Badger DAO(BADGER)

The Riga cypherpunk reunion convened around the Lightning Network, privacy and a strong anti-CBDC sentiment.

Liquidity protocol Balancer has disclosed that it has discovered a critical vulnerability that has impacted over 100 of its v2 pools spread across eight different blockchains. The team at Balancer has posted a list of the impacted pools on its GitHub page while also activating its emergency subDAO. Critical Vulnerability Discovered Balancer announced the discovery of the vulnerability in a post on X (formerly Twitter), stating that it had initiated emergency mitigation features. The protocol also urged users to withdraw funds from the impacted pools. “Balancer has received a critical vulnerability report affecting a number of V2 Pools. Emergency mitigation procedures have been executed to secure a majority of TVL, but some funds remain at risk. Users are advised to withdraw affected LPs immediately.” The protocol stated that the issue had been mitigated in about 80% of the impacted pools. Meanwhile, the remaining 20% of the impacted pools represented around 4% of Balancer’s total value locked (TVL). Balancer stated in its forum, “Balancer Labs received a report of a critical vulnerability affecting a number of pools. We were able to mitigate over 80% of these; the remaining funds at risk represent about 4% of Balancer TVL.” Funds Remain Safe The protocol also assured users that, at this point, the vulnerability had not been exploited, and all funds remained safe. Balancer added that pools labeled mitigated were safe but still urged users to migrate to safe pools or withdraw for the time being. The team also urged liquidity providers to exit their positions from impacted pools immediately. Jeff Bennett, a software engineer at Balancer Labs, said in a post, “We believe funds in the mitigated pools (labeled ‘mitigated’) are safe, but nevertheless strongly recommend timely migration to safe pools or withdrawal. Pools that could not be mitigated are labeled ‘at risk.’ If you are [a liquidity provider] in any of these pools, please exit immediately.” Users have heeded the warnings from the protocol following the discovery of the vulnerability. As a result of users withdrawing liquidity, the protocol’s total value locked dropped by nearly $100 million amidst the rush of withdrawals. Balancer has also stated that it would be conducting a thorough post-mortem of the vulnerability and would publish details about it and how it was addressed soon. This is not the first time Balancer has asked users to pull liquidity from its pools. In January, the protocol had advised liquidity providers to pull liquidity citing “ongoing issues. Balancer’s Native Token Registers Significant Drop The unfolding situation unsurprisingly had an immediate impact on the market. As a result of the discovery of the vulnerability, Balancer’s native BAL token registered a drop of over 4%. However, the value has recovered with the protocol moving swiftly to mitigate the vulnerability and communicate with users. Currently, the token is trading at around $3.51, according to data from CoinMarketCap. Meanwhile, Spencer Hughes, a Blockworks Research Analyst, observed that the discovery of the Balancer vulnerability demonstrated the fact that smart contract audits cannot guarantee complete safety. However, he added that these audits never claimed to be a hundred percent foolproof. “With ~$830M TVL, a Balancer exploit would have left one of the most prominent DEXs for dead. Emergency SubDAOs are definitely very important for all DeFi protocols, and it is great that they were able to act before anything malicious could occur.” The Curve Hack While Balancer has moved fast to mitigate any potential damage, the DeFi space has been reeling from a spate of exploits. Recently, an exploit in the Curve Finance platform put over $100 million in crypto at risk, significantly amplifying concerns around the decentralized finance (DeFi) ecosystem. At the heart of the exploit was a re-entrancy bug that was found in Vyper, a programming language critical to Curve’s system. The vulnerability allowed hackers to drain several stablecoin pools on Curve, leading to a significant disruption of the price and liquidity of several DeFi services. Other major exploits in the DeFi space include the Ronin exploit, which saw the Ronin Network lose a staggering $622 million. The exploit was a result of a breach in the Ethereum sidechain. BadgerDAO also fell victim to hackers, losing around $80 million to hackers. