Hey folks, so with all the FUD around exchanges like FTX collapsing over the past month, I’ve made it a point to try to scale a lot of my assets off of centralized exchanges, and instead earn yields on DeFi instead. If you’ve followed some of my previous articles, you’ll know that over the past several months I’ve done a great deal of research on different stablecoin protocols that generate some of the highest yields, overnight.fi being one of them.
If you’re unfamiliar with Overnight.fi, it’s a stablecoin protocol that essentially utilizes other stablecoin protocols, more specifically with USDC, USDT, and DAI.
Their main chains are on Polygon and Binance, but more recently they have added Avalanche and Optimism. Essentially how Overnight. fi works is that you swap $USDC for $USD+, which will automatically rebase your yields on a daily basis for as long as you hold your $USD+. $USDC/$USD+ can be swapped either way directly on the DAPP.
The average USD+ APY can vary, and it can vary significantly, ranging over the past week around 11% APY depending on what network you’re using. I’ve talked highly about Overnight.fi in the past for mainly two reasons: their strategies are very transparent, meaning you know exactly what’s happening with your stablecoins, and also because the rebasing mechanism is genius — it means no gas fees are wasted that There is nothing to keep track of except how many tokens are in your wallet. For me, in terms of risk, Overnight.fi checked off a lot of boxes…but this didn’t mean I still couldn’t get rekt.
I thought Overnight fi was a pretty damn safe play. This is why it came to such great surprise when I logged the other day to find out that my “daily payout” came out as this:
Immediately thinking that it was a mistake, I refreshed the page a couple times, and then fearing that I got rugged, I ultimately went onto their discord channel to see if there was any news on the matter. Lo and behold, I came across the following announcement:
It’s the first time I’ve been a victim of a contract exploit. Essentially, there was an exploit on AVAX where a hacker used a $9.5 million dollar flash loan to manipulate the price of USDC on one of Overnight.fi’s stablecoin strategies.
If you’re unfamiliar with flash loans, it’s essentially an uncollateralized loan without any borrowing limit, however the user has to return the borrowed funds within the same transaction. Perhaps one of the most famous “flash loan attacks” was last March with the $APE airdrop to Bored Ape Yacht Club holders, where a user was able to take a big enough flash loan to rent 5 Bored Apes, claiming airdrops worth around $800,000 dollars worth of $APE, and then return the Bored Apes all in one go.
As I mentioned before, Overnight.fi is very transparent and you could technically utilize the same strategies that they do which are all made public:
All of their smart contract addresses are publicly available through their whitepaper and they were also audited by Hacken earlier this year. What I realized in hindsight is that transparency in Overnight.fi’s case was a double-edged sword — you could see how profits were being generated, but essentially if the strategy/contract isn’t secure, it also can serve as a blueprint for how things can get exploited.
I think what was frustrating the most about this, is that this is coming off fresh after the fact that everyone has been saying that centralized exchanges cannot be trusted, and that DeFi is the safest place to go.
Maybe I’m being too hard on DeFi here, because regardless of my losses in this exploit, so far in 2022 I’ve still lost more money on centralized exchanges than I have on DeFi protocols. Yet the big important point to remember is that DeFi itself isn’t completely safe either. In fact, in 2021 alone there was nearly $2.3 billion dollars taken from DeFi protocols, and I would imagine that 2022 will be even greater. Also in a space with very regulation, there are very little repercussions or consequences for those who break the rules (ie, SBF), and until protective regulation gets drafted, I imagine that contract exploits and other scams/thefts will continue to take place.
Am I still pissed? Absolutely. Getting robbed sucks, but I am thankful for a couple of things — I took the bigger portion of my funds out of Overnight a month-or-so ago, so I’m very glad that I didn’t lose that as well. Also, thankfully the hacker didn’t get 100% of my funds as the Overnight.fi team immediately paused USD+ on all chains and exited its positions.
Thanks for taking the time to read this and be sure to follow me on twitter (https://twitter.com/CryptosWith) to get all my latest updates.
Disclaimer: And as a final reminder, this is not financial advice and this is for educational and entertainment purposes only. Please as always, do your own research and find what investments are best for you. Stay safe everyone.
New to trading? Try crypto trading bots or copy trading