DD
MM
YYYY

CATEGORIES

PAGES

DD
MM
YYYY

spot_img

CATEGORIES

PAGES

Home Blog Page 69

Yearn Finance yETH Stableswap Pool Exploit, $9M Drained in Infinite Mint Attack

By
Paul Ugbede Godwin
-
0

Yearn Finance, a prominent DeFi yield aggregator, fell victim to a sophisticated exploit targeting its legacy yETH stableswap pool—a custom contract aggregating liquid staking tokens (LSTs) like stETH, rETH, and cbETH.

The attacker exploited a critical vulnerability in the yETH token contract, specifically an “unchecked arithmetic” bug combined with a cached storage issue in the packed_vbs array.

This allowed them to deposit just 16 wei the smallest unit of ETH and mint an astronomically large supply of yETH—approximately 235 septillion tokens 2.3544 × 10^56, effectively infinite.

With this inflated supply, the attacker swapped the unbacked yETH for legitimate assets in a single transaction, draining: $8 million from the main yETH stableswap pool. $900,000 from the related yETH-WETH pool on Curve Finance.

The total loss clocked in at around $9 million. The attacker then laundered over $3 million in ETH through Tornado Cash, a privacy mixer, and staked the remaining ~$6 million in LSTs likely to delay recovery efforts.

Yearn’s team confirmed the exploit was isolated to this legacy pool and did not affect its core V2/V3 vaults, which hold over $410 million in deposits. No direct user funds in active strategies were impacted, but depositors in the affected pool suffered losses.

The bug stemmed from outdated code in a customized StableSwap implementation. It enabled infinite minting without proper collateral checks, turning a math error into an “infinite money glitch.” This is the third major Yearn exploit since 2021, following two flash loan attacks that cost $22 million combined.

Security firm PeckShield flagged it first, noting the single-tx nature of the drain. By December 2, Yearn recovered $2.4 million in pxETH a Plume Network LST through coordination with Plume and Dinero teams. The remaining funds are being tracked, with the attacker’s wallet still holding mixed assets.

Yearn’s post-mortem highlights similarities to the recent Balancer exploit in complexity. Crypto hacks have exceeded $2.5 billion in losses for 2025 alone. ETH prices dipped ~5% post-exploit, reflecting DeFi jitters. Yearn emphasized that newer products use audited, safer code, but the incident underscores risks in legacy contracts.

This exploit serves as a stark reminder for DeFi users: Always audit interactions, diversify pools, and monitor for outdated deployments. Yearn’s quick isolation prevented wider damage, but it highlights ongoing challenges in securing complex LST ecosystems.

Ryan Whitney’s $30K Loss on Dave Portnoy’s GREED Token

In a recent admission that’s gone viral in crypto circles, Ryan Whitney—a former NHL player and co-host of the Spittin’ Chiclets podcast—revealed he lost $30,000 chasing gains on GREED, a Solana-based meme coin launched by Barstool Sports founder Dave Portnoy in February 2025.

Whitney shared the story candidly, turning it into a humorous yet brutal lesson on the perils of hype-driven tokens.The BackstoryPortnoy, notorious for his chaotic crypto forays, launched GREED on February 18, 2025, branding it as a satirical nod to “extreme greed” in meme coins—complete with a Gordon Gekko (Wall Street) meme.

He scooped up 357.9 million tokens 35% of supply for ~$358,000 worth of SOL, pumping the market cap to $41.5 million. But just 30 minutes after denying dump plans on X Spaces even claiming he tried to burn supply, Portnoy sold his entire stake in one transaction, crashing GREED 99% from $0.03 to under $0.003.

Portnoy’s Haul: He pocketed ~$258,000 in profit, then pivoted profits to JAILSTOOL and launched GREED2 which hit $28 million cap before tanking 90%. Traders got wrecked—one sniped 911 SOL $153,000 early, only to sell for 309 SOL ($52,000), losing $101,000 in hours. Crypto sleuths like ZachXBT slammed it as a “rug pull worse than native influencers.”

He FOMO’d in during the hype, drawn by Portnoy’s Barstool clout and the token’s cheeky theme. As one X user quipped: “Imagine telling your kids you lost money on something literally called GREED. The market has a sense of humor. Dark one, but still.”

