Transcript: 3-2-1 Q&A Episode 11

In this 3-2-1 QnA Session 11, we will discuss Coinchange Updates from our CEO Maxim Galash, our November Asset Allocation Report (also called the Transparency Report) and our most recent yield index report which compares Coinchange’s yield with other industry benchmark yields. Then we will discuss two twitter threads, first one is about Japan's biggest electric power company about to use its excess energy for bitcoin mining and the other one discusses Canada’s ban on margin/leverage trading on cryptocurrencies. Finally we’ll analyze the Lodestar Finance hack. Here is what you will be learning about: 

Question 1. Jerome read the Q. Pratik A. Can you share the latest Coinchange updates that our CEO Maxim shared in his latest AMA?

Question 2.  Pratik Read Q. Jerome A. Can you share our November Asset allocation report?

Question 3.Jerome read the Q.  Pratik A. Can you share our Yield index report that compares Coinchange yield with other benchmarks?

Twitter Thread #1: Japan's biggest electric power company, is about to use its excess energy for bitcoin mining

Twitter Thread #2: Canada just banned margin/leverage trading on cryptocurrencies.

DeFi Exploit Analyzed: Lodestar Finance hack

Three Questions

Question 1 Jerome read the Q. Pratik A. Can you share the latest Coinchange updates that our CEO Maxim shared in his latest AMA?

Recent our CEO Maxim answered a few questions related to the current landscape of the Crypto industry and how people can verify how coinchange allocates client funds. He also clarified why Coinchange's yield is not the same as some of the other yield products that Gemini Earn or Celsius were offering. Lastly he laid out the risks involved in using Coinchange and its future roadmap. Here are the key takeaways from it:

• He mentioned that the foundational principle is,not mixing the banking and the trading books. You cannot really trade on the customer assets, or rehypothecate them in any way without their consent.
• Coinchange is going to release Risk disclosure documents quarterly which will layout all the risks involved such as cybersecurity, technological, execution, strategy risk, legal & compliance risk.
• We're refactoring some of our smart contracts to open them up and make them open source.
• In the next three, four months, Coinchange will launch a noncustodial product more relevant towards the crypto native people who manage their own wallets and their own keys.
• We are finalizing our SOC II audit.
• We don't utilize a third party to generate yield for us. We don't push customer assets to Genesis or Alameda like CeFi firms neither to any traders, market makers, miners, or any marginal trading facility to provide us yield. We utilize our own yield farming strategies across different protocols and blockchains to maximize the risk managed yield. So the assets are always on-chain. 
• We don't bet on the direction of the token prices. It's all participation in the revenue of decentralized applications, but in a smart, automated way.

If you want to listen to all the great points he mentions in the video, please head to our YouTube channel @coinchange and watch the featured video. 

Question 2 Pratik Read Q. Jerome A. Can you share our November Asset allocation report?

Coinchange published its November Asset Allocation Report where we provided information on how Coinchange deployed client's assets and diversifies the investments while minimizing risks and maximizing potential earnings. The Asset Allocation Report is published on a monthly basis to ensure we provide up to date and relevant key metrics related to the state of the client assets. 

This report covers the deployed assets over broad categories of protocol types, blockchains and client invested currencies. Coinchange only deploys assets on quality, widely used, and time-tested DeFi protocols. Here is a list of protocols used in Coinchange strategies:

• AAVE v2-3
• Uniswap
• TraderJoe
• Pancakeswap
• Curve
• Venus
• BenQi
• 1Inch
• Platypus
• Lido

The opportunities mentioned in October’s Asset Allocation report (guided by our internal risk framework and thresholds) have been improved, and we have a new strategy in the work, while still maintaining the portfolio's non-correlation. These strategies have already proven successful in stabilizing our stablecoin rates, and new strategies will further bolster this, demonstrating the strategies' ability to capitalize on different market environments.

On this end, Coinchange DeFi R&D team has developed a Framework for Algorithmic Yield Strategies (FAYS) in the DeFi ecosystem and is continuously working on the next iteration. To ensure optimal performance and security in the ever-changing DeFi yield arena, we are continually refining our tools and practices.

You can read the full report on Coinchange blog page and find out in detail how Coinchange deploys client's assets across protocol type and blockchains to diversify the investments while minimizing risks and maximizing potential earnings.

Question 3 Jerome read the Q. Pratik A. Can you share our Yield index report that compares Coinchange yield with other indexes and benchmarks?

