Crypto Exchanges' Halloween Scare Highlight DeFi Risks

Also, 0x prepared for an update, and MakerDAO's terminology changes

Happy Friday defiers! Here’s what’s going in in decentralized finance,

  • Centralized exchanges’ email leaks and price issues highlight risks and advantages for DeFi
  • 0x prepares for major update
  • MakerDAO CDPs will now be called Vaults

Boo! Your Private Info is at Risk in Centralized Exchanges

For many crypto users, centralized exchanges delivered the biggest Halloween scare.

The first one came from a Bitcoin flash crash in derivatives exchange Deribit caused by an error in its price calculations. The second one came from BitMEX, which leaked thousands of user emails with the amateur move of using Cc in an email, instead of Bcc.

Each case can be used to highlight both the benefits and risks of decentralized finance.

  1. Deribit flash crash highlights DeFi’s oracle problem

The price of Deribit’s Bitcoin perpetual swap contract plunged 15 percent to $7,259 yesterday, causing about $1.3 million of losses, which the exchange said it will pay back.


Image source: Deribit

Deribit uses its own BTC index for these contracts, which it calculates with the mid price of the best bid/ask prices from Bitstamp, Gemini, Bitfinex, Bittrex, Itbit, Coinbase and Kraken. The system is then supposed to remove the highest and lowest prices –except this time it didn’t. Deribit said on Telegram that failure to remove outlier prices caused the issue. It didn’t clarify exactly where the problem was, but Coinbase Pro was down at the same time as the flash crash and was excluded from the index calculations at the time of writing.

This was essentially a price oracle problem, which has been stated as one of the main weak spots in DeFi. Right now, oracles managed by MakerDAO and Chainlink are some of the most used in decentralized finance. They both rely on third parties to upload price feeds gathered from professional data providers. These providers aggregate prices from exchanges to create a stable price. Right now MakerDAO’s price for ETH/USD is calculated through 14 different entities.

[Read about MakerDAO’s oracles here, and my interview with Chainlink’s CEO here]

The goal of these systems is to create incentives so that more entities will want to provide prices. The risk of not having a large and decentralized group of data providers is that they can potentially be bribed, they can collude, or it’s simply more likely that faulty data from one source can end up moving the final price, like it happened with Deribit.

The problem with Deribit apparently spooked BitMEX enough to change the way it calculates its own indices. The trading platform, which allows up to 100x leveraged trading, is adding price feeds from three exchanges to make a total of nine exchanges, and prices will be weighed based on exchanges’ observed trading volumes. Shortly after posting this update though, BitMEX was plagued with its own crisis.

  1. BitMEX email leak showcases DeFi’s advantage

Crypto derivatives exchange BitMEX leaked thousands of its users’ email addresses by using Cc, instead of Bcc, in an email. The mistake leaves users exposed to phishing attempts and other attacks, as hackers now have a list of people they know are holding cryptocurrencies. Mistaking cc for bcc is embarrassing when it happens to anyone, but it’s unacceptable when it happens to an entity dealing with people’s money.

The leak highlights one of the main benefits of using decentralized exchanges as these platforms don’t hold user information. No email address or other information is needed to access most of these platforms and users are in control of their own private keys and funds.

But even Dex users will need to go through a centralized platform to exchange their fiat to crypto. That will necessarily mean going through know-your-customer procedures and giving away personal information. Having a password management system, using 2FA, and maybe even using a burner email are some options. Otherwise, there aren’t many ways around this, except maybe earning a salary in crypto or buying it in cash.

0x is Preparing for a Major Upgrade

Decentralized exchange protocol 0x is proposing holders of its ZRX token a change to the platform that’s aimed at deepening the liquidity for the DeFi ecosystem and improve the developer experience of building on 0x.

The proposed v3 includes “a new ZRX staking mechanism, Dex liquidity aggregation, the ability for relayers to support flexible fees, and various technical improvements for ecosystem devs,” according to 0x’s post. Token holders will be able to vote for the change on Nov. 11, and if approved, it will be implemented on Ethereum mainnet on Nov. 25.

MakerDAO CDPs Are Now Called Vaults

MakerDAO’s Collateralized Debt Positions, or CDPs, will be called Vaults when the platform’s new Multi-Collateral Dai system is released on Nov. 18, according to a blog post.

Currently, MakerDAO users deposit ether into a smart contract and are then able to generate Dai in exchange for this collateral. When MCD launches, users will be able to use other types of assets, not just ETH to generate Dai.

The Maker Vault in MCD is where a user deposits collateral and generates Dai. Importantly, each collateral asset deposited will have its own Vault.

Additionally, Dai backed by one type of collateral will be called Sai, while multi-collateral Dai will be called Dai.

This might seem trivial, but in such an early ecosystem creating clear terminology will be important for adoption.