Took me a while to find, but yes, the most notable version of this attack was the $182 million one on Beanstalk, about a year ago, where someone used a flash loan (meaning, access to nearly unlimited money as long as you pay it back in the block) to add new assets, issuing themselves a majority of shares, which they then used to vote themselves the project's assets, then redeemed their shares, pulled the assets out, and repaid the loan.
If you are talking about large USD equivalents, I think they reflect not necessarily the amount invested (though there's certainly lots of dirty money) but what people would trade these for.
If you have a thing that everyone wants today, even if you invested zero dollars in it back in the day, it may be worth a mil. (However, if it turns out the thing is not so great it can cost half a cent the next day.)
VCs, retail, prior exploiters, gamblers, it circulates.
There are orders of magnitude more Defi projects than the ones that get exploited and posted about.
And the projects that get exploited go more days without incident, like construction sites.
Think of if as if you evaluated the entire tech sector based on an international headline of a single phishing attack. You would have a skewed view that leads you to ask the same question, because there are always phishing attacks and little coverage of a deeper conversation. That’s kind of how it was 25 years ago in tech. Now people largely ignore that and talk about what organizations build, while the other problems never went away.
The "real" money supply is effectively infinite, as money today is only backed by confidence in the banking system and nothing else.
In the UK for example, the amount of pounds in circulation has more than doubled in the last decade. This money supply grows with how much banks lend, and 80% or so of that lending is for housing i.e. speculation and investment.
All of that created money needs to go somewhere once it becomes more fungible than real estate, and that's how you got NFTs, Tesla and so on.
Now don't get me wrong, money is debt and always has been, far before the invention of symbolic currency. I'm not one of these gold standard idiots. I'm just concerned that a trust based system doesn't scale very well.
Do you actually need much starting capital for those? I was under the impression that anyone could in theory create a new cryptocurrency (or -product) from their proverbial basement and start selling it to gain (real money) capital.
I mean Bitfinex did it with Tether, in two directions as well; they pre-minted loads of this currency, then sold it for USD while at the same time allowing people (and themselves) to buy BTC with Tether, artifically boosting the value of BTC and the BTC that they themselves held, which helped them pay off the debts from their various breaches.
> Do you actually need much starting capital for those?
More about the rubes who see some new NFT advertised, and think, "Oh, that's going to go to the Moon!" and plunk down some actual money for it. I guess I'm surprised we haven't run out of rubes yet. Yes, I know human foolishness is a renewable resource, but at some point I'd think most of the easily accessible rubes have been used up (i.e. had their wallets drained), and it would be a while before a new crop of rubes is available in sufficient quantity for exploitation.
yeah I would say that successful phishing campaigns and rugs stay within the ecosystem to make more. they can directly buy into new projects or launder and buy into new projects. the new projects can be specifically launched to sell out to laundered funds, it can even be the same people using different addresses and nodes.
and then on the legal side with arbitrage bots (MEV and more), they also like to play around in the ecosystem, chase passive income in protocols and DAOs like everyone else.
speaking of everyone else, there are plenty of people with clearly legal funds, this post is just not about them.
its a whole parallel economy, where transactions simply aren't whitelisted, just as the people spent the last decade building due to the friction involved with whitelisting transactions unnecessarily. its here, this is how it works.
illicit fund users can cash out as well, whenever they want their local fiat money.
were they the person that launched the project (that got bought out by the laundered money)? congratulations.
were they one of the early believers of the project (that they also launched, that also got bought out by the laundered money?) congratulations, they have high capital gains just like any other lucky trader that "did their own research".
web3isgoinggreat account with sources: https://web3isgoinggreat.com/?id=beanstalk-farms-stablecoin-...