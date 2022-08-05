The Fake Team That Made Solana DeFi Look Huge

Dario Lo Presti
David Z. Morris
·4 min read

CoinDesk reporters Danny Nelson and Tracy Wang on Thursday released a bombshell report that could tarnish the reputation of the entire Solana ecosystem. More than that, the dizzying tale highlights serious social vulnerabilities across blockchain and crypto development and investing.

At the center of the story is a network of 11 developers who collaborated on a complex web of decentralized finance (DeFi) services based around a Solana stablecoin exchange called Saber. The developers, with names including Surya Khosla, Larry Jarry, 0xGhostchain and Goki Rajesh, succeeded in creating trading and staking services that attracted a claimed $7.5 billion in deposits, known as “TVL” or total value locked.

This article is excerpted from The Node, CoinDesk's daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

Nelson and Wang have discovered, however, that those developers were not real people. Instead, they and others were aliases of just two men, the brothers Dylan and Ian Macalinao. CoinDesk’s reporters gained access to a blog post that was written by Ian Macalinao as a seeming confession to the long con. The post was never published.

That $7.5 billion in deposits made up the lion’s share of all the money tallied on Solana services in early fall of 2021, when the chain’s DeFi deposits totaled roughly $10.5 billion. TVL is often taken as a measure of success for smart-contract services or platforms, and Solana’s sizable deposits helped bolster its claim to be an up-and-coming competitor to the Ethereum blockchain.

That narrative, in turn, had a substantial role in driving the Solana token price from under $40 in July of last year to a peak of $259 in November 2021. A significant portion of the bullish Solana narrative now seems to have been based on a series of deceptions.

AnonAnonAnonymous

The developer personas weren’t all that was fake. The Macalinao brothers’ operation with Saber was seemingly undertaken with explicitly deceptive intent: “I devised a scheme to maximize Solana’s TVL: I would build protocols that stack on top of each other, such that a dollar could be counted several times,” Ian Macalinao wrote in the unpublished blog post.

Though there’s much still unknown, what may be most striking about the scheme is that it’s not clear its goal was theft. The Macalinao brothers do not appear, for instance, to have used their swarm of false identities as a shield while mishandling user funds, as is all too common in such scenarios (though, again, this story is still developing).

See also: Why CoinDesk Respects Pseudonymity | Opinion

The greater share of harm to users of the Saber ecosystem of services seems to have instead resulted from the hack of an app called Cashio seemingly created by the Macalinao brothers. Further, users have now seemingly been abandoned, with the Macalinaos announcing they’re shifting focus to new projects on the upstart Aptos blockchain.

The fault in our stats

The staggering case highlights at least two serious specific vulnerabilities in the DeFi and crypto ecosystems, and some much larger thorny questions. First, it reignites the perpetual issue of anonymous developers in the crypto space. Bitcoin founding developer Satoshi Nakamoto remains pseudonymous, and there are many good reasons blockchain devs may wish to protect their real names.

But that norm also adds to the risk of a high-speed, high-stakes environment. Even a pseudonym can be trustworthy if they’re a known entity with their own track record, but it’s clear that standard isn’t being consistently followed by DeFi speculators. As Nelson and Wang’s reporting shows, the Macalinaos were able to bolster the reputations of their various identities simply by orchestrating fake Twitter conversations and having them trade endorsements.

The second discrete issue is the use of TVL, or total value locked, as a key metric in DeFi. The Macalinao story highlights both that the metric can be technically manipulated, in this case through counting assets multiple times across services that look distinct, but aren’t. This may be fixable, as top DeFi data service DefiLlama is making changes to prevent similar attempts to game metrics.

But there’s a broader, more complex issue that is going to be much harder to tackle. What the Saber story reveals is that less than a handful of people with dishonest intentions can profoundly distort cryptocurrency markets. The Macalinao brothers’ scheme created huge false signals about the value of Solana, which is still a top-10 crypto asset at this writing.

