Can you explain the $100 million Mango hack to me?; MetaMask adds instant bank-to-crypto transfers; Are credit scores unfair?;
In this edition:
1️⃣ Are Credit Scores Unfair?
2️⃣ The amount of cash locked up in DeFi products has been in decline since early May
3️⃣ Key Open Banking Regulatory Milestones to watch in Q3 2022–2023
4️⃣ Uniswap Labs has raised $165 million in a new funding
5️⃣ Can you explain the $100 million Mango hack to me?
6️⃣ MetaMask Adds Instant Bank-to-Crypto Transfers
7️⃣ Mango Market’s exploiter comes clean, claims all actions were legal
8️⃣ How do fintech startups find new opportunities among so many payment companies?
9️⃣ America’s oldest bank BNY Mellon is dipping its toes into the finance world’s newest trend
🔟 Mastercard Debuts Service Offering Crypto-Trading Tied to Bank Accounts
Are Credit Scores Unfair?
Credit scores, which represent how likely a person is to pay his or her bills, affects almost every aspect of an American’s financial life.
One key benefit built into the credit scoring system is its nondiscriminatory practice of using just numbers to determine a person’s creditworthiness.
“Credit scoring when it was first developed was an advancement,” said Chi Chi Wu, staff attorney at the National Consumer Law Center. “It is better than having some banker sit across from you and judge you and read the information in your credit report, because they bring a lot of their subjective analysis and their own life experience into the analysis. And if their life is different than your life, that analysis can be flawed.”
But despite the good intentions of credit report companies, many experts argue that the current system is still discriminatory.
A survey of 5,000 U.S. adults found that more than half of Black Americans reported having a low or no credit score, compared to 41% for Hispanics, 37% for whites and 18% for Asian Americans.
Having a low or no credit score can often bring severe financial consequences. Forty-two percent of Americans said their credit scores prevented them from accessing financial products like credit cards or loans.
Sally Taylor, vice president and general manager at FICO, added, “It’s important to note that credit scores didn’t create some of the social economic disparities. They simply reflect the social economic disparities that are out there. The conversation should focus on addressing the root cause of these differences.”
Watch the video to find out more about how credit scores can help — and hurt — consumers.
The amount of cash locked up in DeFi products has been in decline since early May
Buzzy. Volatile. Meme-worthy. You’d be forgiven for thinking we’re talking about crypto, or its head-spinning subset, decentralized finance. But right now, those words are actually better suited to traditional markets — which could spell trouble for one of the world’s most hype-driven asset classes.
The present macro environment has turned otherwise stuffy, real-world bets like sterling and plain-vanilla bonds into the hottest ticket in town, with crypto traders more interested in the latest doings at the Bank of England than the aftermath of Ethereum’s Merge.
It’s happening in large part as result of a steady flow of interest-rate hikes from the Federal Reserve and other central banks. Nowadays, short-term US Treasuries can earn a better yield than trading in DeFi, where rates of return are hitting new lows as appetite for crypto dissipates and traders flock to holding regular old dollars.
The amount of cash locked up in DeFi products has been in decline since early May following the collapse of Terra, and even hallmark assets such as Circle’s USDC stablecoin are shedding circulation as demand continues to fall.
Volatility — which helps traders make money off of price discrepancies — has found a home in fiat currencies where activity is up 30% in the last year. The JPMorgan Global FX Volatility Index has skyrocketed almost 70% this year, gaining an edge while the T3 Bitcoin Volatility Index is down 11%.
In the absence of decent revenue-earning opportunities in crypto, even some of DeFi’s biggest stalwarts are turning to more staid alternatives. MakerDAO, the decentralized autonomous organization that runs the world’s fourth-largest stablecoin DAI, started buying $500 million in US Treasuries and corporate bonds last week, in a bid to diversify its balance sheet.
The move was seemingly in direct contravention of a long-term plan by Maker’s founder to remove all exposure to assets which could be “blacklisted,” or potentially seized by a government if the DAO ended up on the naughty list. Discussions in the MakerDAO Discord server suggest the group didn’t think it had much choice, when its holdings of USD — which make up more than half of DAI reserves — are providing little to no yield at present.
If the most exciting and technical parts of crypto aren’t appealing to even its own natives, one wonders what that may augur for the institutional newbies that the sector hopes will help stoke the next bull market. Without the wild yields and crazy speculation, there’s less money to be made. And what else is crypto good for, if not the potential for big profit?
