Today we see an attack that took place a few days ago on Aave, where an entity tried to attack the Lending platform, leaving it with "bad debit".
The attacker known as Ponzishorter.eth (Avi) had noticed that the founder of Curve on Aaave had deposited a large amount of CRV supplies (almost $50 million) as collateral by borrowing stablecoins. Ponzishorter seeing this large open position tried to liquidate it, causing the price of CRV to collapse. AVI allegedly deposited USDC ($58 million) as collateral, borrowing $50 million of CRV (about 3 times the on-chain liquidity) to dump them on a centralized exchange (OKx) maintaining downward pressure on the price. The idea behind the massive borrowing was also to sow panic among CRV holders, causing chain selling and leading to the liquidation of Curve's founder. Later the attacker would buy back the CRV at a lower price, to cash the profit and withdraw the USDC. Having reached the liquidation price of CRV (0.259$), Aave would have had to liquidate a huge position (almost 50 million dollars) with great difficulty (there was no possibility to re-purchase the necessary CRV, due to the low liquidity on chain). If this had happened, the founder of Curve would have been liquidated (if he hadn't added more collateral), instead the attacker would have gone into profit and Aave with bad debt.
For the liquidation of Ponzishorter, Aave would have had to buy 80 million CRV on-chain, potentially increasing the price. Had the Curve CEO been liquidated with his $50 million position in CRV, CRV would have bottomed out indefinitely, raising all hell. Ponzishorter later borrowed another 30 million CRV from Aave through two transactions to dump it and force liquidation.
Briefly the summary of the attack was:
-Borrow CRV using USDC as collateral on AAVE
-Withdraw USDC collateral, manipulate oracle price by facilitating lending
-Close CRV short, leave Aave with "bad debt"
While the attack on Aave was underway, Curve announced its stablecoin (crvUSD), causing a CRV pump. The following short squeeze endangered Ponzishorter's short into liquidation. In general this Curve stablecoin works that if the price of the collateral drops too much, the AMM will convert the deposits into stablecoins. This model which works through LLAMMA (Lending-Liquidating Automated Market Maker Algorithm) has low bad debt risks. LLAMMA will automatically calculate where the collateral is, and if the price of the collateral changes, it will be converted into stablecoin. The crvUSD will peg the dollar through a reserve formed by an asymmetric deposit in a stableswap pool (consisting of the stable and a redeemable reference token or LP). This release came at a providential time, causing a sharp increase in the price of CRV, prompting the liquidation of Ponzishorter. With the CRV pump, the founder of Curve didn't need to hedge his position because there was enough liquidity in the system. However even with the successful liquidation, the size of the position taken by Ponzishorter left excess debt within the protocol (there was not enough on-chain collateral for full liquidation, when the position was closed CRV spot pumped up to $0.71).
Aave's bad debt was $1.6 million at present value (<0.1% of loans on protocol).
Having bad credit is never pleasant but this story proved that DeFi liquidations work perfectly. While FTX went bankrupt. The low liquidity of the CRV token on Aave but also the very low margin requirements were important factors in the exploit. The resulting attention in these cases prompts users to buy the dip to defend the CRV price and, the others, to try to squeeze the short-seller to cover their losing position.
Another hypothesis on the attack is that Aave, unable to cover Ponzishorter positions on CRV, since the platform did not have sufficient liquidity to buy back more than 20% of the short, would therefore have favored the short on the Aave token and the price drop of its native token. To liquidate Ponzishorter's position, Aave's liquidators would have no way to buy back all of the CRV that had been borrowed. Aave would have had to sell significant amounts of its token to cover this loss.
Are you interested in ways to earn crypto bonus? Check it out here: Some Sites To Earn Crypto Bonus (Old & New)