Cryptocurrencies have always been a favorite target of cybercriminals, with hackers using various methods to steal your digital assets.
From phishing scams to ransomware attacks and extensive hacking attempts, crypto holders have seen it all.
However, with the recent development of DeFi and decentralized exchanges, a new threat lurks in the shadows – Vampire attacks.
Yes, you read that right. Vampire attacks happen by creating a lucrative, can’t be refused, offer to attract users to invest. Investors naturally switch to the new token and abandon the original one. As a result, the targeted protocol loses liquidity and trading volume, which can lead to an overall collapse of the platform.
In this article, we’ll explore what crypto vampire attacks are in more depth, how they work, and, most importantly, how you can protect yourself from them.
What are Vampire Attacks in Crypto
A vampire attack can’t be performed on every decentralized exchange. There are essentially two main types of DeXs. That’s why, before you can fully understand vampire attacks, we need to talk a bit about the basics of decentralized exchanges and automated market maker system.
Decentralized Exchanges & Automated Market Makers
Decentralized exchange is a type of cryptocurrency exchange that operates without an intermediary controlling the exchange process. Instead, transactions on a DEX are executed through smart contracts, a self-executing code that automatically does something once certain conditions are met.
What the actual code does differs based on what type of decentralized exchange we are using.
Order Book based DeXs let you place buy or sell orders at the price you want. The system will then match your order with an order in the opposite direction.
But vampire attacks can only happen on Liquidity pool or AMM-based exchanges. These exchanges algorithmically predefine asset prices based on the ratio of tokens in the liquidity pool. In essence, you are not trading against a counterparty, but instead, you are trading against liquidity.
Anyone can provide liquidity to these pools by depositing both assets – for instance, to become a liquidity provider for an ETH/USDC pool, you would need to deposit both coins at a mathematically predetermined ratio.
When traders execute a trade on AMM exchange, they pay a minimal fee that is distributed to the liquidity providers. It creates a win-win situation. Investors provide liquidity to earn rewards, and traders get their swaps performed smoothly regardless of supply and demand.
How a Vampire Attack Works
Vampire attacks aim to create a similar or identical protocol with more lucrative rewards. That’s relatively easy if the smart contract is open-source. Using a block explorer, you can also check for yourself if your favorite DeX is open-source.
Note that an identical protocol doesn’t mean it tries to scam investors by impersonating another protocol. In this case, it means that it works similarly or offers similar liquidity pools while offering higher rewards and lower fees.
While offering undeniably better advantages, the new protocol will lure users looking for ways to maximize their earnings away from the original protocol.
This will drive, or suck as a vampire, all liquidity, users, and trading volume down.
One of the most famous vampire attacks was performed on SushiSwap, targeting Uniswap, by offering huge APYs for liquidity providers. Let’s break it down.
SushiSwap’s Vampire Attack On Uniswap
SushiSwap was created in 2020 by an anonymous under the pseudonym of Chef Nomi. The founding team copied the entire source code of Uniswap and used it as a foundation to create their own platform.
So both of these platforms were very similar, with one big difference. SushiSwap started offering its native $SUSHI token as a reward for liquidity providers with rates up to 1000% APR.
This was naturally a very attractive offer, and within a few hours of their launch, they reached over $150 million of value in the liquidity pool.
But although it might seem like a really generous move, there is a little catch. In the protocol’s code, there was a code line giving 10% of sushi tokens to the developer.
The creator’s wallet, in no time, accumulated a very large amount of Sushi that was supposed to be used for development and maintenance.
But that wasn’t the case because he took $14 million in Sushi and swapped it for ETH, crashing the price of the SUSHI token by almost 75%.
After this incident, the platform still worked fine, and people could trade their tokens, but the trust was irretrievably lost. Even though Chef Nomi later returned these 14 million dollars to the dev fund.
How to Prevent Vampire Attacks
Preventing vampire attacks in crypto can be challenging for a few reasons. Firstly, as a protocol creator, you can’t change an investor’s mind. If they decide, they’ll leave.
Secondly, even though certain measures can be taken to prevent vampire attacks, these can negatively affect the investor’s motivation to become a liquidity provider.
Protocols can implement a lock-in period for liquidity providers or impose fees on liquidity providers who withdraw their funds too early. Similarly, protocols can add a restriction on the number of tokens a liquidity provider can withdraw over a period.
These measures can make it more difficult for vampires to drain liquidity as they prevent mass migration of users in a short period of time.
On the other hand, it’s just as important for users to realize that new protocols offering unrealistically high rewards may be a part of a vampire attack, or a bigger crypto scam, such as rug pull. To minimize this risk, you can also diversify your holdings and spread the liquidity across multiple protocols.
Pros and Cons of Vampire Attacks
At first glance, it might seem like a bad thing, one platform stealing customers from another. But there are two sides to every coin.
If we start with the cons, the worst thing is that we don’t know if someone who farmed a bunch of tokens decides to dump the market. A vampire attack alone is not malicious but is usually linked to other scammy behaviors.
And since vampire attacks aim to steal liquidity from another platform by offering better rates, and high rates are usually connected to scam projects, you must stay alert.
The pro is that it can encourage competition and innovation in the Defi space. And if it’s not connected to a rug pull scheme or so like, it can also highly benefit investors with higher rewards.
Conclusion
Vampire attacks in crypto are still relatively new and evolving together with the DeFi space.
While these attacks may introduce some benefits, such as identifying vulnerabilities and encouraging competition, they can lead to an overall collapse of the platform.
And as a new and evolving threat, there are no good measures to prevent these attacks from happening.