One Developer, 11 Anon Personalities, $7.5 billion in TVL
Ian Macalinao coded as 11 Independent developers, built a web of DeFi Protocols and inflated the TVL on Solana
One master coder and his brother built an army of anonymous accounts to build several interlocking DeFi protocols on top of Solana Blockchain. Coindesk’s reportby Danny Nelson and Tracy Wang say the duo managed to capture $7.5 billion of Solana’s $10.5 billion Total value Locked at their peak with just two platforms Saber and Sunny aggregator.
Saber is a stablecoin exchange, Sunny aggregator is a DeFi aggregator built on top of Saber. Many other DeFi platforms were built on top of Saber to create double-counted value onto the Saber ecosystem. Ian’s anons lead to pump and dump on these platforms and hence it can be marked as a Sybil attackabusing crypto users’ trust. In today’s edition let us break down the attack and how the crypto ecosystem can easily be gamed by smart individuals.
I try to bring a letter to you every weekday, breaking down what is the most important information for the ecosystem. Please subscribe so you meet this letter in your inbox directly. It is free for a limited time.
Saber, Sunny and CASH
A 20 year old Ian Macalinao, the chief architect of Saber talked about how Saber became the biggest DeFi app on Solana in November 2021. He said, “We tried to make a really nice UI….higher number of tokens”, and adding “we brought in some friends to build on top of Saber… like Sunny Aggregator”.
Sunny aggregator’s founder Surya Khosla, is an anonymous twitter handle. The name and the Tricolour Indian National flag on his account, would make you think he is Indian, or atleast person of Indian origin.
In the expose it is revealed that Surya Khosla, is one of the 11 anonymous identities created by Ian Macalinao to push adoption on top of Saber. Sunny aggregator, one of the biggest DeFi platform built on Solana was created by the person behind Saber, another big DeFi platform on Solana.
The CoinDesk report is based on an unpublished blog by Ian which was verified by CoinDesk and other people in the knowhow. The same blog, according to CoinDesk, reveals another platform’s true origin.
That platform is Cashio. The report says, coding as 0xGhostchain, Ian rushed to complete an exemplar of Saber LP-backed stablecoins in time for Breakpoint, the Solana ecosystem’s biggest-ever gathering of fellow developers. Ian wanted others to copy Cashio, he wrote.
Every protocol that uses Saber LP tokens, would bring in more TVL.
Cashio introduced a “decentralised stablecoin” CASH, whose value pegged at USD was backed by LP tokens. Cashio accepted LP tokens from Saber as collateral.
As CoinDesk writes,
It first packaged Saber LP tokens into “tokenized baskets” using Crate, which Ian built under the pseudonym “kiwipepper.” It sent those “crates” through a yield redirection platform called Arrow – Ian built this as “oliver_code.” Finally, Cashio said it earned yield by staking these deposit derivatives in “Surya’s” Sunny Aggregator as well as Quarry, which Ian built as “Larry Jarry.” Profits flowed to Cashio’s treasury, managed by a decentralized autonomous organization (DAO).
The movement of funds across these platforms created a TVL of $6 from just $1.
Now, to be fair, even on DeFi protocols on Ethereum and other EVM chains, people managed to inflate the TVL by lending and borrowing funds several times. In fact it was one of the biggest way to inflate TVL on Compound Finance when it first launched yield farming. But this was done on one platform and users risked getting liquidated with volatile assets.
According to TVL tracker DeFiLlama, Saber’s deposits peaked at $4.15 billion on Sept. 11 2021; its flagship SBR token had topped out at 90 cents days earlier. Sunny Aggregator’s TVL also peaked on Sept. 11, at $3.4 billion. Its SUNNY token had flirted with an all-time-high of 18 cents one day before. Both tokens have plummeted 99%, according to data provider CoinGecko.
And then Cashio was hacked
The stablecoin on Cashio dropped to nearly zero on March 23, 2022. There was an infinite mint glitch that allowed hackers to manipulate the smart contracts and mint CASH without any collateral.
The hacker then exchanges these CASH tokens to other stable coins. The hack was around $52 Million but the hacker returned around $14 million that affected smaller investors.
One of our team members received his funds back, because let’s be honest, we aren’t millionaires and our investments were small. It is a different story that the same money was later lost in LUNA crash.
In the unpublished blog, Ian wrote that if the hacker didn’t pay users back in full, “I will do what I can to repay affected personal users in my personal Saber and Sunny tokens. This won’t cover the full amount, but it’s all I have to offer.” He never paid.
Pumping everything within Ship Capital
Ship Capital is a group of “friends” building new DeFi protocols, Dylan tweeted.
The Ship Capital gang includes, according to CoinDesk are -
0xGhostchain, who created Cashio;
Goki Rajesh, builder of multi-signature wallet Goki;
Larry Jarry from mining rewards aggregator Quarry;
Swaglioni, the “grandmaster” of governance platform TribecaDAO
Surya Khosla from Sunny Aggregator, Saber’s yield farm.
Lesser-known protocols Crate (run by kiwipepper), aSOL (0xAurelion), Arrow (oliver_code) Traction.Market (0xIsaacNewton), Sencha (jjmatcha) and Venko App (ayyakovenko), rounded out the crown, according to Ian’s blog.
With these many identities and platforms, it becomes really easy to push adoption within a relatively new chain, that was Solana. And they did. These IDs shilled and promoted each other’s platforms relentlessly. This created the impression of a really tight group of friends building on top of Solana. But in truth it was one person building, and other brother supporting.
Are they wrong?
This is where we close the source material and take a moment to think for ourselves. What the brother duo did seems extremely unethical, but it did achieve the results. Solana, as a network had nothing to do with it, but it benefited from the numerous applications that these guys built. It led to $7.5 Billion in TVL.
And yet, it was built on top of Lego Bricks that fell eventually. The platforms lured users with the incessant promotion and chest thumping, and now the users sit with their investment value going down to dirt. To be fair, it happened across the board, but this was an attack on user’s trust. Ian’s anons lead to pump and dump on these platforms and hence it can be marked as a Sybil attack abusing crypto users’ trust.
Now, the brothers announced their plans to move to Aptos and build on the chain. Aptos recently raised $150 million in series Afrom the likes of FTX ventures and Jump Crypto.
Let us know if you think what the brothers did was wrong in the comments. Will wait for your remarks.
Meanwhile, if you haven’t already done so, please do subscribe to our letter. It is free.
In other world
Here are some of the happenings from the rest of the crypto universe:
World’s largest asset manager Blackrock is partnering with Coinbase to make it easier for institutional investors to manage and trade Bitcoin. Read more on Cointelegraph
Indian Crypto Exchange WazirX is accused of not co-operation by authorities in a Money Laundering case. Read more.
NEAR Protocol revealed SMS and email data used as wallet recovery options were leaked to a third party in June. Read more on TheBlock
Industry Insights and Research:
Web 3.0 market to reach USD 81.5 Billion in 2030. Read the Full Report here.
Looking past the hype and critique, Web3 and the metaverse are shaping a new application layer for the internet. Read the Deloitte Report here.
Sybil Attack - https://en.wikipedia.org/wiki/Sybil_attack