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Liquidity protocol Balancer has disclosed that it has discovered a critical vulnerability that has impacted over 100 of its v2 pools spread across eight different blockchains. The team at Balancer has posted a list of the impacted pools on its GitHub page while also activating its emergency subDAO. Critical Vulnerability Discovered Balancer announced the discovery of the vulnerability in a post on X (formerly Twitter), stating that it had initiated emergency mitigation features. The protocol also urged users to withdraw funds from the impacted pools. “Balancer has received a critical vulnerability report affecting a number of V2 Pools. Emergency mitigation procedures have been executed to secure a majority of TVL, but some funds remain at risk. Users are advised to withdraw affected LPs immediately.” The protocol stated that the issue had been mitigated in about 80% of the impacted pools. Meanwhile, the remaining 20% of the impacted pools represented around 4% of Balancer’s total value locked (TVL). Balancer stated in its forum, “Balancer Labs received a report of a critical vulnerability affecting a number of pools. We were able to mitigate over 80% of these; the remaining funds at risk represent about 4% of Balancer TVL.” Funds Remain Safe The protocol also assured users that, at this point, the vulnerability had not been exploited, and all funds remained safe. Balancer added that pools labeled mitigated were safe but still urged users to migrate to safe pools or withdraw for the time being. The team also urged liquidity providers to exit their positions from impacted pools immediately. Jeff Bennett, a software engineer at Balancer Labs, said in a post, “We believe funds in the mitigated pools (labeled ‘mitigated’) are safe, but nevertheless strongly recommend timely migration to safe pools or withdrawal. Pools that could not be mitigated are labeled ‘at risk.’ If you are [a liquidity provider] in any of these pools, please exit immediately.” Users have heeded the warnings from the protocol following the discovery of the vulnerability. As a result of users withdrawing liquidity, the protocol’s total value locked dropped by nearly $100 million amidst the rush of withdrawals. Balancer has also stated that it would be conducting a thorough post-mortem of the vulnerability and would publish details about it and how it was addressed soon. This is not the first time Balancer has asked users to pull liquidity from its pools. In January, the protocol had advised liquidity providers to pull liquidity citing “ongoing issues. Balancer’s Native Token Registers Significant Drop The unfolding situation unsurprisingly had an immediate impact on the market. As a result of the discovery of the vulnerability, Balancer’s native BAL token registered a drop of over 4%. However, the value has recovered with the protocol moving swiftly to mitigate the vulnerability and communicate with users. Currently, the token is trading at around $3.51, according to data from CoinMarketCap. Meanwhile, Spencer Hughes, a Blockworks Research Analyst, observed that the discovery of the Balancer vulnerability demonstrated the fact that smart contract audits cannot guarantee complete safety. However, he added that these audits never claimed to be a hundred percent foolproof. “With ~$830M TVL, a Balancer exploit would have left one of the most prominent DEXs for dead. Emergency SubDAOs are definitely very important for all DeFi protocols, and it is great that they were able to act before anything malicious could occur.” The Curve Hack While Balancer has moved fast to mitigate any potential damage, the DeFi space has been reeling from a spate of exploits. Recently, an exploit in the Curve Finance platform put over $100 million in crypto at risk, significantly amplifying concerns around the decentralized finance (DeFi) ecosystem. At the heart of the exploit was a re-entrancy bug that was found in Vyper, a programming language critical to Curve’s system. The vulnerability allowed hackers to drain several stablecoin pools on Curve, leading to a significant disruption of the price and liquidity of several DeFi services. Other major exploits in the DeFi space include the Ronin exploit, which saw the Ronin Network lose a staggering $622 million. The exploit was a result of a breach in the Ethereum sidechain. BadgerDAO also fell victim to hackers, losing around $80 million to hackers. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

An exploit in the Curve Finance platform has put more than $100 million in cryptocurrency at risk, intensifying security concerns in Ethereum's decentralized finance (DeFi) ecosystem. Central to this exploit is a "re-entrancy" bug in Vyper, the programming language instrumental to Curve's system. This vulnerability has provided hackers with an avenue to drain several stablecoin pools on the platform, unsettling the pricing and liquidity of numerous DeFi services. While it's uncertain how much has been drained due to the attack, BlockSec, a blockchain auditing firm, projects the total losses to be above $42 million. Curve hosts 232 different pools. Despite this number, only those using Vyper versions 0.2.15, 0.2.16, and 0.3.0 have been identified as at risk, according to Mimaklas, a member of the Curve team. Mimaklas added: "all affected pools have been drained or white hacked, and the team is assessing the situation with affected teams." Echoes of Past DeFi Attacks This incident isn't a one-off in the DeFi landscape. The space has been plagued by a series of attacks in recent times. Just last year, the