Another day, another scam. In this case it wasn't illegal, but it was certainly malicious.
On DeFi platforms, you can deposit cryptos into a smart contract in exchange for rewards. You can also borrow against your deposit — but smart contracts include a trigger that unwinds the borrow if your overcollateralisation drops too low.
Smart contracts rely on data input for those triggers to execute. Someone noticed that the DAI/USDT reference price used by the Compound protocol was based solely on trading data from Coinbase, whose volumes in that pair were low. The malicious actor temporarily manipulated the price on Coinbase by selling a small amount of DAI, taking out a large chunk of the market bids. The price dropped dramatically, a series of DAI borrows were closed, and the perpetrator — who had previously lent DAI — made money on the short position.
The third largest COMP farmer, whose overcollateralisation was too aggressive, got taken out to the tune of $46mm.
Never be a forced seller.
Please feel free to contact us with any questions.