How an unfortunate Ethereum yield farmer lost $140,000 in UNI overnight
For many, yield farming has been a profitable activity: there have been stories of users turning small accounts into a large amount of capital, simply by swapping from projects like Yam Finance and SushiSwap.
But, for some, it’s been rather unprofitable.
Alex Manuskin, a researcher at crypto wallet startup ZenGo, recently noted that a user lost $140,000 worth of Uniswap’s UNI overnight due to a scam yield farm.
Ethereum yield farmer loses $140,000 due to scammy contract: here’s what happened
This user stumbled across this new farm called UniCats a number of days ago. It looks somewhat legit: it has unique artwork and a user interface rather reminiscent of Yam or SushiSwap.
MEOW, the native Ethereum-based token of this protocol, could be farmed with a number of tokens, including UNI.
So, this user, being somewhat of a UNI whale, decided to deposit some of his coins. In depositing his coins into Unicat, he was prompted with a “spend limit permission” window, to which he assigned an “unlimited” spend limit.
While he did cash out of the farm eventually, the unlimited spend limit allowed the sneaky developer behind UniCat to add a “backdoor to the farming contract,” to transfer the UNI in the addresses of users into an address controlled by this developer.
In total, the unfortunate user lost $140,000 in the Ethereum-based UNI.
If you are not yet convinced that you should NOT be approving infinite tokens to some random smart contract/Dapp, hereโs a story of how Jhon Doe lost $140K worth of UNI in their sleep.
1/
? pic.twitter.com/QltkevnzDY— Alex Manuskin (@amanusk_) October 5, 2020
The need for better education, especially in Ethereum DeFi
This user’s unfortunate loss of funds accentuates the need for better education in the crypto space, especially in a sector as esoteric and technologically advanced as decentralized finance and smart contracts.
The key issue here is that many users do not know that once you approve a contract to spend your Ethereum or ERC tokens, it can spend those coins without your approval. As this case shows, the user, despite his UNI wealth, was not aware of this fact and thought his coins were safe once he exited the pool.
There are many other common risks in yield farming that users should be aware of.
One such issue is that of impermanent loss (IL). Impermanent loss is the loss that liquidity providers to decentralized exchanges can incur due to market volatility. Losses have been severe for many yield farmers, so much so that there are many stories of users losing upwards of 50 percent of their farming capital because they didn’t know of this risk.
Uniswap itself is attempting to solve the lack of freely-available and easily-digestible information in DeFi. As reported by CryptoSlate in September, the protocol’s third version (v3) is expected to be deployed with a native dictionary or educational system to teach users about the basics of this segment of Ethereum.
Hayden Adams, founder of Uniswap, said the following on the importance of education, especially with decentralized exchanges:
“Biggest indicator of how nascent AMM is so few people seem to understand the tradeoff space Hoping we can put out a ton of educational content w/ V3 to fix this.”