Molly Wintermute: "I'm paying a high price for the mainnet-first approach to building"
The anonymous DeFi hacker who found a bug in her options trading platform hours after releasing it is pushing forward with her project.
Hello Defiers! Today I’m sharing an interview that can serve as a cautionary tale for builders and investors in the space. It also shines a light into a controversial DeFi character, who isn’t afraid of voicing her strong opinions, even if they rub people the wrong way (which they often do).
Molly Wintermute is an anonymous DeFi builder who released a decentralized options trading platform on April 23, only to discover a bug in the code hours later. Nearly $48k of users’ funds are now forever locked in the project’s smart contracts, which Wintermute has refunded thanks to support from early contributors. Wintermute launched a new version of Hegic in early May, and did so without an audit. The audit did come though, a month later, and the platform has so far been running unscathed, though value locked at almost $40k is still below pre-hack days (or pre-hack hours, rather).
Molly Wintermute’s avatar. Image source: Twitter
She has a simple recommendation for those who are still wary about Hegic: “Don’t use it.” Still, Wintermute is quick to point out the juicy returns Hegic traders are making, and says others will also want to taste some “DeFi raw meat.” Wintermute also talks about the next big milestone she’s focused on; HEGIC tokens, which she promises will have a “chad” distribution.
The open economy is taking over the old one. Subscribe to keep up with this revolution. Click here to pay with DAI (for 70 Dai/yr vs $100/yr).
🌈🌈: Also: We’re Only 1 week away from The Infinite Machine launch!
Pre-Order my book on the history of Ethereum and I’ll send you a personalized Proof of Pre-Order NFT. Click here for how to get a POP.
🙌 Together with Status, a secure messaging app, crypto wallet, and Web3 browser, Kyber Network, the on-chain liquidity protocol for the tokenized world, and Keycard, the secure, contactless hardwallet & open source API.
1. Understanding your anonymity, what can you mention about your background? Is Hegic the first dapp you built? Have you been in crypto for a while?
My birthday is January 29, 2020 because it’s the day when I’ve made my first tweet about Hegic: “I’ve been working on something that I call Hegic. I hope to reveal my creature ASAP”. That’s why the only fact about my background is developing Hegic. I am not a fan of putting labels on people. Some people call it “social capital” or “reputation systems”. Well, I’m a person with no social capital or reputation in the crypto and DeFi spaces and I’m building the Hegic protocol from scratch. The crypto community can only judge me by what they can see by themselves in my code that is open sourced on GitHub, on the interfaces of Hegic website or by reading the community members’ comments.
I’m a person with no social capital or reputation in the crypto and DeFi spaces and I’m building the Hegic protocol from scratch. The crypto community can only judge me by what they can see by themselves in my code.
It’s such a nonsense when I hear some people proudly say: “I’ve bought my first Bitcoin in 2011” or “I’ve heard about Ethereum in 2015”. Does this information have anything to do with this particular person’s credibility or skills? “Okay, you’ve also learned about the Internet in 1995, but why aren’t you one of the creators of Google, Twitter, Uber, Wikipedia or Bitcoin?” My humble assumption is that it doesn’t matter much for how many years has someone been in the space. The renaissance of crypto comes when devs are starting to build and deliver new protocols and products that people want instead of just writing tweet storms or discussing fancy ideas and concepts on podcasts for years.
2. Were any user funds lost because of the bug found in the previous version of Hegic?
I’ve released the Hegic protocol on February 20, 2020. The idea behind Hegic is to abstract all the complexities behind options as a financial instrument and to help people use it in a simple way on a daily basis.
DeFi users can use options for speculation (you can think of options as a x10 leverage with a fixed possible maximum loss — no more margin calls and liquidations), value protection (hedging assets from the price downside) and more. I’ve introduced a concept of a hedge contract in the Hegic whitepaper (it’s pretty outdated already; I’ll fix it in the nearest future and rewrite the whitepaper). Hedge contract is a system of Ethereum contracts that accumulate and hold liquidity in a non-custodial way, write (sell) options contracts to the holders, accumulate and distribute premiums between the liquidity providers (writers) and conduct on-chain settlement of the contracts.
