Summary

• Largest ever hack gave Ethena the chance to demonstrate the benefits of off-exchange custody solutions and validated USDe’s design decisions.

• Ethena holds zero dollar value of the USDe backing assets directly on exchanges, and was able to fully realize $30m of unrealized profit associated with open Bybit positions to minimize counterparty risk within 90 minutes. The realized profit was then settled without issue in the next Copper ClearLoop settlement cycle.

• Unrealized profit is periodically realized and settled to reduce the risk of exceeding the reserve fund at any given point in time.

• Ethena immediately increased the liquidity buffer of the USDe mint and redeem smart contract from $30m to $250m to seamlessly satisfy over $100m of redemptions in an hour immediately following the Bybit hack.

• Ethena’s efforts to improve liquidity resulted in USDe’s onchain price reacting only momentarily to the Bybit hack before bouncing back to near peg within minutes.

• Transparency and clear communication were Ethena’s top priorities in the immediate aftermath, which supplemented the excellent communication from Bybit.

Historic Stress Test

As the dust settles on the largest hack in crypto history, we wanted to provide an in-depth breakdown of how the protocol handled what many thought would be a “worst case scenario” event.

Since Ethena’s inception, one of the most prevalent questions from the industry was whether Ethena had direct exposure to an exchange insolvency and how it would handle a negative idiosyncratic event on any one exchange.

While it was an extremely unfortunate event for Bybit, its users, and the industry as a whole, the hack gave Ethena the chance to demonstrate the benefits of USDe’s design in real time.

First and foremost, Ethena would like to echo the industry sentiment that Bybit handled the aftermath of the hack with exceptional professionalism. Everything from communication to their operational processes handling withdrawals was commendable. Bybit proved itself to be one of the industry’s best when it comes to crisis management.

In terms of impact on the industry, the dollar amount lost from the Bybit hack was over double the second largest crypto hack, and some believe it to be the largest financial hack of all time, inside or outside of crypto.

Looking at 24hr inflows/outflows on exchanges after the incident, Bybit outflows surpassed $4bn, with withdrawals remaining generally available for most of the aftermath. Binance saw over $1bn of inflows.

None of the backing assets of USDe are or were held by Bybit directly as Ethena utilises institutional-grade off-exchange custodial solutions - in this case, Copper ClearLoop to access Bybit.

As a result of USDe’s backing assets residing off-exchange, Ethena was able to react immediately by undelegating and delegating assets between exchanges to support the margining of rolled positions, enabling Ethena to migrate a portion of its hedging positions from Bybit to other venues, without delay, further reducing potential counterparty risk.

Off Exchange Settlement

To access centralized exchange liquidity to delta hedge the backing assets, Ethena delegates spot backing assets as margin to exchanges.

Rather than depositing those spot assets with an exchange directly, Ethena holds all backing assets with "Off-Exchange Settlement" (OES) solutions. These providers custody deposited assets and enable Ethena to receive equal margin value on exchanges without the assets ever being transferred to the exchanges themselves unless settling realized PnL or spot trades.

Counterparty exposure to centralized exchanges are limited to unrealized profits, not covered by the collateral exchanges custody with OES providers, as well as unsettled realized PnL or spot trades. Unrealized profit is periodically realized and settled to reduce the risk of exceeding the reserve fund at any given point in time.

Exchanges are comfortable with this arrangement because (a) the solutions contractually and technologically “lock” the delegated assets such that they are available for settlement and cannot be rehypothecated or used elsewhere for any purpose, and (b) user deposits on exchanges remain the property of the user in all events, whether held by the exchange or not.

The solutions provide added benefits to users, namely that the assets remain fully segregated from other exchange users’ assets and are never in the exclusive control of the exchange, reducing counterparty risk. Beneficial title over the backing assets is never transferred to the exchange, except for settlements of realized losses on the hedging positions and the asset used for spot trades.

In the event of an exchange failure or other event of default (as determined by Ethena and the custodian), Ethena is able to undelegate assets from that exchange and delegate to another exchange to support hedging requirements.

Benefits of Off Exchange Settlement

OES providers provide unique benefits critical to many aspects of the user experience:

1. Ethena mitigates the risks of CeFi Exchange failure.

Accessing Bybit via Copper ClearLoop means settlement cycles occur every two hours, 24/7/365. Realized PnL and spot trades are settled at this cadence, greatly reducing the potential counterparty exposure even in extreme events. This enables Ethena to enjoy the benefits of CeFi liquidity with only a potentially small amount of backing assets at risk.

2. Ethena controls the "deposits" and "withdrawals" of funds.

Each CeFi Exchange has varying deposit and withdrawal processes and speeds of operation. This can leave users waiting hours or even days to withdraw their assets.

OES providers enable Ethena to delegate & undelegate assets to margin derivatives positions without waiting for an onchain transaction or being subject to the exchange’s standard withdrawal process. Delegation/undelegation operations typically take seconds and are at no cost to the protocol.

Ethena was able to freely undelegate assets as the incident was unfolding without delay in large size. This enabled Ethena to react immediately & retain complete flexibility in the management of risks.

