Quick Take

• Investors of dog-themed project AnubisDAO were  rugged out of $60 million.

• Cream Finance was hacked for $130 million, marking the protocol’s third hack this year.

• Uniswap surpasses $500 billion in total trading volume.

• DevconVI is planned for Fall 2022 in Bogota, Colombia.

Listen to Podcast

AnubisDAO Investors Rugged Out Of $60 Million

Investors of a new dog-themed project called AnubisDAO, have been rugged out of $60 million. Following a dog theme, Anubis, which is an Egyptian god of death that has a dog's head, sold ANKH tokens in exchange for WETH. The project raised more than $60 million through a token sale that began last Thursday and ended on Friday.

Just twenty hours into the token sale, the funds raised were taken out of the project’s liquidity pool and were sent to a different address. So far the project’s official Twitter account remains silent. One investor, Brian Nguyen, told CNBC that he lost $470,000. He admitted that what appealed to him most about the project was the dog themed imagery associated with the recent success of Dogecoin and Shiba Inu. 

After the rug pull, a crypto influencer known as @0xSisyphus on Twitter offered a 1,000 ETH reward to anyone who could identify the person who controlled the address that drained the pool. Another Twitter user identified a Twitter account (@Beerus) associated with the address. The associated account then disappeared from Twitter within minutes of being identified.

Twenty minutes after the discovery, the associated Twitter account allegedly tweeted under an alternate account called @cryptofan777, claiming that they were a victim of a phishing attack. @cryptofan777 also claimed that they are cooperating with law enforcement and complying with all investigations. Victims of the failed project remain split on whether it was a phishing attack that drained the funds or an outright scam.

Cream Finance Suffers Third Attack

Cream Finance was hacked for the third time with the  attacker taking home more than $130 million worth of assets from Cream’s lending protocol. The attack was executed over multiple transactions due to block gas limits. It was a sophisticated attack with well executed tactics.

The attacker used flash loans to borrow $1.5b of Yearn’s yUSD vault shares against $2b worth of collateral. They then doubled the value of the shares atomically by donating yUSD to the yearn vault. Their debt on Cream Finance became $3b against $2b in collateral. They then defaulted the loan and took a $1b profit. However, Cream Finance only had $130 million in assets available for lending, so the attacker was limited to $130 million.

The attacker diversified his holdings into stablecoins and renBTC. He traded using paraswap over 1inch exchange, which is known to collect information about users and has helped doxx attackers in the past. Cream Finance was last exploited in August due to a similar attack. The protocol suffered its first flash loan attack in February.

Uniswap Surpasses $500 Billion Trading Volume

The Uniswap Protocol has surpassed $500 billion in total trading volume since launching in November 2018. The protocol has processed more than $2 billion in daily volume across V2 and V3 over the last 24 hours. Uniswap is also ranked #7 on DappRadar with more than $10 billion TVL across the protocol.

Arbitrum and Optimism deployments have accounted for $2 billion of the total volume. Over the summer, Uniswap became the first DeFi platform to generate over $1 billion in cumulative fees. Uniswap currently has $125k in grants available for participants of the Unicode virtual hackathon which runs through November 10th. 

Aave Disables $xSushi and $DPI Borrowin

Aave has released an Aave Improvement Proposal (AIP) to disable the borrow function for $xSUSHI and $DPI on V2 of the Aave Protocol. The action is a precautionary measure against a future flash loan attack. The proposal comes as concerns were raised over potential vulnerabilities involved in using $xSUSHI as collateral within the Aave Protocol.

Simulations were run to determine if any attempt to manipulate $xSUSHI on the Aave Protocol would be successful. The simulation results found that the attack is not profitable for an attacker under current market conditions. However, the attack may be profitable if market conditions were to change. If passed, the AIP will also disable borrowing of AMM LP tokens on the Aave Protocol AMM Market.

DevconVI Announced For Fall 2022

Devcon has announced DevconVI planned for Fall 2022 in Bogota, Colombia. Devcon is the world’s largest Ethereum developer conference. The event had been delayed since 2020 due to the coronavirus pandemic. DevconV, the previous in-person event, was held in 2019 in Osaka, Japan. The previous conference attracted more than 3,800 developers. Devcon also teased a potential event scheduled for Spring 2022.