During the first two months Hegic only had at-the-money ETH put options. It means that users could only pay for a right to swap their ETH for DAI stablecoins at a fixed price during a certain period. For example, if they held an option and the price of ETH was declining, they could click one button on the interface and swap 1 ETH for 200 DAI when the market price of ETH was $150 per ETH. The Hegic protocol’s pre-v1.0 traction is open and transparent for everyone who wants to learn how it all started.
When I’ve tested my initial assumptions about the protocol’s value for the users, I’ve started to work on v1.0 of the protocol. After the v1.0 mainnet launch I’ve found a bug in my code. In v1.0 each time a holder bought an option, they were paying for a right to buy or to sell ETH at a fixed price during a certain period. When an option contract expires worthless (without exercising by a holder), someone needs to unlock these funds using the unlock function. Exactly this function was broken in my code. I’ve published a post-mortem article and apologized for calling it a typo, not a bug.
$47,765 have been forever locked on the contracts. I’ve reimbursed 100% of the funds lost to those who have been affected by the bug in my code. It was possible thanks to a number of early contributors who have supported me in my endeavours with Hegic. I even think that many of them are fans of The Defiant. That's why I want to thank all of these people and funds who have helped me to keep the protocol alive. I’m not going to disclose their names here because we value each other’s privacy and respect our rights to build, contribute and add value to the ecosystem pseudonymously.
$47,765 have been forever locked on the contracts. I’ve reimbursed 100% of the funds lost to those who have been affected by the bug in my code.
3. After finding a bug in your code in your first version, why did you decide to relaunch Hegic without an Audit?
You can read the post-mortem article that I’ve wrote to share my thoughts about the real process of working with auditors that I’ve experienced. They can tell you that a three-days security audit will provide a good coverage even after you asked if this could even be possible and on the next day they will publicly say that it wasn’t a “real” audit. But it’s only my personal experience. Before launching v1.1 in June, I’ve finally decided to hire another audit firm and they have audited the code of v1.1.
In my personal opinion (and I’m pretty sure that 999 of 1000 people reading this part won’t agree with me), one protocol built and shipped in mainnet is worth a thousand projects whose creators are developing them for years and playing with new approaches that they find while attending different hackathons. Warning: I’m paying a high price for the mainnet-first approach of building the protocol.
One protocol built and shipped in mainnet is worth a thousand projects whose creators are developing them for years and playing with new approaches that they find while attending different hackathons. Warning: I’m paying a high price for the mainnet-first approach of building the protocol.
I also believe that people who are using all of the new DeFi protocols and products (excluding OGs like Maker, Compound, Synthetix and a few others) are ready for tasting some raw mainnet meat. I mean, thousands of people are looking for alpha in DeFi on a daily basis, tens of thousands are looking for high returns in crypto in general. The greatest opportunities are always far away from the herd’s current attention (pardon my language). Compare Ethereum-2016 to Ethereum-2020. I know one guy whose name is Olaf (and you might know him as well) who has tasted this raw Ethereum meat in 2016 and understood all the possibilities of this raw meat to be well-cooked in the future.
People who are using all of the new DeFi protocols and products (excluding OGs like Maker, Compound, Synthetix and a few others) are ready for tasting some raw mainnet meat.
4. What would you tell users who are unsure of whether to use Hegic?
Don’t use it. The risk/reward ratio of using the Hegic protocol today won’t suit many people yet. Fun fact: ETH pool liquidity providers’ returns on Hegic in June were +25.09% APY in ETH. Sounds sweet, but if you wanted these returns to appear, you had to deposit your funds on the contracts of the protocol that had just been released.
I’ve refocused my development approach from speed to quality and Hegic becomes better and better. I’ve fixed the bugs and the deployed v1.1 contracts were live in mainnet for one month. So if someone is unsure, she shouldn’t play with Hegic today. Just observe, learn and enviously monitor other people’s high returns from trading options on Hegic (just kidding).
If someone is unsure, she shouldn’t play with Hegic today. Just observe, learn and enviously monitor other people’s high returns from trading options on Hegic (just kidding).