Source Bloomberg News
Key Open Banking Regulatory Milestones to watch in Q3 2022–2023
Europe and the UK have made further steps towards an open finance framework under a wider context of cross-sector data sharing EU Commission Digital Finance Strategy and UK Smart Data Initiatives.
● As part of the ongoing PSD2 review, the EU Commission has opened a public consultation specifically targeted on open finance.
● The UK Treasury has published consultation responses, proposing tougher rules on BNPL.
Key Latin American countries continued to follow Brazil’s lead in laying out a national framework.
● Brazil’s financial system regulators published a joint resolution to provide greater clarity and rules for interoperability in open finance.
● Argentina’s Central Bank has required banks and e-wallets to allow customers to access all accounts through a single app.
● Chile has also added to the draft fintech law currently in parliament process. In Middle East and Africa, Bahrain has issued amendments to its
Open Banking rulebook and Nigeria published Open Banking draft guidelines. In North America, the US Consumer Financial Protection Bureau has replaced the Office of Innovation with a new establishment in efforts to promote competition and innovation in consumer finance.
In Asia Pacific, India is planning to share personal income data and opening e-government tools Indiastackgov for global interested parties.
Uniswap Labs has raised $165 million in a new funding
Uniswap Labs has raised $165 million in a new funding round as the parent firm of the world’s largest decentralized exchange looks to broaden its offerings.
The Series B funding was led by Polychain Capital, the startup said. The news confirms a TechCrunch scoop from late last month that said that Uniswap Labs was looking to raise between $100 million to $200 million and was engaging with Polychain.
The decentralized exchange commands 64% of all DEX volumes, according to DeFi Llama. And the exchange protocol’s token has a market cap of nearly $5 billion despite the market downturn. (During the peak bull cycle last year, Uni’s market cap exceeded $22.5 billion.)
In recent months, Uniswap Labs has shared plans to add “several new products.” One of the new offerings will allow customers to trade NFTs on Uniswap from a number of marketplaces and another is a wallet, according to people familiar with the matter.
“Now, Uniswap Labs is bringing the powerful simplicity and security that has defined the Uniswap Protocol to even more people across the world by investing in our web app and developer tools, launching NFTs, moving into mobile — and more!” the firm said in a blog post.
“As Uniswap Labs focuses on products, a much broader ecosystem continues to grow and thrive beyond what any one company can do on their own. As an example, the governance community recently voted to create the Uniswap Foundation, which will contribute to the Protocol’s decentralized development and give at least $60 million in grants to community projects over the next few years,” it added.
The funding — one of the largest Series B for a crypto firm this year — comes at a time when the market downturn has eroded investors’ appetite for writing new checks. VC investment in crypto startups declined 37% year-on-year in the quarter that ended in September to $4.44 billion, the industry’s lowest level in more than a year, according to PitchBook.
Can you explain the $100 million Mango hack to me?
I can, yes. Which is unfortunate: I’d have hoped that by this point in the evolution of DeFi it would require some technical wizardry to pull off a $100 million hack. But that is not yet the case: You don’t have to know anything at all about smart contracts to understand how Mango got hacked.
In truth, it was only a “hack” in the sense of “life hack.” No technical expertise required.
In a nutshell, the life-hacker (exploiter? attacker?) created and funded two accounts with Mango and used one account to short 483 million MNGO perps to his other account at about $0.04.
He then spent a few million USDC to ramp the spot price of MNGO from $0.04 to $0.91, which created a mark-to-market profit of $423 million on his one account (and a $423 million loss on the other).
Here’s the crux: The Mango protocol then allowed him to use that $423 million paper-profit as collateral to borrow $116 million worth of various tokens. Assuming he doesn’t choose to return those tokens, after subtracting the cost of funding the two accounts and ramping the price of MNGO, he’s made a profit of about $100 million.
This would be illegal in regulated TradFi markets:
You can’t sell something to yourself in TradFi — that’s “painting the tape.” And you can’t deliberately ramp the price of something: Place an order to “buy as little as you can to get the price as high as you can,” and you’ll soon find yourself in court.
This type of price manipulation might even be illegal in unregulated markets, like for fine art. I’m not sure.
