Alameda behind stETH de-peg, LayerZero vulnerabilities allegations
This week in Web3 Wednesday:
- Allegations of critical vulnerabilities in LayerZero Protocol, CEO denies
- Remember stETH depegging in June last year? Apparently, it was Alameda
- A major country will legalize $TRX, Justin Sun hints
- Aave V3 launched on Ethereum, already attracting over $50M in liquidity
Allegations of critical vulnerabilities in LayerZero Protocol, CEO denies
In a recent tweet thread, Nomad Bridge’s CEO, James Prestwich, alleges two critical vulnerabilities in the LayerZero protocol allowing the LayerZero team to bypass the Oracle and Relayer for most applications (including stargate).
LayerZero Labs’ CEO, Bryan Pellegrino, has, however, denied the allegations. As per Bryan, “All of this is in reference to using the "defaults" on LayerZero. These are made for teams who aren't prioritizing security but want to spin up something and test it, make it work, and have it out in the wild. In this case you're "defaulting" to the current VL, Oracle, Relayer.”
Crypto Twitter, on the other hand, has divided into factions, sliding either with or against LayerZero. The ones sliding against LayerZero argue that these vulnerabilities undermine the original security assumption of LZ being a 2-of-2 multisig-like bridge. Saying "default settings are for teams that don't prioritize security" is not good, especially when you endorse the recommended configuration. App developers rely on default settings to use a secure infrastructure and not just a set of smart contracts.
Whereas the other faction believes this is an intentional design decision, not a vulnerability. Framing it as otherwise is inaccurate.
So what are your opinions on this anon? Is it an issue or a feature?
Remember stETH depegging in June last year? Apparently, it was Alameda
On 6/8/22, 2 mystery wallets withdrew $75M+ of stETH from FTX. They then proceeded to market-sell everything, kicking off a "de-peg" event seen as one of the contributing factors to Celsius's bankrun and the demise of 3AC.
Well, as per the latest blockchain forensics done by Conor (director at Coinbase), SBF/Alameda was behind these sales. According to Conor’s Twitter thread, in June last year, the stETH depeg event led to significant stress in the market and many rumors of Celsius liquidity problems.
Celcius announced just four days after the Alameda stETH sales that it was halting withdrawals. Alameda was suspected of playing a role in the June depeg, but there wasn't much verifiable proof on-chain. Then, Alameda previously doxxed wallets publicly withdrew liquidity and sent stETH to FTX.
Nansen also reported on these wallets contributing to the depeg but couldn't identify them or their intention. Today we can be confident that Alameda/SBF owned them. Why?
These wallets both sent ETH and stETH to the FTX estate in January.
A major country will legalize $TRX, Justin Sun hints
Justin Sun, the founder of Tron cryptocurrency, has hinted in his latest Twitter thread that a major country will soon legalize $TRX and its ecosystem tokens as legal tender. He claims this is a huge step forward for the legitimacy and mainstream adoption of #TRON and other digital currencies.
Well, considering the reputation Justin Sun has in the crypto world, only time will tell how much truth is there in this announcement or if it’s simply one of his tactics to move the market up.
Aave V3 launched on Ethereum, already attracting over $55M in liquidity
After receiving unanimous support from its community members, leading decentralized lending and borrowing protocol Aave deployed its V3 iteration on the Ethereum network on 27 January.
Since its launch, the V3 iteration of the protocol has already achieved a total market size of approx. $56M, which includes $38.54 million in deposits and $17.39 million in loans. Aave V3 deployment includes seven crypto assets, such as DAI, USDC, AAVE, LINK, ETH, WBTC, and wsETH. Since it became operational on Ethereum, ETH’s supply on Aave V3 has been the highest of all the assets the iteration holds.