Ronin Network lost a staggering $622 million to hackers due to a breach in the Ethereum sidechain. BadgerDAO also fell prey to an $80 million heist, sparking widespread concerns over the security practices in the DeFi sector. Fallout: Impact on CRV Token and DeFi Sector The exploit has sent ripples across the trading markets fo Curve DAO’s native CRV token. The token's value tumbled by 17%, standing at $0.61 at press time. This price plummet could instigate a forced liquidation on Curve’s founder's $70 million borrowing position on Aave, further complicating the situation. These recurring incursions underscore the urgent need for robust security measures and rigorous audit practices within the DeFi ecosystem. As the DeFi sphere continues to expand, tackling these challenges head-on becomes increasingly crucial to protect participants' assets and uphold confidence in the system's resilience. Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Financial advisors will want a simple story to tell.

A major highlight of the recent Baltic Honeybadger 2017 conference in Riga, Latvia was the final panel at the end of the second day of events, which consisted of a number of well-known developers in the Bitcoin ecosystem. During the panel discussion, the developers shared their thoughts on the current state of privacy in Bitcoin. Various participants on the panel pointed out the close relationship between privacy and scalability, the privacy issues with light wallets, and how the ecosystem is now on the cusp of a number of different privacy enhancements. Bitcoin Privacy Improves as the Technology Scales by Default The first panelist to comment on the topic of privacy in Bitcoin was applied cryptography consultant and sometimes Bitcoin Core contributor Peter Todd. For Todd, the main point he wanted to get across was that improved privacy is something that is inherently associated with better scalability of the system. “The whole reason why Bitcoin has such terrible privacy is everyone has everyone else’s transactions, and any scalability measure that makes Bitcoin scale better inevitably is going to make fewer people have fewer people’s data,” said Todd. Todd noted that people who use centralized off-chain services like Coinbase may have better privacy than those who are transacting on the public blockchain, depending on their threat model. For example, Coinbase knows everything that Coinbase users are doing, but North Korea knows nothing about these transactions because they’re processed on Coinbase’s internal servers. “As we go scale this tech up, if we do so successfully, we will get improved privacy no matter what we do,” added Todd, who pointed to the Lightning Network as a perfect example of this concept in practice. In terms of privacy-focused altcoins, such as Monero and Zcash, Todd claimed the scalability situation is actually worse. “Zcash and Monero both essentially have accumulators that mean that nodes need more data to go and process transactions,” explained Todd. “There are tradeoffs around this . . . but a lot of this tech isn’t there yet and it just makes things more complex.” Better Privacy Needs to Be Balanced with Usability When SatoshiLabs CTO Pavol Rusnak commented on Bitcoin privacy, he brought up the issue of usability in terms of future privacy improvements. In his view, there is a triangle of tradeoffs between privacy, security, and usability that must be understood. As a specific example, Rusnak pointed to MimbleWimble, which is a proposal for a much more private and scalable blockchain. Rusnak noted that while the proposal may improve the privacy situation, it also degrades usability by removing the ability to view one’s transaction history on the blockchain. “The question is: If there is a coin that has security and privacy but it loses usability because of its transaction history, will people be interested in using it?” asked Rusnak. “I think yes. But it’s still — we have a lot of people who are Trezor users and they really tend to look into their transaction history. They put labels everywhere.” Rusnak went on to add that there is no “silver bullet” that can be applied to every use case out there. The Privacy Problem for SPV Wallets As the microphone was handed over to Libbitcoin lead maintainer Eric Voskuil, he brought up the issue of wallets based on simplified payment verification (SPV). “I’d like to get client-server scenarios out of the P2P protocol,” said Voskuil. “I think it’s creeping in a bad direction.” In Voskuil’s view, shortcuts have been taken in order to implement more user-friendly bitcoin wallets. Some of these shortcuts have created new problems, and Voskuil specifically pointed to the issue of bloom filters, which are used in SPV wallets. “You can think of it as a DoS attack against nodes, it gives up privacy, there’s just nothing good about it,” said Voskuil. As Voskuil explained, those who use these bloom filters are giving some anonymous node on the network — which may actually be a node operated by a blockchain analytics company — an IP address to attach