5. How much volume and notional value does the platform have?
These are the numbers that I’ve recently published in the Hegic June 2020 Community Report:
• 220.24 ETH trading volume
• 164.82 ETH traded in call options
• 55.42 ETH traded in put options
• 40 options contracts traded
• 12 contracts are active
• 9 contracts have been exercised
• 19 contracts have expired
• $39,145 Total Value Locked
• 136.95 ETH ($31,411) TVL in ETH Pool
• $7,734 TVL in DAI pool
• 78.04% (max. 80%) DAI pool current utilization rate
• 79.66% (max. 80%) ETH pool current utilization rate
Liquidity providers’ returns in June are: +25.09% APY in ETH and +19.20% APY in DAI.
6. What are the major milestones you're working on?
The Hegic protocol already generates settlement fees (read: money). V1.1 version of the protocol has a fixed fee model: 1% of every option’s amount is accumulated and distributed among the token holders. These fees are currently distributed manually among the early contributors of Hegic who have acquired HEGIC tokens when almost nobody in the universe has ever heard about the protocol.
I’m currently working on finalizing the token mechanics design of the protocol for scaling the settlement fees distribution process as well as making it possible for practically anyone to partially own the protocol while holding HEGIC tokens. The HEGIC token holders will be able to earn settlement fees through staking their tokens on the staking contract. One more important thing is that options buyers and liquidity providers will be rewarded in HEGIC tokens for their activity in the protocol. But it’s not so easy as it seems. The HEGIC tokens distribution mechanism will be x100 better and a pretty “chad”-one, much better than what we usually see in 99 of 100 new “virgin” tokens: “hEy gUyS VCs oWn 90% of tOkEnS sO plz BuY z oThEr 10% tHaT aRe LeFt TankYoU vErY Muh!” Stay tuned and wait patiently for the HEGIC token specs to be released soon!
The HEGIC tokens distribution mechanism will be x100 better and a pretty “chad” one, much better than what we usually see in 99 of 100 new “virgin” tokens: “hEy gUyS VCs oWn 90% of tOkEnS sO plz BuY z oThEr 10% tHaT aRe LeFt TankYoU vErY Muh!”
7. In what ways are you different from Opyn?
I don’t know. I’m not following any other projects. I think that if someone builds a DeFi protocol and simultaneously tries to keep up with all the things that are happening around, she does one of the two activities wrong. One of the latest articles that one of the community members has shared with me is “A Comparison of Decentralized Options Platforms” by Ryan Tian and Nicolas Krapels. Maybe this article could be a good starting point for those people who eager to learn more about different projects that are working on building the options infrastructure in the DeFi space.
8. In what ways can options in DeFi work differently/better than options in traditional finance?
Firstly, users will become the owners. They won’t be just silently paying fees to centralized exchanges for trading options but will be earning fees together as the protocol’s token holders and participants.
Secondly, liquidity pools will be protecting the writers (sellers) of options from big losses and will be automatically and effectively diversify their capital among thousands of options contracts at once. I call it diversification by design and I’ve described this principle in the article: Build DeFirent: Three Hypotheses of Hegic Protocol or How To Improve Long-Term ROI in Options Writing.
Thirdly, these will be mobile-first products with a global outreach. No more Monday to Friday trading B.S. No more office hours. No more managers (sorry, DeFi Karen!). We will build it in our own way. We will be using it without any other party’s permission. We will scale it globally and prosper together. Vive la révolution!
P.S. Read The Decade of Financial Orgy Manifesto and start budling in DeFi today.
We will build it in our own way. We will be using it without any other party’s permission. We will scale it globally and prosper together.
Hope you’re enjoying The Defiant. If you are, spread the word!
The Defiant is a daily newsletter focusing on decentralized finance, a new financial system that’s being built on top of open blockchains. The space is evolving at breakneck speed and revolutionizing tech and money. Sign up to learn more and keep up on the latest, most interesting developments. Subscribers get full access at $10/month or $100/year, while free signups get only part of the content.
Click here to pay with DAI.There’s a limited amount of OG Memberships at 70 Dai per annual subscription ($100/yr normal price).
About the founder: I’m Camila Russo, a financial journalist writing a book on Ethereum with Harper Collins. (Pre-order The Infinite Machine here). I was previously at Bloomberg News in New York, Madrid and Buenos Aires covering markets. I’ve extensively covered crypto and finance, and now I’m diving into DeFi, the intersection of the two.