retesting slightly overbought territory despite today's selloff.

Financing Rates

financing rates chart april 22 2022

Notable Crypto News

Institutional

  • Australia’s first Bitcoin ETF could attract $1 billion after launch next week (Cointelegraph)
  • Blockchain.com could Look at an IPO as Early as This Year (Coindesk)
  • Framework Ventures unveils $400 million fund with a special focus on blockchain gaming (The Block)
  • SoftBank-Backed Sandbox Said to Seek Funds at $4 Billion Value (Yahoo)

Regulation

  • EU Crypto Firms Protest ‘Alarming’ Anti-Money Laundering Laws (Coindesk)
  • US Treasury sanctions Russian crypto miners, its first sanction on mining (The Block)
  • UK Crypto Industry Hopes for More Clarity From Planned Stablecoin Rules (Coindesk)

General

  • ApeCoin Hits One Month-High Amid Yuga Labs Metaverse Land Sale Rumors (Decrypt)
  • Ethereum DeFi Staple MakerDAO Adds StarkNet Bridge in First Step Toward Multi-Chain (Coindesk)
  • Ethereum DeFi Protocol Beanstalk Hacked for $182 Million (Decrypt)
  • WonderFi set to buy another licensed Canadian crypto exchange (The Block)

Coinbase

View From Around the World

Asia 

21Shares and ETF Securities have jointly launched Australia’s first spot Bitcoin and Ether ETFs in Australia. Both funds will go live on April 27 and will list on CBOE Exchange. The products will be the first in Australia to invest directly in the underlying assets, and the assets will be held with Coinbase. Cosmos Asset Management also has a Bitcoin ETF, but offers this through an investment in Purpose’s Bitcoin ETF instead of the actual physical asset. (Coindesk)

Gulf Energy Development, one of Thailand's largest private power producers, has partnered with Binance to form a joint venture and will apply for a license to operate a digital asset exchange platform in Thailand.  Separately, Gulf Energy has also invested an undisclosed sum in BNB — the native token of Binance’s blockchain. (Forbes)

Europe 

More than 40 crypto business leaders have asked the European Union not to require crypto firms to disclose transaction details and dial down attempts to bring to heel rapidly growing decentralized finance platforms. The European Union, like countries and jurisdictions across the globe, is working to tame the freewheeling crypto sector. The EU is ahead of the United States and Britain in developing a set of rules for the US$2.1T sector. (Reuters)

The Week Ahead

upcoming earnings and crypto events

newsletter.png

Sign up for our insights

Get the latest market insights, developments and updates, direct to your inbox.