to a transaction. In Voskuil’s view, it would be better to simply connect to a server via the Tor network and publish a transaction there. That way, no one would know where it came from. Ciphrex CEO and Bitcoin Core contributor Eric Lombrozo agreed with Voskuil’s comments on bloom filters, and he indicated that the sync time associated with operating a full node is what pushes users to these less-secure, less-private wallets in the first place. “Right now, verification is not that cheap, and that’s a problem because then you basically end up outsourcing this to third parties, and that changes the entire security model of Bitcoin,” said Lombrozo. Lombrozo went on to refer to bloom filters as “a hack” that was never really fleshed out or well designed at all. “You don’t have to download entire blocks, but you do give up tremendous amounts of privacy,” Lombrozo added. In the past, Chaincode Labs’s Matt Corallo, who was a co-author of the Bitcoin Improvement Proposal (BIP) related to bloom filters, has said he regrets ever writing up the idea. Lombrozo also pointed to Lightning Network developers Olaoluwa Osuntokun and Alex Akselrod’s proposal for client-side filtering in light clients, which would improve the privacy issues related to the use of SPV. “It gives you better privacy,” explained Lombrozo. “You can actually download a filter associated with a block and on your node you can actually check whether that block might contain transactions you’re interested in before you download the entire block.” Lombrozo also brought up BIP 151, which was authored by Bitcoin Core contributor Jonas Schnelli. The point of this proposal is to encrypt the data being sent over the P2P protocol, which could offer an obvious privacy improvement for light clients in terms of making their network communications less public. Blockstream CEO Adam Back also agreed with the idea that bloom filters are not very good for user privacy. However, Back also clarified that most of the light wallets available today, even the ones on smartphones, are not pure SPV wallets. Instead, the user usually connects to a server provided by the wallet developer or points the wallet at the user’s own full node running at home (or some combination of the two). For this reason, Back wondered whether there is much of a need for SPV wallets in Bitcoin. “If you already have two crosschecks — a semi-trusted node and an option of your own node — then do we really need the SPV protocol?” asked Back. “Because you’re allowing yourself to be surrounded by people who are trying to spy on your privacy — the people doing the kind of Chainanalysis kinds of things are running lots of crawlers on the network and being SPV providers to many wallets.” On the Cusp of Improvements in Bitcoin Privacy The most privacy-focused individual on the panel may have been JoinMarket developer Adam Gibson. JoinMarket is the most widely-used implementation of CoinJoin, which is a way for users to mix their bitcoins with each other and obscure their transaction history. Gibson continued Todd’s point on the relationship between privacy and scalability by specifically talking about Blockstream Mathematician Andrew Poelstra’s concept of scriptless scripts. “The way I’d put it is it’s like taking the semantics of the transaction off chain, so you may still have a transaction but the meaning of it is obscured [and] it becomes a lot more private,” explained Gibson. “For example, you might do a coin swap where you and I swap the history of our coins, but we do it in such a way that it just looks like a totally ordinary transaction. In fact, it’s impossible to distinguish from an ordinary transaction.” According to Gibson, there are many other examples of ways in which data can be taken off of the base Bitcoin blockchain layer to improve privacy. Like Todd, Gibson pointed to the Lightning Network as another obvious example. Gibson also pointed out that he’s now more excited by the concept of Confidential Transactions due to a recent paper that describes a way to massively improve the efficiency of these types of transactions, which are meant to mask the amounts associated with transactions. The JoinMarket developer went on to describe a world where Confidential Transactions are combined with CoinJoin to mask the most important attributes of Bitcoin transactions. In fact, Gibson indicated that this sort of combination can be done in a manner that makes privacy-conscious transactions cheaper than traditional Bitcoin transactions. Gibson also pointed to Schnorr signatures and MAST as two other upcoming improvements that could have implications for user privacy, but he also indicated that there is not much users can do to improve their own privacy today — outside of using JoinMarket or practicing good Bitcoin privacy hygiene such as avoiding address reuse. This is all in addition to the previous privacy improvements for light clients described by Lombrozo. “There’s a lot of very close things at this point, which makes me a bit more positive than I might have been before,” concluded Gibson.

