$2 500 000 USD





"SUSTAINABLE ALPHA FOR EVERYONE" "Earn yield on your cryptoassets with DeFi's first structured products protocol." "Ribbon Finance is a new protocol that helps users access crypto structured products for DeFi. It combines options, futures, and fixed income to improve a portfolio's risk-return profile."


"Theta Vault, which is a yield-focused strategy on ETH and WBTC. The vault earns yield on its deposits by running a weekly automated options selling strategy. The vault reinvests the yield earned back into the strategy, effectively compounding the yields for depositors over time."


"Ribbon's v1 and v2 Theta Vault contracts are audited. Despite the audits and security measures we have taken, we advice users to exercise caution and to not risk funds they are not willing to lose." Audits were found provided by Quantstamp, ChainSafe (2 audits), Peckshield, and OpenZeppelin. "We have an ongoing bug bounty on ImmuneFi, with up to $50,000 of bounty. The contracts that are included in the bounty are ETH and WBTC Theta Vaults."


"On Friday, Oct. 8, DeFi users used Etherscan to discover that a researcher for VC firm Divergence Ventures was receiving hundreds of ETH from wallets selling recently airdropped RBN tokens. The researcher allegedly used dozens of wallets to fulfill bare-minimum parameters to claim $2.5M in RBN tokens, an exploit known as a sybil attack on the distribution. Divergence later acknowledged the sybil attack in which it said it “crossed a line” and said it would be “better contributors to the community going forward.” Divergence also returned Ξ705 ($2.5M) to the Ribbon treasury."


"The episode presents the largely unregulated, permissionless DeFi community with yet another chance to debate the nature of fair play in an increasingly powerful, $200 billion ecosystem where the only governance is on-chain rules and some modicum of common sense."


"[T]his @divdotvc analyst @_bridgeharris has made 652 $ETH and counting from @ribbonfinance airdrops, quite impressive. finding wallets like their's and copytrading them is probably the best way to make it tbh"


"Gabagool told CoinDesk that he spotted the exploit as a result of his day-to-day research. He’d bought Ribbon tokens pre-launch from a friend and was doing due diligence after adding to his position on Friday."


“Today I bought Ribbon in size, so I was looking at the Uniswap v3 pool, checking out some of the wallets buying and selling Ribbon,” he told CoinDesk. “I was curious, primarily to find out what people were doing with their airdrops.”


"He said that he noticed a 17 ETH sale by “happenstance,” a sale whose proceeds were subsequently sent to another wallet. The new wallet, he noted, was funded with ETH that “all came from wallets that had received a Ribbon airdrop and sold a Ribbon airdrop.”"


"The parent wallet also linked to a wallet containing bridget.eth – an Ethereum name service domain that identified the owner as a Divergence Ventures researcher."


“Crypto people are very good at [operations security], but ENS is a weak point,” he cautioned.


"Initially Gabagool reached out to Divergence Ventures’ Calvin Liu to compliment his firm on the windfall, but another friend tipped him off that Divergence was actually an investor in Ribbon – a sign that it may have been acting on insider information."


“That’s when I sent my tweet, because I said, ‘That’s interesting, a fund that’s invested in this protocol has a rogue analyst or is doing something people won’t like,’ based off what I know about crypto.’”


"Divergence has since published a tweet thread acknowledging the sybil attack in which it said it “crossed a line” and said it would be “better contributors to the community going forward.”"


"Divergence also sent the ETH back to the project’s treasury, and the Ribbon community is now debating what to do with the funds."


"The Divergence team is (physically) getting to the other wallets in the next few hours and will send the remaining RBN to the DAO, totaling 100% of the RBN farmed from the protocol."


"A Ribbon Finance representative declined to comment. Divergence Ventures did not respond to a request for comment by press time."


“There are rules we enforce socially, and this is an important example of that playing out,” Gabagool said. “Divergence responded in a few hours and returned 705 ETH because an anon with a ‘Sopranos’ joke as a name tweeted an analysis? That is the opposite of ‘code is law.’ That’s community law, and I don’t think that’s a bad thing. We’re making up the rules as we go along.”

Ribbon Finance offered airdrop incentives, which were exploited through a Sybil attack to take a much larger reward than intended. The exploiter had a reputation to maintain and returned the funds without incident.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.