Inside DeFi 003: 🛸 Crypto in crisis, DeFi doomerism

002

Welcome back to Inside DeFi

It’s been an especially painful week for crypto markets and DeFi. So bad, in fact, that even the FT was reduced to posting wojaks with the rest of us.

With bitcoin dipping below the previous cycle’s peak, and ether (ETH) sub-$2,000, it may feel like there’s not much further to fall. But remember, even when down 99%, there’s still another 99% to go.

The bloodbath has also seen DeFi’s TVL drop to under $100 billion for the first time since May last year. Reactions ranged from sober doomerism to gallows humor.

Charts aside, InsideDeFi 003 returns to catch up with the week’s goings on.

Security scares

The week was, despite the ugly backdrop, thankfully light on DeFi hacks, with just two significant incidents. A failed attempt at a third was spotted and publicly mocked on-chain.

On Friday, an “arbitrary call vulnerability” in one of Gyroscope’s cross-chain contracts allowed a hacker to grant themself “full allowance to the escrow’s GYD holdings.”

Around $700,000 was lost, a third of which Gyroscope later decided to offer to the exploiter as a bounty.

A larger attack then hit CrossCurve’s bridge on Sunday. BlockSec put the losses, estimated at $2.7 million, down to an “authorization bypass,” while a post-mortem report from MixBytes claimed $1.4 million.

Puzzle Network’s founder has claimed that $700,000 of his own funds were amongst the losses in an on-chain message.

In a series of subsequent messages, he continued to request the return of his funds, even offering to buy the exploiter a beer in exchange.

According to Spearbit researcher “sujith,” the same attack vector had been previously identified but the report was dismissed as “invalid.”

While not a smart contract hack, a significantly larger loss affected the so-called frontpage of Solana, Step Finance, on Friday.

Read more: 2025’s biggest crypto hacks: From exchange breaches to DeFi exploits

A later update confirmed that approximately $40 million worth of assets were drained from the project’s treasury after executives’ devices were compromised.

Almost $5 million was subsequently recovered.

MetaMask’s Taylor Monahan implied that the theft was tied to a spate of incidents linked to hijacked Telegram accounts which, she estimates, is responsible for a total of over $300 million of losses, so far.

In better news, The DAO’s Griff Green followed up last week’s announcement of a 75,000 ETH security fund with a whitehat operation on a decade-old The DAO contract, rescuing a further 50 ETH to be added to the pot.

Read more: The DAO hacked again, but this time it’s the good guys

L2s left behind?

Ethereum co-founder Vitalik Buterin made a lengthy post on Tuesday, arguing that “the original vision of L2s and their role in Ethereum no longer makes sense, and we need a new path.”

He pointed to drastic improvements in mainnet scaling (which are set to continue, 1,000-fold), along with the slow progress on L2 decentralization, as evidence that L2s must offer a specific “value add” to remain relevant.

He followed up, underlining that pursuing more “copypasta” EVM L2s and chains is a “dead end” and suggesting that networks offering something specific, such as “privacy, app-specific efficiency [or] ultra-low latency” should be the goal.

For all his confidence in Ethereum’s future, reportedly dumping $13 million on-chain definitely didn’t do ETH sentiment any favors.

Perhaps waiting to sell until after using a mixer would be preferable in future.

Elsewhere in L2 land, a few days before Vitalik’s comments, Base suffered its latest bout of disruption, with “intermittent transaction inclusion delays.”

An incident report clarifies that, over a period of two hours and 26 minutes, approximately 80% of transactions (2.1 million) were dropped.

The network’s status page registers an outage of 11 minutes on January 31.

Transaction inclusion delays were again showing on February 5, leading to a mempool upgrade. Delays are currently ongoing, with improvements including a “transaction propagation redesign” expected to take “four to six weeks.”

Read more: Coinbase Base network halts for 44 minutes due to ‘unsafe head delay’

AAVE whale in danger

Also on Thursday, all eyes turned to a highly leveraged whale, borrowing $28 million USDC against AAVE tokens.

As prices dropped, the position entered dicey territory, which would lead to further pain for AAVE holders if liquidated.

Against the backdrop of an ongoing debate over future control of the Aave brand, the assumption the position belonged to Aave founder Stani Kulechov was apparently too tempting for some to resist.

Parallels to the DeFi founder playbook of aggressively borrowing stables against their own project’s governance tokens, especially given this week’s news of Kulechov’s purchase of a £22 million London mansion, were hard to miss.

However, Kulechov roundly denied the position was him, insisting he stakes his AAVE rather than borrowing against it.

Read more: AAVE whale crashes token 10% amid ‘disgraceful’ governance vote

Most notably, Curve Finance’s Michael Egorov used this approach long term, whilst buying up a pair of luxury properties in Melbourne.

After striking a gentleman’s agreement in the wake of 2023’s Curve hack, Egorov managed to dodge disaster before ultimately being stung in a $20 million liquidation cascade in June 2024.

Rune Christensen of Sky (formerly Maker) also uses the same approach, which occasionally leads to its own governance dramas.

Kulechov though, with no need to worry about getting liquidated, instead celebrated the protocol’s resiliency at scale, after over $450 million was liquidated this week.

Cambodia scam compound crackdown ongoing

News out of Cambodia continues to outline the sheer scale of the nationwide crackdown on online “pig butchering” scam syndicates.

The widespread disruption has led to over 100,000 foreigners leaving the country since the beginning of the year, according to local media reports, citing the country’s Secretariat of Commission for Combating Technology Crimes.

Authorities claim to have shut down 190 locations, including 44 casinos, across the country and made over 2,500 arrests.

Additionally, almost 500 people, mostly Chinese and Philippine nationals, have reportedly been deported, though it’s unclear how many of these cases were related to the scamming industry.

As well as raids on compounds, the organizations involved have been hit with high profile arrests and executions of leaders in China.

The operations are now rumored to be on the move, with Sri Lanka being the next destination.