His story resonates as a relatable gut-punch—$30K isn’t chump change, especially for a high-profile athlete admitting it publicly. Portnoy warned “don’t invest more than you can afford to lose,” but his rapid exit amplified the irony. Whitney’s tale echoes broader 2025 meme coin carnage, where influencers like Portnoy fuel pumps then bail.

Whitney’s no newbie, but it shows even pros get burned chasing narratives. Key takeaway: Size small he didn’t overexpose, set exits, and remember meme coins are zero-sum gambling. Both stories capture crypto’s wild duality—innovation in DeFi meets reckless speculation in memes.

Stripe Acquires Metronome in $1B Deal to Deepen SaaS and Usage-Based Billing Capabilities

By
Ojukwu Emmanuel
-
0

Stripe has reportedly acquired Metronome, a leading usage-based billing startup, in a landmark $1 billion transaction that underscores Stripe’s growing focus on SaaS and API-driven monetization infrastructure.

The move strengthens Stripe’s capabilities in managing complex, consumption-based pricing models increasingly used by AI, cloud, and developer-first companies.

Commenting on the acquisition, co-founder and CEO of Metronome Scott Woody said,

I’m excited to announce that Metronome has signed a definitive agreement to join Stripe. Today’s best companies treat monetization as a competitive advantage, and they rely on Metronome to make that true. For our customers, we have always been more than software. We are an extension of their team and a core system of truth that powers their business. Just as Stripe powers the world’s payments layer, Metronome powers its monetization logic. This partnership connects those two foundations seamlessly. As part of Stripe, our mission accelerates dramatically. Customers will continue getting world-class software, and now many more people will have access to Metronome.”

Metronome is a usage-based billing platform built for the speed of today’s best software companies. The platform is designed to make billing fast, flexible, and frictionless, enabling customers to launch and iterate products faster, connect billing to the product experience, and act on real-time insights to drive strategic decisions.

By bringing Metronome in-house, Stripe is positioning itself as a core financial operating system for high-growth businesses. Under Stripe, Metronome’s mission is set to accelerate significantly. Customers will continue to enjoy world-class software while even more users gain access to Metronome’s capabilities.

Metronome will be integrated as a core component of Stripe’s product suite, yet customers will retain the flexibility to adopt best-in-class tools across the quote-to-cash and monetization stack. Both companies plan to serve a broad user base, from simple self-serve businesses to enterprises with highly complex workflows.

The combined roadmap includes enhanced innovations such as seat-based credits, real-time spend alerts, hierarchical accounts, and more. The goal is to anticipate and solve customer challenges long before they become bottlenecks.

Metronome’s users will also benefit from Stripe’s renowned five-nines (99.999%) uptime and global financial infrastructure, resulting in greater reliability and improved service for their businesses and customers. As the product roadmap accelerates, more users worldwide will be able to tap into the full potential of Stripe’s ecosystem.

Notably, the acquisition of Metronome comes after Stripe earlier this month launched new features to help SaaS platforms manage risk and stay compliant. Platforms like FreshBooks, Shopify, and Jobber already rely on Radar for platforms to prevent, detect, and mitigate fraud and insolvency risk. Powered by AI-driven risk scores trained on over $1.4 trillion in payments volume, Radar for platforms provides a custom rules engine and robust actions to block suspicious businesses and transactions. Now, Stripe is expanding these capabilities.

Radar for platforms now allows platforms to protect themselves from potential losses by setting temporary reserves on user funds. These reserves can be created programmatically or through the Stripe Dashboard, and platforms can choose between fixed or rolling reserves based on their risk mitigation needs. For instance, platforms can create rules to identify businesses with high risk scores and automatically apply ongoing reserves to guard against sudden spikes in disputes. They can also place holds on large transactions involving long delivery times and release the funds once return windows close.

While automated fraud prevention is powerful, Stripe also recognizes that platforms often have deeper insight into their users. To support more personalized risk approaches, the company has introduced Stripe Verified for platforms. This program offers trusted platforms enhanced controls to tailor risk and compliance settings. Verified platforms can extend deadlines for eligible compliance tasks directly from the Dashboard, helping users complete important requirements without interruption.

Stripe recent deal with Metronome, highlights how billing has evolved from a back-office function into a strategic fintech differentiator. For fintech and SaaS leaders, this is a clear signal of where platform control and data monetization are heading.