See also: Is Solana Leading Crypto Into Retail or Trailing Apple? | Opinion

“I believe it contributed to the dramatic rise of SOL,” Ian Macalinao wrote about the token in the unpublished post. (Personally, I dipped my toes into SOL last summer, but after seeing one too many chain pauses I sold my position for a loss and no longer hold the token.)

We’ve seen even more troubling failures and deceptions in recent months from the likes of Terra/LUNA, Three Arrows Capital and centralized lenders like Celsius Network. But those were, if nothing else, genuinely sprawling operations backed up by large messaging efforts and the appearance of seriousness.

That two twentysomethings in Texas could accomplish anything remotely comparable with nothing more than a series of carefully-managed fake Twitter profiles should be an even stronger reminder of the huge risks that seem, at least for now, inherent to cryptocurrency.

Recommended Stories

  • Why Nikola, Fisker, and Hyzon Motors Stocks Jumped This Week

    Nikola is now bringing in meaningful revenue, and potential legislation could give it and other EV stocks another tailwind.

  • US Adds 528K Jobs in July, More Than Doubling Estimates; Bitcoin Dips

    The price of bitcoin (BTC) immediately fell on concerns the U.S. Federal Reserve will view the data as a green light to continue its series of rate hikes. As a result of the much stronger-than-expected report, traders are now pricing in a 65% chance that the Fed will hike rates by 75 basis points in September, as shown by the CME FedWatch Tool. That is up from 34% just one day ago. Global markets, including cryptocurrencies, recently ticked higher after comments by Federal Reserve Chair Jerome Powell suggesting the Fed would probably slow monetary tightening for the rest of the year as the economy adjusts to the higher borrowing costs.

  • US Treasuries Sink as Jobs Fuel Rate-Hike Bets: Markets Wrap

    (Bloomberg) -- Treasuries sank after data showed a booming labor market that might prompt the Federal Reserve to raise rates sharply at its next meeting.Most Read from BloombergChina Announces Sanctions on Nancy Pelosi Over Taiwan TripChina Likely Fired Missiles Over Taiwan in Drills, Japan SaysDemocrats Drop Carried Interest as Sinema Paves Way for Tax VoteThe two-year Treasury yield jumped past 3.20% while the 10-year rate pushed past 2.80% after employers added 528,000 jobs last month, more t

  • Tesla Takes Pause From Months-Long Rally as Investors Clear 3-for-1 Split

    (Bloomberg) -- Tesla Inc.’s months-long rally took a pause Friday as the stock retreated following seven sessions of gains after the electric-vehicle maker’s shareholders approved a three-for-one stock split on Thursday. Most Read from BloombergChina Announces Sanctions on Nancy Pelosi Over Taiwan TripChina Likely Fired Missiles Over Taiwan in Drills, Japan SaysDemocrats Drop Carried Interest as Sinema Paves Way for Tax VoteThe split -- aimed at attracting an even larger number of retail investo

  • 2 Reasons Polygon (MATIC) Just Became an Even Better Buy

    Polygon continues to stand out as the premier Layer 2 blockchain built on top of Ethereum. No wonder investors are flocking to it ahead of the merge.

  • Most in Ethereum community will use L2 scalers: Vitalik Buterin

    The Ethereum layer-1 chain should eventually “stop changing completely,” to provide stability on the base layer, Ethereum cofounder Vitalik Buterin said in a conference in Seoul on Thursday. See related article: Prominent Chinese ETH miner plans proof-of-work fork amid The Merge Fast facts “If a layer-1 tries to do everything, there are a lot of […]

  • From 7-11s to train stations, cyber attacks plague Taiwan over Pelosi visit

    As U.S. House of Representatives Speaker Nancy Pelosi made a brief visit to Taiwan this week that enraged Beijing, the welcome she received from government officials and the public was in sharp contrast with a different sort of message that began popping up elsewhere on the island. The largest 24-hour convenience store chain on the island was the victim of what Taiwanese authorities are calling an unprecedented amount of cyber attacks on government websites belonging to the presidential office, foreign and defence ministries as well as infrastructure such as screens at railway stations, in protest against Pelosi's visit. Taipei has not directly blamed the attacks on the Chinese government, but has said that the attacks on government websites -- which paralysed the sites' operations -- originated from addresses in China and Russia.