For November, Coinchange had a higher average rate than most minimal and low risk indexes, except for the 10 year treasury rate. It's also higher than the CeDeFi index, with no lockups, minimum investments, and full liquidity. The DeFi lending index saw a slight increase in interest from October, while the DeFi Minimum Risk Rate saw an increase due to high lending interest in USDT on AAVE. The DeFi yield index saw a boost due to increased volume and volatility caused by the FTX/Alameda contagion.The ripple effect of FTX on centralized lenders and hedge funds resulted in bankruptcy filings throughout November. Our CeFi Yield index lost some components, mainly BlockFi and Circle Yield. The remaining components saw an average rate increase of 1.06% from last month. 

Coinchange's rate increased four times in September and sustained that rate until November. This was due to a new non-correlated strategy launched in September. Check out our Asset Allocation Reports for October and November to learn more about our diversification and allocation strategies. The CeFi Yield index remains close to its rate from August, possibly indicating continued borrowing by hedge funds and traders, or unsustainable rates that could soon turn into defaults. The CeDeFi yield index is just above the DeFi Minimum Risk Rate and the DeFi lending index rate. All three have seen a slow but steady increase in rates since September due to increased borrowing activity. Check out the chart below to see a comparison of historical rates across indexes since January 2022. 

For full historical performance of Coinchange's Earn Account, click here.

For detailed information regarding the calculation method, index components, and risk considerations, please refer to our Yield Index and Benchmark Report.

Two Twitter Threads You Need To Be Aware Of

Twitter Thread #1 Jerome intro + text, Pratik take

Coindesk reported that Tokyo Electric Power Company (TEPCO), Japan's biggest electric power company, is about to use its excess energy for bitcoin mining. Statista data confirms TEPCO's status as the country’s largest electric power company in terms of total assets. Interestingly, this is the same company where in 2011 Fukushima nuclear reactor disaster caused by an earthquake and tsunami resulted in costly compensation for the victims, which they are still paying for. TEPCO Power Grid, the company's power transmission and distribution arm, is now looking to capitalize on the surplus power with bitcoin mining via its fully-owned subsidiary Agile Energy X. The project is being undertaken in collaboration with TRIPLE-1, a local semiconductor designer and developer. 

Coinchange Take: Japan's biggest electric power company, is using its excess energy for bitcoin mining. This is a smart move on the part of TEPCO. It follows in the footsteps of El Salvador geothermal electrical grid powering bitcoin miners, and other projects in the world using excess or renewable energy to mine bitcoin. There are several compelling reasons why electric power companies should consider using their excess energy for bitcoin mining. First and foremost, bitcoin mining provides a way for these companies to generate additional revenue from their excess energy helping them offset some of their costs. Additionally, using excess energy for bitcoin mining also has environmental benefits, as using excess energy for mining can help to reduce the overall electricity demand for bitcoin mining. This can lead to reduced emissions of greenhouse gasses and other pollutants, making bitcoin mining a more sustainable way to use excess energy. This news is a positive development for both TEPCO and the broader cryptocurrency industry, and we look forward to seeing how this project progresses. 

Twitter Thread #2. Pratik text, Jerome take

In June 2022, FTX, a now-bankrupt exchange, attempted to enter Canada, but was stopped by local regulators. In response to the FTX collapse and its ripple effect, the Canadian Securities Administrators (CSA), a council of Canada’s provincial and territorial securities regulators, have taken measures to better protect Canadian cryptocurrency investors. On Dec. 13, the CSA released an updated set of guidelines for crypto trading platforms operating in Canada. 

“Custodians will generally be considered qualified if they are regulated by a financial regulator in Canada, the U.S., or a similar jurisdiction with a supervisory regime for conduct and financial regulation,” the CSA noted in the statement. 

According to the CSA statement, all crypto trading firms operating in Canada – both domestic and foreign – must adhere to the newly expanded regulations, which prohibit them from providing margin or leverage trading services to any Canadian customers. Moreover, the terms require crypto exchange services providers in Canada to keep custody assets separate from the platform's own funds. The council warned that even with the implementation of these measures, crypto assets or any financial products associated with crypto assets are high-risk investments, recommending that investors only use a platform that is registered with CSA members.