Oracle To Emerge As Top AI Beneficiary Amid Massive Infrastructure Shifts, Wells Fargo Projects

By
Samuel Nwite
-
0

Oracle is set to emerge as a major financial beneficiary in the next phase of Artificial Intelligence adoption, according to a bullish new report from Wells Fargo.

The investment bank projects “significant upside” for the technology giant, citing the surging demand for its cloud infrastructure platform as enterprises begin shifting AI training and inference workloads away from established hyperscale cloud providers.

The firm’s optimism centers on the growing traction of Oracle Cloud Infrastructure (OCI), which is gaining market share by offering performance and cost advantages crucial for intensive AI workloads. The transition to OCI is being driven by factors beyond just pricing.

Wells Fargo highlights that Oracle’s strategy has been to challenge the breadth and market share of Amazon Web Services (AWS) and Microsoft Azure by focusing on deep performance and cost optimization, particularly for specialized AI and database workloads.

Unlike the shared infrastructure models of its larger competitors, OCI is known for its bare-metal GPU instances that eliminate virtualization overhead. This design choice translates directly into superior and more consistent processing power for demanding tasks like training massive foundational AI models. Benchmarks have indicated that OCI offers up to four times the cluster networking bandwidth as AWS for clustered workloads, and in some analyses, the cost of a billion-parameter GPT-3 training run on OCI was found to be 35% lower than on AWS and 41% lower than on Google Cloud.

A crucial element is Oracle’s ability to rapidly deploy high-throughput, GPU-rich clusters. While AWS and Azure offer a wider array of general cloud services and a larger global footprint, Oracle has locked in critical deals with top AI model developers, including its blockbuster partnership with OpenAI to provide cloud computing power, as well as working with companies like Cohere and Abjad AI. For instance, Oracle will be the first hyperscaler to offer an AI supercluster powered by 50,000 AMD Instinct MI450 Series GPUs starting in 2026, showcasing its commitment to scaling its dedicated AI infrastructure.

OCI generally offers a more predictable pricing model, which contrasts sharply with the often complex, opaque, and high data egress (outbound data transfer) costs of AWS and Azure. OCI’s lower egress fees and globally consistent pricing across all regions offer a significant financial advantage for enterprises moving massive data sets required for deep learning.

The report concludes that OCI is capturing this demand because enterprises are no longer just looking for a general-purpose cloud; they are looking for the most cost-effective and high-performing engine for their specialized AI operations.

Operational Leverage and Financial Outlook
The report suggests that this AI-driven demand will fundamentally change Oracle’s financial trajectory.

Wells Fargo claimed that Oracle’s overall revenue would begin to expand faster, driven by the increasing magnitude of long-term cloud contracts and the sustained expansion of its lucrative database and applications businesses, which are increasingly being migrated to OCI. Oracle’s total remaining performance obligations (RPO)—a key indicator of future revenue—hit a record $455 billion in Q1 Fiscal 2026. The analyst also noted that Oracle’s operational leverage is improving as the company rapidly expands its data center footprint. As more customers migrate to the high-margin OCI platform, the efficiency and scale of the infrastructure business are expected to help margins grow even more.

While the research did not provide a specific price objective, Wells Fargo’s confidence in “significant upside” is based on the expectation that expenditure on AI infrastructure will continue to rise dramatically across all sectors through 2026, with Oracle firmly positioned as a primary alternative to the legacy hyperscalers.

India Retreats From Mandatory Cybersecurity App Order After Nationwide Backlash

By
Samuel Nwite
-
0
Social media is huge in India

India’s government has reversed its plan to compel smartphone makers to preload a state-run cybersecurity app, Sanchar Saathi, on all new devices—a directive that had triggered a fierce storm over surveillance concerns, political overreach, and the country’s unpredictable regulatory playbook.

The climbdown came barely a week after Prime Minister Narendra Modi’s administration quietly informed major manufacturers—including Apple, Samsung, and Xiaomi—of a 90-day deadline to install the app on every new handset sold in the country.

The initial order, reported first by Reuters, required the tool to be permanently embedded and impossible for users to remove. This provision ignited fears that the government was edging closer to direct control over personal devices, reviving older debates about data protection and state intrusion that have followed New Delhi for years.

On Wednesday, the communications ministry issued a brief but decisive statement: “Government has decided not to make the pre-installation mandatory for mobile manufacturers.”

