Last week, the DeFi space was rocked by new revelations of a venture capital fund receiving millions of dollars in an airdrop that were obtained in a morally questionable way.
How the Ribbon Finance airdrop exploit happened
Not long after surviving the biggest hack in its history, the decentralised finance community has new food for thought. However, this time, it’s not about security but ethics. Last Friday, users discovered that an analyst from Divergence Ventures, a crypto venture fund, had obtained $2.5 million in RBN tokens. Though this isn’t illegal in the unregulated space, the way the analyst went about it was questionable to say the least.
Apparently, she had created dozens of identities and fulfilled the minimum requirements to be eligible for the startup’s airdrop. Airdrops are a popular way of distributing tokens and increasing a project’s visibility and engagement in the process. With those minimum requirements fulfilled, all the analyst had to do was wait and swap the tokens for ether after the airdrop had been completed. Making this case particularly spicy are two questions. Did being an early investor in Ribbon Finance (the project in question) give the VC analyst the kind of insider information needed to siphon off so much money? And was this a deliberate tactic by the fund, or possibly even VC funds on a larger scale, or was it merely a case of a rogue analyst gaming the system?
New ethics discussion erupts in the DeFi community
The incident was discovered by pseudonymous Twitter user Gabagool.eth. He found the exploit when tending to his own position in RBN and connected the dots when he saw several wallets sending their airdrops to a parent wallet that linked to the analyst’s named Ethereum address. Gabagool then tweeted out his findings: “That’s interesting, a fund that’s invested in this protocol has a rogue analyst or is doing something people won’t like, based off what I know about crypto.”
Still, the user sided with Ribbon Finance founder Julian Koh over the affair, with the latter insisting that Ribbon had not disclosed any cutoff dates or participation criteria that could have given investors insider information about the airdrop. According to Gabagool, this was rather standard procedure in the DeFi space, with a lack of regulation opening the door to insider trading.
Moreover, savvy DeFi users spend a lot of time and energy finding and participating in promising projects that could do airdrops later on. That shines a different light on the analyst’s behavior and raises the question of whether conducting the attack was wrong or whether she could only be faulted for getting caught. “I do think they f**ked up if not just because they got caught,” said Gabagool.
While Divergence returned the funds, DeFi will likely experience more of the same in the future. Not all of that might be bad, though. Gabagool himself thought that DeFi’s unstable nature bears a creative potential and that the exploits happening contribute to the learning curve and maturing of the space.