An increasingly common way to attack ‘incumbents’ in an otherwise brand-new industry such as crypto are vampire attacks. The name is not at all inappropriate.
What is a vampire attack in crypto?
Simply put, a vampire attack is when a DeFi protocol offers better rates to attract investors from another protocol. This siphoning off users from an existing protocol happens by offering better rates on liquidity or directly via an airdrop.
The first step of a vampire attack is to incentivize liquidity providers of another platform to stake their LP (liquidity pool) tokens, which represent supplied liquidity, to a new platform.
A vampire attack almost always follows the same playbook as we will see in the examples below: Identify industry leader; build a competing yet differentiated platform; offer superior incentives for users to migrate.
SushiSwap, the first crypto vampire
In the summer of 2021, a DeFi project named SushiSwap was launched. It got the attention of the DeFi community as it aimed at directly competing with Uniswap by forking the project and siphoning out liquidity – a vampire attack.
Uniswap’s liquidity providers were incentivized to stake their LP tokens on SushiSwap, so they could receive extra rewards paid in the SUSHI token. SushiSwap started with an extensive emission schedule for the SUSHI token – 1,000 SUSHI per Ethereum block distributed to Uniswap’s liquidity providers across multiple different pools.
SushiSwap had something called The MasterChef smart contract. The MasterChef contract, once triggered, was able to migrate LP tokens from Uniswap to Sushiswap, in essence, extracting Uniswap’s liquidity.
To encourage liquidity providers to participate in the migration, some extra incentives were introduced. To begin, all the SUSHI liquidity mining programs would continue after the migration but with a decreased emission (100 SUSHI per block). In addition, people who decided to stake their SUSHI tokens instead of selling them would be getting a piece of trading fees from SushiSwap.
SushiSwap’s deposits grew rapidly from $300 million to $1.8 billion USD. By the time the migration was over, SushiSwap had gained $810 million worth of tokens — or around 55% of Uniswap’s liquidity. Uniswap managed to survive the attack by issuing its own governance token to incentivize its community but nevertheless, the event sent a chilling message across the DeFi landscape – If a DeFi protocol does not meet the community and industry’s expectations, it could be forked.
LooksRare masters a vampire attack on OpenSea
The mega-success of OpenSea in the world of NFTs has also made it a likely target of vampire attacks. The first attempt was conducted by Infinity which branded itself as a community-driven, anti-establishment alternative to OpenSea. The one attempt however that got wide attention for its audacity and incentive mechanism behind the attack was LooksRare, another community-owned NFT marketplace.
It started with the LooksRare team identifying OpenSea users who had traded at least 3 ETH worth of NFTs over the prior six months and airdropping them LOOKS tokens. However, to claim these free tokens, users first had to list an NFT on LooksRare. It is worth mentioning that product-wise, from the very beginning LooksRare has already had all the ingredients needed to call itself a worthy opponent to OpenSea including open-source protocol, open APIs, creator-owned storefronts, batch buys, cross-platform royalties, and flexible storage and minting, to name a few. But the real game began when LooksRare attempted an actual vampire attack on OpenSea.
The initial set of incentives powering the attack didn’t stop there. Users of the LooksRare platform could earn more tokens by staking their LOOKS and by trading NFTs on the platform. LooksRare charges a 2% fee for every sale (compared to 2.5% on OpenSea), and staking (locking LOOKS into a smart contract) entitles stakers to 100% of those fees. Stakers were also able to earn additional LOOKS on top of trading fees.
In a nutshell, the trading incentives were simple – buy or sell an NFT on LooksRare and earn LOOKS. Rewards are paid out daily, based on the % of that day’s volume.
The caveat soon dawned on some savvy users. Nothing would stop a LooksRare user from swapping the same NFT back and forth between their own wallets at a high dollar amount. Daily rewards are paid out as a percentage of the day’s volume, so if someone can wash-trade their way to 10% of that day’s $10 million trading volume, they could net $1 million in LOOKS tokens. The fees traders are paying in ETH are roughly equal to the rewards being paid in LOOKS. In this way, traders were swapping ETH for LOOKS, which will pay off should the price of LOOKS appreciates relative to the price of ETH. Overall LooksRare did manage to build up a massive user base in a short amount of time, which could introduce a recipe for up-and-coming crypto projects looking for ways to bootstrap and build an early community behind their project.
Victims of crypto vampire attacks have largely been protocols with an increased degree of centralization where the community has called for more decentralization and fair launch of their tokens where no one entity — including founders — has an unfair advantage in obtaining tokens.
Such experiments are much needed in this nascent industry, and they will strengthen the whole ecosystem and make it more resilient in the future. That’s the best part about crypto. You are not safe. No project should get too comfortable. The ecosystem is open and perpetually optimized. Anyone could build a better lego than you. Anyone can be more decentralized than you, which is what crypto’s ethos is all about.