Coinchange Take: 

It is great to see that the Canadian Securities Administrators (CSA) have taken steps to protect crypto investors in the wake of the FTX collapse. The updated guidelines for crypto trading platforms operating in Canada are a positive development, as they help to ensure that these platforms are properly regulated and provide a safer environment for local investors. The prohibition on margin and leverage trading services will help to reduce the risks associated with these highly volatile investments. On the flipside, some are disappointed as they believe that the updated guidelines are overly restrictive, as it will limit the ability of these platforms to offer a wide range of investment options, and will likely have a negative impact on the growth of the cryptocurrency market in Canada. However, at Coinchange we do believe that leverage and margin should be used only by professionals and not be available to uninformed retail folks. Thus overall, these measures show the CSA's commitment to protecting investors and to promoting a healthy and safer crypto market in Canada.

Lodestar Finance Hack

(Pratik for intro+text, jerome for the take)

What is Lodestar Finance: Arbitrum's Money Market for its native yield-bearing assets. 

Lodestar was drained of its liquidity by an oracle exploit of one of its 3rd party vaults that use GMX and PlutusDAO.

What is GMX: GMX is a decentralized spot and perpetual exchange on Arbitrum that enables users to trade BTC, ETH and other popular cryptocurrencies. The trading happens through its native multi-asset pool, which earns fees for liquidity providers. When a user provides liquidity to this pool, they get GMX Liquidity Provider Tokens (GLP) in return. 

What is PlutusDAO: Plutus is a Arbitrum based protocol which offers Vaults with GLP as the premier product. Plutus has plvAssets which are vault products: Users can deposit GLP for plvGLP and can redeem plvGLP for GLP at any time.

What happened: On Dec 11th, Lodestar finance was exploited and deposits were drained. 

The attacker flashborrowed a large sum of funds and manipulated the price on the GLP oracle to increase the value of their collateral far beyond realistic values. 

To understand how the price change was possible so easily, let’s look at the formula that the Oracle uses: The price for plvGLP is derived from market parameters obtained from the GLP, GLPManager and plvGLP contracts. In order to calculate the price of plvGLP, the price of the underlying GLP must first be obtained. In order to accomplish this, the price of GLP is calculated as the sum total of all underlying assets that comprise GLP divided by the total supply of GLP. 

After calculating the price of GLP, the price of plvGLP is calculated by first calculating the exchange ratio between GLP and plvGLP. The exchange ratio is calculated by dividing the contract parameters totalAssets and totalSupply . 

Once the exchange ratio between GLP and plvGLP is calculated, the price of plvGLP is simply the price of GLP multiplied by the exchange rate. 

As the total assets increase the plvGLPexchangerate grows larger. Therefore the Price of plvGLP increases. Therefore when the attacker updates total assets by calling the donate function they are able to push the price of plvGLP higher by donating their GLP.

The attacker manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP.

As a result of this they were able to borrow more on Lodestar Money Market than they should have based upon the true value of their collateral. In this case, the attacker borrowed nearly all of the assets on the platform, leaving the protocol with bad debt. Because the price can change within the same block, and the oracle uses the prices from the same vault, it made this possible. Additionally, Lodestar was unaudited. 

What the Lodestar Team is doing: The hacker cashed out about $5.8 million. However, the team has recovered $2.8 million of the GLP, which will be utilized to repay depositors following the hack. Additionally the team set all interest rates to 0 so that supply and borrow balances are not moving while we weigh recovery options. They have reached out to the hacker to negotiate a bug bounty to recover funds. Meanwhile with the help of Solidity.Finance and Certik, they published a detailed post mortem of this exploit. 

Coinchange take: This was basically a flash loan attack, by manipulating oracles and the code has not been audited. These events highlight that utilizing oracles resistant to manipulation is a critically important piece of DeFi, especially in protocols which lend out user assets. Verifying that the protocol is audited and to actually read it to confirm its relevance is paramount. To prevent the exploit the oracle should not be allowed to undergo instantaneous change within the same block. In coinchange’s risk assessment framework, we look for details on Oracles and how they work. This helps us understand whether they use single block price-change oracles or TWAP (Time-Weighted Average Pricing) where the price change is calculated over a few blocks, essentially eliminating price manipulation within the same block using flash loans. Checking for the team expertise and extent of the audit is also done with Coinchbange risk assessment framework, allowing us to flag those issues during our analysis. 

This concludes our 3-2-1 Q&A Blog. We’ll see you in the next one, two weeks from now. Meanwhile, kick back and earn passive income using Coinchange. Sign up today!

‍