DeFi Bulletin: TVL Surpasses $50 Billion, Yearn Finance Loses $1.4 Million

The total value locked (TVL) in DeFi protocols has surged to an impressive $51.5 billion. Leading the pack is Lido with $20.7 billion, followed by Maker with $8.4 billion, and JustLend with $6.5 billion.

In the realm of Ethereum applications, the TVL has reached $28.4 billion, with decentralized exchange (DEX) trading volumes totaling $77.1 billion over the past 30 days.

Uniswap continues to dominate the non-custodial exchange market, commanding a 55.7% share of the total trading volume. PancakeSwap holds the second position with 15.1%, followed by Trader Joe at 8%.

The decentralized exchange OKX suffered a security exploit, resulting in a loss of $2.76 million. It was attributed to a suspected leak of an administrator's proxy server private key. PeckShield experts estimated the damages at this staggering amount.

According to SlowMist analysis, users authorize the TokenApprove contract when trading on the platform. This contract then transfers the user's tokens. The ClaimTokens function allows a trusted DEX proxy server to execute it. These servers are managed by administrators who can make changes to the smart contract independently.

On December 12, one of the servers was updated by its owner, enabling direct execution of ClaimTokens to transfer user tokens. This exploit was seized upon by malicious actors.

A "mistaken scenario" during a multi-signature transaction led to Yearn Finance losing 63% of treasury funds in the Lp yCRV pool, resulting in a $1.4 million loss. This incident occurred during the "ordinary token fee conversion process."

The yCRV liquid staking token represents CRV in the protocol's pool. The project invests funds in supporting liquidity and earns fees in return.

However, due to a scenario failure on the DEX CoW Swap, all treasury funds were sent to one of the protocol's largest pools. This transaction caused significant price slippage, which was exploited by arbitrageurs and other market participants.

To prevent such incidents, Yearn Finance has implemented several precautionary measures, including separating treasury funds into contracts with individual managers, introducing more readable output messages in trading scripts, and tightening price impact thresholds.

On December 14, SafeMoon attorney Mark Rose filed for bankruptcy on behalf of the DeFi project. The SFM token saw a sharp decline in response to the news.

Documents under Chapter 7 of the U.S. Bankruptcy Code were submitted to the Utah district court. SafeMoon US LLC estimated its assets to be in the range of $10 million to $50 million, with liabilities ranging from $100,001 to $500,000.

In the wake of this announcement, the SFM token plummeted to $0.000055. Over the past week, the coin has lost 22.4% of its value, according to CoinGecko.

The hacker responsible for breaching the Nirvana Finance yield farming protocol and an undisclosed DEX has pleaded guilty and agreed to forfeit stolen assets worth $12.3 million.

According to the U.S. prosecutors, in the summer of 2022, 34-year-old senior security engineer Shakib Ahmed exploited a vulnerability in the smart contract of an unnamed exchange. He later attacked Nirvana Finance using flash loans, withdrawing $3.49 million in cryptocurrencies from the project's treasury. Despite negotiations, no agreement was reached between the hacker and the protocol's developers. The stolen funds were exchanged for Monero and laundered through Samourai Whirlpool.