Vampire attacks pose a significant risk for crypto protocols. Initially, only DeFi protocols were vulnerable but as crypto sectors have matured, other sectors like NFT trading and Liquid Staking Derivative protocols are also at risk. This raises a critical question:

How can we design a protocol that stands strong against the onslaught of a vampire attack?

In this article, we're diving deep into the intricacies of designing a protocol that can resist the bloodthirsty lure of a vampire attack

Let’s Start with the Definition

A vampire attack is when a new protocol tries to drain liquidity, users, and/or volume from an existing protocol by offering better incentives or rewards. This can "suck the life" out of the original protocol if enough liquidity or users migrates over.

The Risks of Vampire Attacks

Vampire attacks can have several detrimental effects on a protocol:

• Reduce trading volume and fees earned by network participants by draining liquidity from the pools.

• Reduce network effects by stealing users away from the protocol.

• Cause the attacked protocol to collapse entirely if the attack is successful enough

This presents a major risk, especially for new or smaller protocols that can't compete with the incentives or network effects offered by larger attackers.

Sushiswap's Vampire Attack on Uniswap

In August 2020, an anonymous developer named Chef Nomi created a fork of Uniswap called Sushiswap. Sushiswap was nearly identical to Uniswap, except it introduced a new token called SUSHI.

Sushiswap executed a "vampire attack" on Uniswap in an attempt to siphon liquidity. Here is how it worked:

• Sushiswap offered high rewards in SUSHI tokens to liquidity providers who supplied liquidity to Sushiswap pools. The rewards were originally 1000 SUSHI per block, worth over ~1000% APR.

• To earn SUSHI rewards, users had to deposit Uniswap LP tokens into Sushiswap staking contracts. This allowed Sushiswap to attract Uniswap's liquidity.

• After 2 weeks of rewards, Sushiswap planned to migrate the staked Uniswap LP tokens into Sushiswap liquidity pools. This would drain Uniswap's liquidity into Sushiswap pools.

The attack was highly successful:

• Uniswap's total value locked (TVL) increased from $300 million to $1.8 billion as users deposited assets into Uniswap to earn SUSHI rewards.

• When Sushiswap migrated liquidity, it drained $800 million, over 50% of Uniswap's funds.

Impact on DeFi

The Sushiswap vampire attack showed that:

• Open source protocols like Uniswap can easily be forked and attacked. This pressures protocols to properly incentivize their communities.

• Liquidity is essential and can be attracted through proper incentives

• Trust and community support are still important. When Chef Nomi cashed out, Sushiswap lost trust. But Uniswap maintained its community.

Looking back, Uniswap has the community mindshare and the first mover advantage is the primary reason why they are so resilient against vampire attacks. This put pressure on them to launch their own token and eventually win back the community. It quickly rebounded and regained its place as the top DEX.

Other Historical Attacks

Some other major vampire attacks include:

LooksRare on OpenSea in 2022 - LooksRare offered rewards for moving NFTs from OpenSea, draining over 50% of OpenSea's volume.

Forking of lending platforms like Compound and Aave - Projects like Cream Finance offered higher lending rates to siphon liquidity from competitors.

Blur on OpenSea - Blur vampire attack Opensea by promising users an airdrop while also offering competitive pricing structures like 0% fees and bypassing creator royalty payments.

Mitigating Vampire Attacks in DeFi

Protocols are vulnerable to "vampire attacks" where competitors siphon users and liquidity by offering superior incentives. However, protocols can employ various strategies to defend against these parasitic threats, let’s break this briefly then go to case studies:

Fostering a Symbiotic Ecosystem

• Build an ecosystem of collaborative protocols and applications that work together seamlessly.

• Make the protocol composable with others through open standards and interfaces.

• Design the protocol with high switching cost in mind, this will keep developers and users sticky.

• Protocols integrated into a symbiotic ecosystem are harder to attack without impacting others.

Engaging a Loyal Community

• Cultivate a dedicated community of power users, developers, and advocates.

• Increase the social costs for competitors of executing an attack.

• An engaged community can help defend the protocol on social channels.

• Native governance tokens align incentives and give users a voice.

Continuously Innovating

• Regularly add new features and upgrades to stay ahead of copycats.

• Stagnant protocols are vulnerable to competitors replicating and improving upon them.

• Ongoing innovation raises the bar for competitors to keep up.

Case study: Lido's Impenetrable Fortress

Diva, the latest decentralized staking protocol, recently launched a vampire attack against the dominant staking protocol Lido. Diva tried to siphon away Lido's staked Ether by rewarding stakers with $DIVA tokens for depositing stETH or ETH into Diva.

However, Diva's fangs barely left a scratch on Lido's colossal staking fortress. Lido's total stake in ETH stands at a staggering $13 billion. In comparison, Diva's attack only managed to attract $22 million - less than 0.2% of Lido's funds.

The question then arises: Is Lido impenetrable, or was the scale of the Diva attack simply not substantial enough to make a dent?

Yes, it is true that Diva only allows 100,000 ETH to be deposited for their alpha, it is somewhat too early to tell whether the attack will be successful after they are fully launched. But with the current attack where it took Diva 2 weeks to fill out the deposit, which took them a bit longer to fill up indicating weak market appetite.

On the other side of that, Diva has committed to maintaining its stake within 22% of the total ETH deposited on the beacon chain. This will be an interesting move to lure whales who believe in Ethereum alignment spirit to move their stakes to Diva.

In the end Lido's stETH is a ubiquitous cornerstone of the DeFi ecosystem. Adding that fact that it’s used in different DeFi protocols, the execution cost of a vampire attacking Lido increases exponentially.

To address centralization concerns, Lido is implementing dual governance, allowing both Lido DAO tokens (LDO) and Lido staked ether (stETH) holders to participate in protocol governance, ensuring transparency and representation of the entire user base. Additionally, Lido is expanding its validator set, recently onboarding seven new node operators to diversify control.

Clearly, Lido has constructed an impenetrable moat around its ecosystem. Lido boasts all the optimal defenses against vampire attacks that we outlined earlier:

• Lido is deeply integrated in DeFi as the go-to liquid staking solution, creating symbiotic relationships across protocols. Extracting funds from Lido would reverberate across DeFi.

• Lido has a highly loyal community of ETH whales and staking enthusiasts willing to defend it against upstarts. Diva underestimated the solidarity of Lido's user base.

• Lido benefits the most from first mover advantage and constantly innovating to preserve their moat.

Afterthought

In summary, vampire attacks present a dangerous threat that can drain protocols of liquidity and users if left undefended. As we've seen, even large, established protocols like Uniswap can be impacted by parasitic upstarts like Sushiswap offering superior incentives.

However, protocols can employ effective strategies to inoculate themselves. The key principles that emerge are:

• Build a symbiotic ecosystem with collaborative bridges to other protocols to increase the costs of attack.

• Engage a loyal community aligned through governance tokens, as tight-knit users can defend against threats.

• Continuously innovate with new features so competitors must constantly catch up.

Case studies like Lido show that combining these strategies can render even large vampire attacks ineffective. Lido's dominant position, integration across DeFi, and loyal user base absorbed Diva's attack without flinching.

For protocol designers, the lessons are clear - build symbiotic relationships, incentivize your community, and relentlessly improve. Adopting these principles early can prevent vampires from ever threatening your protocol's thriving pulse. While new attacks will arise, forewarned designers can craft resilient cryptosystems to stand the test of time.

Thanks to Vajresh Balaji of @fantasticday for the incredible feedback :))