The short announcement capped 48 hours of political fire, industry backlash, and public unease.

The reversal is striking for several reasons. Only a day earlier, ministers had vigorously defended the mandate, insisting Sanchar Saathi’s purpose is limited to tracking stolen devices and blocking their misuse. They maintained that the app helps curb financial fraud linked to lost or cloned phones. What rattled companies and privacy groups was the requirement that manufacturers make the app impossible to disable—a feature that inevitably raised suspicions over long-term intentions.

Political pushback intensified the pressure

Opposition parties seized on the issue almost immediately. Congress leader Randeep Singh Surjewala submitted a notice to Parliament demanding that the government explain the legal basis for enforcing a non-removable application on citizens. He warned that once such an app becomes mandatory, users cannot know what channels it may open in the future, saying this type of tool could have a “backdoor” that leaves personal data exposed.

Newspaper editorials widened the criticism, calling the directive heavy-handed and unnecessary. Civil society groups argued that forcing a state-linked app onto every device would lower user autonomy and set a dangerous precedent for broader digital access.

Online, discussions questioned why the government needed a compulsory pre-installation when the app was already available for voluntary download. Many users feared the plan would open the door to greater monitoring of personal communication and location data.

Tech giants were poised to reject the mandate

Sources familiar with discussions told Reuters that Apple and Samsung were preparing not to comply with the order. Both companies have long taken firm positions on user control and privacy, and a non-removable government app would have placed them at odds with their global product frameworks.

India is now one of the world’s biggest smartphone markets, and companies treat its regulatory environment carefully. A move that forces hardware changes at the manufacturing level—particularly one involving an undeletable state-linked app—would have magnified operational costs and created a challenge across supply chains.

Mishi Choudhary, a prominent technology lawyer and policy advocate, said the episode underscores a broader trend: “India’s highly unpredictable regulatory framework presents constant challenges for business that values predictability.”

She welcomed the withdrawal but warned that policy swings without a clear foundation weaken confidence among global companies.

Her concerns echo past events. India was forced to abandon a laptop import licensing rule last year after sustained intervention from U.S. officials and industry lobbies. That policy would have required import permits for devices entering the country, a move that caused immediate concern among American and Asian manufacturers.

Government shifts tone, cites rising app adoption

After the backlash gathered pace, the government attributed its U-turn to “growing popularity” of Sanchar Saathi, saying more than 600,000 people downloaded the app since Tuesday. Officials described the tool as secure and said it was created solely to protect users from cybercriminals, fraudulent SIM registration, and phone theft.

Sanchar Saathi allows users to block stolen devices, check associated SIM cards, and identify suspicious activity. Devices flagged through the app can be disabled across Indian networks to prevent misuse—useful in tackling fraudulent calls and digital scams.

The government’s latest position suggests that voluntary adoption may be enough to advance what it sees as public-interest cybersecurity goals. Still, many observers believe the deeper reason for the retreat lies in the rapidly escalating political and commercial fallout.

Global comparisons and a longer pattern of privacy battles

Modi’s planned requirement had almost no global precedent, according to sources. The closest parallel comes from Russia. In August, Moscow ordered all smartphones and tablets to include MAX—a state-linked messenger app commonly used by government agencies and seen by opponents as potentially intrusive. That policy drew immediate concern from digital rights groups over its potential use for monitoring.

India’s history with digital privacy debates made the latest uproar even more charged. In 2020, the government mandated the use of a COVID-19 contact-tracing app among office workers. After widespread uproar over privacy and data transparency, authorities scaled it back from a requirement to a recommendation.

The country has also spent years working through data protection bills, with earlier versions drawing objections from both privacy experts and industry because of provisions that allowed wide government access to user information.

A policy episode that raises broader questions

For now, the decision to withdraw the Sanchar Saathi mandate removes one immediate flashpoint. But it also exposes persistent tension between the government’s desire for tighter digital security controls and the public’s push for stronger privacy protections.

It also amplifies concerns among manufacturers who say they need predictable regulations to plan investments and product cycles. India’s booming smartphone market depends heavily on foreign companies. Sudden shifts in policy—particularly those that require hardware-level alterations—risk sending signals that complicate future planning.