A major highlight of the recent Baltic Honeybadger 2017 conference in Riga, Latvia was the final panel at the end of the second day of events, which consisted of a number of well-known developers in the Bitcoin ecosystem. During the panel discussion, the developers shared their thoughts on the current state of privacy in Bitcoin. Various participants on the panel pointed out the close relationship between privacy and scalability, the privacy issues with light wallets, and how the ecosystem is now on the cusp of a number of different privacy enhancements. Bitcoin Privacy Improves as the Technology Scales by Default The first panelist to comment on the topic of privacy in Bitcoin was applied cryptography consultant and sometimes Bitcoin Core contributor Peter Todd. For Todd, the main point he wanted to get across was that improved privacy is something that is inherently associated with better scalability of the system. “The whole reason why Bitcoin has such terrible privacy is everyone has everyone else’s transactions, and any scalability measure that makes Bitcoin scale better inevitably is going to make fewer people have fewer people’s data,” said Todd. Todd noted that people who use centralized off-chain services like Coinbase may have better privacy than those who are transacting on the public blockchain, depending on their threat model. For example, Coinbase knows everything that Coinbase users are doing, but North Korea knows nothing about these transactions because they’re processed on Coinbase’s internal servers. “As we go scale this tech up, if we do so successfully, we will get improved privacy no matter what we do,” added Todd, who pointed to the Lightning Network as a perfect example of this concept in practice. In terms of privacy-focused altcoins, such as Monero and Zcash, Todd claimed the scalability situation is actually worse. “Zcash and Monero both essentially have accumulators that mean that nodes need more data to go and process transactions,” explained Todd. “There are tradeoffs around this . . . but a lot of this tech isn’t there yet and it just makes things more complex.” Better Privacy Needs to Be Balanced with Usability When SatoshiLabs CTO Pavol Rusnak commented on Bitcoin privacy, he brought up the issue of usability in terms of future privacy improvements. In his view, there is a triangle of tradeoffs between privacy, security, and usability that must be understood. As a specific example, Rusnak pointed to MimbleWimble, which is a proposal for a much more private and scalable blockchain. Rusnak noted that while the proposal may improve the privacy situation, it also degrades usability by removing the ability to view one’s transaction history on the blockchain. “The question is: If there is a coin that has security and privacy but it loses usability because of its transaction history, will people be interested in using it?” asked Rusnak. “I think yes. But it’s still — we have a lot of people who are Trezor users and they really tend to look into their transaction history. They put labels everywhere.” Rusnak went on to add that there is no “silver bullet” that can be applied to every use case out there. The Privacy Problem for SPV Wallets As the microphone was handed over to Libbitcoin lead maintainer Eric Voskuil, he brought up the issue of wallets based on simplified payment verification (SPV). “I’d like to get client-server scenarios out of the P2P protocol,” said Voskuil. “I think it’s creeping in a bad direction.” In Voskuil’s view, shortcuts have been taken in order to implement more user-friendly bitcoin wallets. Some of these shortcuts have created new problems, and Voskuil specifically pointed to the issue of bloom filters, which are used in SPV wallets. “You can think of it as a DoS attack against nodes, it gives up privacy, there’s just nothing good about it,” said Voskuil. As Voskuil explained, those who use these bloom filters are giving some anonymous node on the network — which may actually be a node operated by a blockchain analytics company — an IP address to attach to a transaction. In Voskuil’s view, it would be better to simply connect to a server via the Tor network and publish a transaction there. That way, no one would know where it came from. Ciphrex CEO and Bitcoin Core contributor Eric Lombrozo agreed with Voskuil’s comments on bloom filters, and he indicated that the sync time associated with operating a full node is what pushes users to these less-secure, less-private wallets in the first place. “Right now, verification is not that cheap, and that’s