  • Florida Malware Regulation Compliance Consulting Service Updated by 2Secure Corp

    As Florida adds more regulations to combat cyber threats, cybersecurity firm 2Secure Corp (646-560-5083) launches updates to its malware and vulnerability testing services for local businesses Ocean Township, New Jersey--(Newsfile Corp. - August 4, 2022) - 2Secure Corp announced an update to its range of solutions to include ransomware simulations, internal and external vulnerability testing, penetration testing, and web application assessments. Along with reports detailing vulnerabilities, the

  • Master of Anons: How a Crypto Developer Faked a DeFi Ecosystem

    The Macalinao brothers used a web of bogus identities to create the illusion of a dev community, juicing value on the Saber protocol and Solana blockchain. Now they're moving to Aptos.

  • Meta's threat report highlights clumsy attempt to manipulate Ukraine discourse

    Meta's quarterly "Adversarial Threat Report" paints a somewhat depressing picture of the once feared global troll ecosystem: A number of outfits "relatively low in sophistication" attempting fruitlessly to spam their way to relevance. The common theme among most of the threats is impersonation, with malicious actors making fake accounts of real people or generating original ones using things like AI-powered content generation. This threat actor is a good example of a global trend we’ve seen where low-sophistication groups choose to rely on openly available malicious tools, rather than invest in developing or buying sophisticated offensive capabilities.

  • Crypto Bridge Nomad Offers 10% Bounty After $190 Million Hack

    (Bloomberg) -- Cryptocurrency company Nomad is offering a bounty to recoup funds spirited away in a $190 million hack that again highlighted security vulnerabilities in the digital-token sector.Most Read from BloombergChina Announces Sanctions on Nancy Pelosi Over Taiwan TripChina Likely Fired Missiles Over Taiwan in Drills, Japan SaysDemocrats Drop Carried Interest as Sinema Paves Way for Tax VoteAnyone returning at least 90% of stolen tokens will be viewed as a so-called white-hat hacker that

  • Meta takes down Russian troll farm

    "Cyber Front Z" hired dozens of people off the street to make what appeared to look like authentic posts defending Russia and criticizing Ukraine.

  • Crypto Company Nomad Offers 10% Reward After $190M Hack: Bloomberg

    Following Monday’s theft of over $190 million from cross-chain cryptocurrency bridge Nomad, the company is offering a bounty to recover the money that was stolen, reported Bloomberg. This hack again brings to attention security vulnerabilities in the digital token sector. Related: Copy-Paste Hack? $190M Stolen From Coinbase-Backed Crypto Bridge Nomad According to a statement from Nomad, anyone returning at least 90% of stolen tokens will be regarded as a so-called “white-hat hacker” that seeks t

  • Operation Cyber Dragon turning US Navy reservists into digital defenders

    “The interesting thing in the IT world or the network world is what’s patched and 100% compliant today might not be patched tomorrow, because vulnerabilities ebb and flow.”

  • How to Get Into Seed Club, the ‘Y Combinator of Web3'

    The difference is Seed Club “invests” only in projects built around cryptographic tokens and, well, those aren’t really “investments” at all. “We really want it to be starting in our own primordial ooze rather than indexing on what was happening in the startup space,” Seed Club co-founder Jess Sloss told CoinDesk, downplaying the YC comparison. Seed Club is both a bootcamp and a “network” of successful and upstart founders and companies organized as a decentralized autonomous organization (DAO).

  • Can't afford your internet bill? Subsidies offer help in getting broadband connections

    Due to negotiations between the Biden administration and telecommunications companies, some households can apply for plans that cost $30 per month.