Should it be illegal in DeFi? Personally, I don’t think so: You don’t have to be a code-is-law maxi to think that these loopholes were so huge they deserved to be exploited.
The biggest mystery is why it took so long: A post in the Mango Discord warned of this exact vulnerability all the way back in March.
If you leave a $100 bill taped to your front door for six whole months, it might be illegal for someone to take it, but I don’t think the police are going to care much when you call to report the crime.
MetaMask Adds Instant Bank-to-Crypto Transfers
Crypto wallet MetaMask is making it easier for users to turn their fiat into crypto through an integration with fintech firm Sardine, MetaMask parent company ConsenSys announced this week.
MetaMask users will now be able to fund their crypto wallets via bank transfers instantly, instead of having to wait for traditional fund transfers to clear.
In a blog post, ConsenSys argued that instant ACH transfers through Sardine are better than other methods for some users. For example, going through a crypto exchange or paying with a credit card can be less flexible because those methods may have monetary limits or result in declined transactions.
Through the new MetaMask integration, users will be able to turn their hard-earned cash into more than 30 tokens, up to Sardine’s daily transaction maximum of $3,000.
But instant conversions and purchases may raise questions about safety — and whether it potentially increases the risk of fraud or other illicit activity.
“Sardine’s payment system helps combat fraud,” MetaMask wrote as part of its announcement post on Twitter, but didn’t specify how.
Sardine’s website provides a bit more context: its homepage boasts that its developers “built the fraud prevention and compliance infrastructure that scaled both Coinbase and Revolut.” It also claims that its tech is able to detect 300% more fraud than other vendors, and that its users reportedly experience 90% less identity fraud than through other platforms.
The startup appears confident in its ability to prevent and address fraud, as it promises Sardine takes complete liability for any chargebacks or returns for other business clients using its services. It’s also well-backed — last month, Sardine raised $51.5 million in its Series B funding round with Andreessen Horowitz leading the charge.
That said, it’s not clear what liabilities apply for MetaMask users when moving money with Sardine — and whether Sardine will be able to detect fraud on the crypto wallet, such as if a hacker manages to obtain a wallet’s private key and deposit funds from the linked bank account. MetaMask and Sardine did not respond to Decrypt’s request for comment.
Mango Market’s exploiter comes clean, claims all actions were legal
Avraham Eisenberg, the man behind the $114 million exploit on Mango Markets, has confirmed that he orchestrated the attack on the DeFi platform in a statement issued today.
“I was involved with a team that operated a highly profitable trading strategy last week,” Eisenberg confirmed, adding, “I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.”
This legal trading strategy required $10 million on Eisenberg’s part to drain $114 million from Mango Markets.
Eisenberg’s name was linked to the attack barely a day later. Independent reporter Chris Burnet published an article providing some evidence connecting Eisenberg to the attack. The evidence included leaked screenshots of Discord chats describing the planned attack as well as suspicious on-chain activities following the incident. This is not the first time Eisenberg has been linked to a DeFi exploit. Earlier this year he was accused of defrauding FortressDAO investors to the tune of $14 million.
The attack left Mango Markets insolvent with user positions in danger of being liquidated, as the protocol could not repay the bad debt. Eisenberg noted this in his statement and said he helped negotiate a deal with the DeFi platform. The Mango community voted today to allow Eisenberg to keep $47 million while returning the remaining $67 million to the project. The returned funds will be used to recapitalize the exchange. The bad debt brought on by the exploit can then be covered.
Shortly after the vote started, Eisenberg repaid around $8 million worth of tokens, according to on-chain data. According to the details of the deal captured in the vote, this first repayment is a show of good faith on Eisenberg’s part.
The remaining funds have now also been repaid to Mango Markets, both on Solana and on Ethereum. This comprises $48 million of SOL, $10 million of USDC and $90,000 of GMT.
The $47 million to be kept by Eisenberg has been a subject of scrutiny in the crypto space. The amount is larger than the usual bounties claimed by hackers in exchange for the affected platform not pursuing any criminal charges. Other exploiters have struck deals to keep as much as 10% of the loot. In Eisenberg’s case, he and his team will keep over 40% of the funds. Accounting for the $10 million used to launch the attack, the team’s effective payout from the bounty will be about $37 million.
Source The Block
How do fintech startups find new opportunities among so many payment companies?
What do PayPal, Stripe, and Square do exactly?