The latest U-turn brings relief for manufacturers and digital rights advocates, but it revives a familiar debate: how a fast-growing digital economy balances cybersecurity needs with personal freedoms, user control, and industry stability.

Odds for US Rate Cut in December are Pricing Around 87% Probability at 25 Bps 0.25%

By
Paul Ugbede Godwin
-
0

According to the latest data from the CME FedWatch Tool, markets are pricing in an 87% probability of a 25 basis point 0.25% cut to the US federal funds rate at the Federal Open Market Committee (FOMC) meeting scheduled for December 10-11.

This would lower the target range from the current 3.75%-4.00% to 3.50%-3.75%. Odds have fluctuated significantly in recent weeks due to mixed economic signals. For instance, they dipped to around 35% in mid-November amid stronger-than-expected jobs data and inflation concerns but have rebounded sharply on cooling labor market indicators and softer PCE inflation readings.

The tool, based on 30-day Fed funds futures prices, shows the following breakdown for the December meeting: 87% chance of a 25 bps cut to 3.50%-3.75%. 13% chance of no change holding at 3.75%-4.00%.

Negligible odds <1% for a larger cut or hike. Looking further ahead, markets now imply about 75-80 basis points of total cuts by the end of 2025, down from earlier expectations of 100+ bps, reflecting caution over persistent inflation risks.

With the CME FedWatch Tool showing an 87% probability of a 25 basis point (bps) cut at the December 10-11, 2025, FOMC meeting, U.S. stocks have rallied sharply in recent sessions.

This rebound follows a mid-November sell-off when odds dipped to around 30-50% amid hawkish Fed comments and mixed data, which dragged the S&P 500 down ~2-3% and pushed Treasury yields higher.

As probabilities climbed back above 80% on cooling jobs data, 4.1% unemployment and softer PCE inflation core at ~2.4%, equities recovered: the Nasdaq Composite gained ~1.5% on December 2, led by tech, while the S&P 500 and Dow Jones rose 0.5-1% in muted trading.

Crypto stocks like MicroStrategy +5.8% and Coinbase +1.3% also surged on the “risk-on” sentiment. However, volatility remains elevated—VIX up ~20% since October—due to data gaps from the recent government shutdown and tariff uncertainties.

If the cut materializes as expected, analysts see a potential 2-3% year-end S&P 500 grind higher, but a “hawkish cut” (e.g., signaling fewer 2026 easings) could trigger a 0.5-5% pullback via “sell-the-news.”

Lower rates reduce borrowing costs, boosting corporate profits, consumer spending, and investment—historically fueling ~7-10% S&P 500 gains in the six months post-cut non-recessionary periods.

Markets now imply ~75-80 bps of total 2025 cuts ending at ~3.0-3.25%, down from 100+ bps earlier, reflecting caution on persistent inflation risks from tariffs. This could broaden the rally beyond mega-cap tech, which has driven ~85% of 2025 S&P gains, toward small-caps and cyclicals if easing sustains growth.

Cheaper capital for capex; supports valuations like Nvidia, Alphabet up 5-10% on odds spike. Net interest margins compress but loan growth rises; historical +7.3% post-cut. Lower financing costs; data centers outperform (e.g., +6.8% in Oct).

Rate-sensitive; benefits from yield drop 10Y Treasury <4%. Boosted spending; holiday sales eyed at $1T+. Tariffs offset easing; Deere -5.7% on profit warning. Bitcoin has swung wildly +30% then -30% since Oct but could rebound 10-20% on confirmed easing, as seen in prior cycles.

Gold, up 60% YTD to $4,200/oz, acts as a hedge against volatility. The cut signals a “soft landing” but risks rekindling inflation if tariffs  on autos bite harder than expected—potentially forcing a 2026 pause.

A no-cut surprise 13% odds could spark a 1-2% dip, echoing November’s slump. Overall, easing supports a 2025 bull market extension, but fiscal deficits and geopolitics add headwinds—position for quality growth over speculation.

Watch Friday’s PCE data for final clues. These probabilities are derived from trader expectations in futures markets and can shift quickly with new data like upcoming nonfarm payrolls or CPI reports.

If you’re trading or investing based on this, consider consulting a financial advisor, as these are market-implied odds, not guarantees.

1...686970...7,952Page 69 of 7,952

© Tekedia. All rights reserved.

Term & Privacy

© Tekedia. All rights reserved.

Term & Privacy