COVER protocol, the decentralized insurance marketplace that originally spun out of the SAFE project has been exploited by various actors.
Attackers found a bug in the smart contract code that enabled them to mint quintillions of COVER, which were then sold on the market, leading to a 94% price dump. The exploit has no effect on the day to day functions of COVER protocol, insurance coverage is working as intended, only the price of the COVER token was affected.
In a strange turn of events, the dev(s) at Grap.Finance an upstart NFT farming project that started as a YAM fork, performed a whitehat exploit of the COVER bug and returned all the ETH profits from selling newly minted tokens to the core team. Grap.Finance essentially saved COVER from total system failure, without the dev(s) returning those funds the COVER team would have a much harder time trying to compensate the affected COVER token holders.
Next time, take care of your own shit.@CoverProtocol @chefcoverage https://t.co/ks94ucdoRQ
1. No gains.
2. The Obtained Funds from LP has been returned to COVER.
— Grap.finance (@GrapFinance) December 28, 2020
Based on discussions in the COVER community, it seems like there will soon be another token announced. Beyond just a bad day for token holders, this exploit had major ripple effects across the crypto market. Even major exchanges like Binance have paused trading and support for the COVER token.
DeFi Indexes like YETI from the Powerpool team had to take emergency measures to ensure the COVER dump didn’t drag the entire index down with it. Due to the AMM nature of PowerIndex products, the COVER hackers could have potentially cashed out the 7 other underlying tokens that makeup YETI by selling off their minted COVER tokens.
?? That were hot hours. $YETI was saved by the team
?? Analysis of $COVER exploit and issue-solving solutions ?? https://t.co/WvG04ISy4e
?? Good lesson for all the DeFi. We hope everybody learned it.$CVP $PIPT $ASSY #PowerIndex
— Power Pool (@powerpoolcvp) December 28, 2020
The COVER team has released an official post-morterm detailing the exploit and their plans to roll out a compensation plan for any COVER token holders before block #11541219.
12/28 Post-Mortemhttps://t.co/tZ1w78ARwS
— Cover Protocol (@CoverProtocol) December 29, 2020
Despite the recent exploit, the core team plans on moving ahead with their V2 launch in Q12021. To keep up with Cover, follow them on Twitter.
Business Development and Operations at TrustToken – TUSD. Jack is a startup generalist and DeFi enthusiast. Stay connected with him by following @HHJackSun on Twitter.
