Welcome again to Inside DeFi
It’s been an fascinating week for a few of DeFi’s largest names. BlackRock is flirting with Uniswap and the connection between Aave Labs and its DAO could also be on the mend.
Rainbows and UNIcorns
Regardless of being billed as “a major vote of confidence in DeFi,” buying and selling of the BUIDL tokenized fund could be restricted to these Securitize deems eligible to be whitelisted, similar to market maker Wintermute and “qualified purchasers” with over $5 million in property, Fortune reported.
Uniswap’s founder Hayden Adams had multiple motive to have a good time, although, as rival DEX Bancor’s lawsuit seems to be now not a difficulty.
On the DAO entrance, Uniswap’s buyback and burn program has been operating simply over a month, passing one million UNI tokens burned this week.
Whereas the UNI worth, quantity, and charges have all dropped considerably since November’s UNI-fication announcement, final week’s volatility gave this system a hefty increase, with $430,000 of UNI burned in a single day.
But it surely wasn’t simply Uniswap cosying as much as the mainstream this week.
DeFi interoperability protocol LayerZero introduced its new “Decentralized Multi-Core World Computer” to a lot fanfare (and technobabble), claiming it presents a “credible alternative to centralized cloud providers.”
Partnerships embody TradFi’s DTCC, Citadel Securities, and ICE (no, not that ICE), VCs a16z and Ark Make investments, and Google Cloud.
Hackers or slackers?
Every week with no main sensible contract hacks is uncommon, however very welcome, in DeFi.
The previous week didn’t go absolutely with out incident, nevertheless. Maple Finance kicked Monday off with a entrance finish scare, although no funds had been misplaced and the positioning was restored a couple of hours later.
One would have thought that, following 2024’s wave of entrance finish assaults, DeFi initiatives would have taken Vitalik’s recommendation on the matter.
The identical goes for provide chain assaults. Final September’s “generational fumble” made abundantly clear the potential risks that npm packages can pose to the DeFi ecosystem.
Nonetheless, final week Socket researchers found malicious npm and PyPI packages concentrating on decentralized derivatives alternate dYdX’s v4.
The packages had been designed to allow pockets credential theft and distant code execution on dYdX customers, though it’s unclear whether or not any losses had been realized.
Safety goes reside
Phylax Methods’ network-native circuit-breaker, Credible Layer, was built-in into Linea’s sequencer on the finish of final month. This method checks each transaction towards pre-defined “assertions” to catch any humorous enterprise earlier than it’s executed.
In an identical vein, on the app-level, among the chew was taken out of the latest Step Finance hack when withdrawal rate-limit caps kicked in on Kamino.
On the audit aspect, Firepan argues for specializing in steady danger monitoring as an alternative of the point-in-time evaluation provided by conventional audits, boldly stating that “every major DeFi hack in 2025 happened to a protocol that passed an audit.”
Extra excellent news for the EthSec neighborhood
The Ethereum Basis has pledged to sponsor a SEAL Intel engineer with the “sole mission” of monitoring and neutralizing “drainers targeting Ethereum users.”
TheDAO safety fund can be being put to work to finance SEAL, with $400,000 and perpetual Superfluid streams set as much as fund ongoing operations.
Ethereum’s Safety Alliance (SEAL) retains observe of threats throughout the ecosystem. Its most up-to-date warning was a thread on North Korean IT staff utilizing reliable LinkedIn profiles to use for crypto trade roles.
Elsewhere, a safety researcher going by “ily2” earned a $3 million bounty by way of Immunfi for figuring out a crucial sensible contract bug.
Not many protocols match the outline of possible candidates.
Not so secret brokers
Hype round AI brokers continues to offer nightmare gasoline as “OpenClaw bot swarm” owockibot gave up its scorching pockets’s personal key “after only five days alive.”
The venture works to assist grants platform Gitcoin, however treasury funds are “stored in a safe that requires [its operator] to sign,” that means the incident was not more than “a minor setback.”
Let’s hope builders keep in mind the underlying lesson that “an LLM based AI will *never* *ever* be able to keep something it knows, a secret,” going ahead.
Except for the brokers themselves, the OpenClaw expertise market is rising as a provide chain assault vector, getting used as a malware distribution middle.
In the meantime, the bots themselves are holding grudges when their PRs are closed.
DAO dramas, however solutions in sight
Aave Labs has lastly performed its hand within the ongoing possession debate.
Nonetheless, the concessions come at a worth. Labs needs $25 million in stablecoins and 75,000 AAVE tokens to be paid over the subsequent two years. ACI delegate Marc Zeller proclaimed “the DAO Won, but the deal isn’t done.”
We’ll be standing by for updates as negotiations proceed.
The Curve ecosystem’s newest experiment, Yield Foundation, put stress on stablecoin crvUSD’s peg in the course of the latest bout of bitcoin volatility.
The problem, in line with a sequence of analyses from Ember Protocol’s Joe Wait, is that “Yield Basis makes too much money.”
He proposes a crvUSD “peg tax” paid when Yield Foundation is “printing fees.”
Curve founder Michael Egorov seems to lend a hand, although the tax price continues to be TBD.
Curve’s veToken mannequin, which requires would-be contributors in DAO votes to lock their tokens right into a vote-escrow contract, was eagerly snapped up throughout the sector during the last cycle.
Lately, nevertheless, a few its most high-profile adopters have determined to desert the mannequin.
Yearn and Pendle have opted to simplify issues with stYFI and sPENDLE, respectively.
The vote runs till Saturday. Present frontrunner Noctua Capital, if profitable, will handle $180 million, together with GNO tokens ($40 million when excluded).
It could take $1 million per yr, plus 30% of yield “above benchmark,” in return.
On-chain antics
Tether’s transfer to freeze over half a billion tokens along side Turkish authorities, which led one observer to ponder the results of a significant DeFi pool being frozen.
BlockSec launched a freeze tracker to maintain on prime of USDT freeze exercise. Within the final 30 days, 238 addresses have had over $200 Million frozen on Ethereum and Tron.
Lastly, Yearn contributor “MarcoWorms” recognized a batch of multisig transactions which have already hit their required signature threshold.
They executed 113, however opted to not shell out on fuel for 732 extra.
Regardless of multisig ops typically being an integral a part of DeFi groups’ every day actions, they don’t at all times go easily.