How Ethena Handled a Centralized Exchange Hack

1. Ethena’s largest redemption event yet

As panic around the Bybit hack began materialising, users redeemed USDe at an unprecedented pace, with the protocol handling over $120m in redemptions in just a few hours - representing Ethena’s largest ever redemption event for a single whole day, surpassing the largest liquidation event ever in crypto just a couple of weeks ago. In the aftermath of the Bybit hack, USDe’s peg remained strong, dipping very briefly on secondary markets onchain before returning close to one dollar within the hour.

One of the most liquid USDe pools, USDe-USDC on Curve, had a relatively muted reaction to the Bybit hack, with a max discount of less than 50bps during the incident.

The largest discount was seen on the Bybit USDe/USDT market. Onchain liquidity was more resilient and the USDe Bybit price appeared to be mostly impacted by a single trade through event as well as reduced market maker liquidity on Bybit, alongside user concern regarding the solvency of Bybit rather than concerns specific to USDe.

Meanwhile, whitelisted users were still able to redeem USDe directly with Ethena throughout the entire incident without delay.

2. Redemption buffer

One of the key mechanisms unique to Ethena, intended to facilitate immediate redemptions in size, is the liquid stables buffer held in the mint redeem contract. For context, the mint and redeem contract usually is automatically replenished to a balance of approximately $30m (in USDC and/or USDT) in ordinary circumstances anytime it falls below $29m of asset value.

A top priority for Ethena during the Bybit incident was ensuring that redemptions could be satisfied in an orderly manner, supporting USDe’s peg on secondary markets and ensuring user confidence in the protocol.

As redemptions picked up, Ethena adjusted the mint redeem contract to hold over $250m in USDC and USDT within one hour after the Bybit incident was confirmed - enabling the protocol to process over $100m of redemptions without delay. Ethena additionally held $1.8B+ of liquid stablecoins that stood ready to replenish the mint redeem contract, if necessary. This was instrumental in supporting orderly secondary markets while the market digested the hack.

3. Realizing Bybit PNL

In between settlement periods, Ethena often builds up unrealized PNL that it either owes the exchange (when the short perpetual futures positions are unprofitable) or the exchange owes Ethena (when the short positions are profitable). When the market crashes, Ethena is owed by these exchanges and aims to realize these profits in a timely manner. As noted above, realizing profits and the recurrent settlement cycle avoids incurring excessive counterparty risk to the exchanges.

After the Bybit hack was confirmed, Ethena prioritized realizing the $30m unrealized profit pursuant to its open futures positions with Bybit as a result of the short hedging positions being profitable. Within 90 minutes, Ethena had fully realized the $30m profit, which was settled without issue during the following Copper ClearLoop settlement cycle - thereby reducing immediate counterparty exposure.

It is worth noting that if Bybit had become insolvent due to the hack - putting the $30m unrealized profit at risk - the potential loss of $30m was less than the Reserve Fund, which sits at $60m presently. As a result, even if the hack had been an insolvency-level event for Bybit, USDe’s backing would remain whole, and under the ClearLoop arrangement Ethena would have been able to undelegate spot assets and reallocate to other exchanges.

After Ethena realized the Bybit PNL, all unrealized hedging positions backing USDe were at a loss - meaning the protocol had no counterparty exposure if a default event were to then occur.

In general, Ethena’s short positions tend to run at a loss, by nature of the market uptrend since Ethena’s launch. While unrealized PNL was owed by Bybit to Ethena in this instance, generally the broader unrealized PNL tends to be Ethena owing the exchanges.

4. Moving hedging positions off Bybit

Before the Bybit hack, Ethena had approximately 21% of the assets backing USDe hedged on Bybit, equalling $1.2bn notional of positions.

At the time of publishing this blog, that figure has been reduced to 15% of the backing hedged on Bybit, or approximately $800m of notional position value. The execution was completed using Ethena’s automated trading system.

Utilizing the off-exchange custodial solutions, Ethena can delegate and undelegate positions across all the major exchanges in short notice, at large size. This allowed for efficient and immediate reallocation away from Bybit during the period of peak stress.

The majority of Ethena’s rolled Bybit positions were shifted to Binance, with the balance of closed derivatives positions & spot sold for liquid stables to satisfy redemptions.

Public Communication

It was immediately obvious to the Ethena team that communication with the public would be a top priority during the Bybit hack.

Ethena aimed to keep the public updated during the incident in the below timeline of events:

• Confirmed Ethena were reacting to the Bybit incident, that not a single dollar of spot backing value is held on any exchange (including Bybit), and confirming the exact amount of immediate exposure Ethena had to Bybit by way of unrealized PNL: $30m.

• Updated that $30m exposure reduced to $10m. $2bn of liquid stables in backing to satisfy redemptions.

• Confirmed unrealized PNL exposure to Bybit reduced to zero.

• Copper publicly confirms settlement of all ClearLoop users’ realized PnL

In tandem with Bybit’s excellent crisis management with regards to public communications, the industry demonstrated a commitment to transparency in the face of adversity.

In a matter of two weeks we saw the largest market-wide single liquidation event followed shortly thereafter by a major centralized exchange issue - both of which were cited as significant risks to USDe.

Ethena emerged from both events having experienced zero issues with the backing or redemptions and hope to use these stress tests to build trust with our users while continually assessing the protocol architecture in the context of various risks.

We would like to specifically thank Bybit and Copper for their co-operation and excellent communication throughout the incident.