a problem because then you basically end up outsourcing this to third parties, and that changes the entire security model of Bitcoin,” said Lombrozo. Lombrozo went on to refer to bloom filters as “a hack” that was never really fleshed out or well designed at all. “You don’t have to download entire blocks, but you do give up tremendous amounts of privacy,” Lombrozo added. In the past, Chaincode Labs’s Matt Corallo, who was a co-author of the Bitcoin Improvement Proposal (BIP) related to bloom filters, has said he regrets ever writing up the idea. Lombrozo also pointed to Lightning Network developers Olaoluwa Osuntokun and Alex Akselrod’s proposal for client-side filtering in light clients, which would improve the privacy issues related to the use of SPV. “It gives you better privacy,” explained Lombrozo. “You can actually download a filter associated with a block and on your node you can actually check whether that block might contain transactions you’re interested in before you download the entire block.” Lombrozo also brought up BIP 151, which was authored by Bitcoin Core contributor Jonas Schnelli. The point of this proposal is to encrypt the data being sent over the P2P protocol, which could offer an obvious privacy improvement for light clients in terms of making their network communications less public. Blockstream CEO Adam Back also agreed with the idea that bloom filters are not very good for user privacy. However, Back also clarified that most of the light wallets available today, even the ones on smartphones, are not pure SPV wallets. Instead, the user usually connects to a server provided by the wallet developer or points the wallet at the user’s own full node running at home (or some combination of the two). For this reason, Back wondered whether there is much of a need for SPV wallets in Bitcoin. “If you already have two crosschecks — a semi-trusted node and an option of your own node — then do we really need the SPV protocol?” asked Back. “Because you’re allowing yourself to be surrounded by people who are trying to spy on your privacy — the people doing the kind of Chainanalysis kinds of things are running lots of crawlers on the network and being SPV providers to many wallets.” On the Cusp of Improvements in Bitcoin Privacy The most privacy-focused individual on the panel may have been JoinMarket developer Adam Gibson. JoinMarket is the most widely-used implementation of CoinJoin, which is a way for users to mix their bitcoins with each other and obscure their transaction history. Gibson continued Todd’s point on the relationship between privacy and scalability by specifically talking about Blockstream Mathematician Andrew Poelstra’s concept of scriptless scripts. “The way I’d put it is it’s like taking the semantics of the transaction off chain, so you may still have a transaction but the meaning of it is obscured [and] it becomes a lot more private,” explained Gibson. “For example, you might do a coin swap where you and I swap the history of our coins, but we do it in such a way that it just looks like a totally ordinary transaction. In fact, it’s impossible to distinguish from an ordinary transaction.” According to Gibson, there are many other examples of ways in which data can be taken off of the base Bitcoin blockchain layer to improve privacy. Like Todd, Gibson pointed to the Lightning Network as another obvious example. Gibson also pointed out that he’s now more excited by the concept of Confidential Transactions due to a recent paper that describes a way to massively improve the efficiency of these types of transactions, which are meant to mask the amounts associated with transactions. The JoinMarket developer went on to describe a world where Confidential Transactions are combined with CoinJoin to mask the most important attributes of Bitcoin transactions. In fact, Gibson indicated that this sort of combination can be done in a manner that makes privacy-conscious transactions cheaper than traditional Bitcoin transactions. Gibson also pointed to Schnorr signatures and MAST as two other upcoming improvements that could have implications for user privacy, but he also indicated that there is not much users can do to improve their own privacy today — outside of using JoinMarket or practicing good Bitcoin privacy hygiene such as avoiding address reuse. This is all in addition to the previous privacy improvements for light clients described by Lombrozo. “There’s a lot of very close things at this point, which makes me a bit more positive than I might have been before,” concluded Gibson.