Beyond the typical rug pull there have been a lot of complicated hacks even on projects that are led by well meaning and competent founders. bZX was one of the first victims and the latest is Origin protocol OUSD.

The attack on OUSD is especially galling, it has a solid team backed by the likes of Pantera. The UI, UX they had was easily the best in the entire DEFI space. On 17 November 2020 they got hacked and lost all funds.

While the hacks are generally quite complex, they all seem to share a few similarities. The 2 key commonalities are

  1. They are all generally flash loans, which as the name suggests happen very fast and within the block.

  2. They usually involve an Oracle attack. A number of the systems that were attacked usually relied on Oracles and typically with reduced protections, such as relying on Uniswap for price feeds.

A well engineered attack would take out significant debt within the block and use it to influence the prices on Uniswap and then take advantage of the new arbitrage opportunities that emerged due to mismatched prices.

UMA protects against both of these attack vectors. Firstly it has a unique slow settlement process that makes flash loans all but impossible. Secondly it also does not rely on Oracle price feeds. They have a unique mechanism which completely eliminates the need for an Oracle while still protecting the integrity of the system. This model not only simplifies the design but also makes it safer due to the lack of an Oracle based attack vector.