Steps 0–1: The cardholder opens an account in the issuing bank and gets the debit/credit card. The merchant registers with ISO (Independent Sales Organization) or MSP (Member Service Provider) for in-store sales. ISO/MSP partners with payment processors to open merchant accounts.
Steps 2–5: The acquiring process.
The payment gateway accepts the purchase transaction and collects payment information. It is then sent to a payment processor, which uses customer information to collect payments. The acquiring processor sends the transaction to the card network. It also owns and operates the merchant’s account during settlement, which doesn’t happen in real-time.
Steps 6–8: The issuing process.
The issuing processor talks to the card network on the issuing bank’s behalf. It validates and operates the customer’s account.
Payment companies usually start from one vertical, but later expand to multiple verticals.
America’s oldest bank BNY Mellon is dipping its toes into the finance world’s newest trend
But BNY Mellon’s announcement that it will begin holding crypto assets for its customers comes a week after the Treasury Department warned about big banks and investment firms dabbling in digital assets.
Institutional investors want in. The crypto craze is strong on Wall Street, with 91% of institutional investors saying they’re interested in “investing in tokenized products,” according to BNY Mellon’s survey.
- About 41% already hold crypto in their portfolio, while 15% said they plan to add digital assets in the next two to five years. CEO Robin Vince said in a statement that it makes sense for BNY Mellon to join the party, given that the bank has the “scale to reimagine financial markets through blockchain technology and digital assets.”
- Other big institutions are already in crypto. BlackRock, the world’s biggest asset manager, has teamed up with Coinbase to offer clients access to bitcoin and other cryptocurrencies. State Street said it plans to offer digital custody services for cryptocurrencies and other digital assets.
- JPMorgan Chase & Co. has invested in crypto companies, including blockchain intelligence company TRM Labs, despite CEO Jamie Dimon’s public skepticism about crypto. Just last month, Dimon dismissed crypto tokens as “decentralized Ponzi schemes.”
There are serious risks “from concentrated exposures” to big banks and institutions, according to a newly released report on crypto by the Financial Stability Oversight Council, part of the U.S. Department of the Treasury.
The crypto crash wiped out $2 trillion in value in just a few months.
- The good news is the U.S. banking system’s exposure to crypto appears “to be very limited,” so the market collapse had little impact on the overall financial system, the report said.
- But “small exposures have the potential to grow rapidly.” That can turn into a huge problem given how the crypto ecosystem lacks “basic risk controls to protect against run risk” and crypto assets “appear to be primarily driven by speculation rather than grounded in current fundamental economic use cases.”
It’s a crypto Catch-22. Banks are “waiting on regulatory clarity” before going deeper into crypto, the report said. But these much-anticipated regulations could trigger the crypto expansion in the financial system that worries the Treasury Department.
In an ironic twist, the crypto crash has actually brought some clarity. “Getting over-levered players out of the market and then having some road map for regulations — that’s good for institutions. They’re happy about that,” said Jeffrey Howard, an executive with OSL, a digital asset trading platform and services company.
Mastercard Debuts Service Offering Crypto-Trading Tied to Bank Accounts
The product, called Crypto Source, will start in the US, Israel and Brazil early next year through a pilot program, Ajay Bhalla, Mastercard’s president of cyber and intelligence, said in an interview. He declined to say which banks would be the first to participate.
While banks have been warming up to crypto over the past few years, the vast majority have shied away from holding virtual currencies and offering them to their retail clients because of regulatory concerns. But with thousands of bank partners, Mastercard’s service could help cryptocurrencies gain more mainstream adoption.
Being able to buy crypto “from your own bank where you have your bank account is a very big need from the market and something consumers want,” Bhalla said.
Crypto Source will be offered through a partnership with digital-asset company Paxos, which will provide virtual currency trading and custody services on behalf of the banks. That means lenders won’t be holding the assets on their balance sheets.
The new product is only Mastercard’s latest foray into cryptocurrencies. The company said in February it would hire more than 500 people this year as it expands its data and services unit, an effort that will include launching a consulting practice focused on crypto.
Last year, the Purchase, New York-based company made it easier for banks to offer cryptocurrency rewards on their credit and debit cards by inking a deal with Bakkt. Mastercard also began allowing startups focused on crypto and digital assets to join its Start Path program, which gives fledgling companies access to the network’s executives and technology to help them grow.
Source Bloomberg News