#16 The Wild Wild Web 3.0
It's the new frontier and Will Smith can't save you from the baddies.
The Only Value Investing Crypto Newsletter | 100% hype free
DeFi - The Lawless Frontier
Like the western United States in the 1800s, DeFi is a wide open space containing little to no law enforcement. The only difference is your life isn’t on the line - now it’s just all of your deposited money.
With cryptographic encryption every transaction on the blockchain is irreversible. Just like in the western movies when the bank tellers stand helplessly and hand over the funds to the robbers. The DeFi users check their balances only to see $0. Then they wait helplessly for a white hat hacker to tell them how they were robbed.
Over $600 million was stolen Tuesday August 10th, in one of the largest crypto thefts ever. No, this is not Polygon Network. The one that we have mentioned, which you can get exposure to through the MATIC token. Okay - so what is it?
PolyNetwork is a Chinese interoperability protocol that describes itself as
Realizing blockchain interoperability, building the next generation internet
Next Generation Internet (check)
Like all new protocols promising blockchain interoperability they have posted on their website an infographic showing PolyNetwork at the center solving all the problems.
It all sounds great! It also sounds a lot like rhetoric that many new projects use to describe themselves. They put themselves in the center of this new universe and promise to connect all the various blockchains popping up left and right. But oh yeah, what about that “Security Protocol” promise?
Who Done It
The who done it is always hard at first in crypto because every user is hidden behind private key encryption. However, all the transactions on the blockchain are visible. Just like in a modern crime drama series the crooks leave behind small clues and a cleaver detective can put the pieces together.
The security firm Slowmist has analyzed the attack and found that the interoperability protocol was attacked on Ethereum, Polygon and Binance Smart Chain. The crypto wallets of the attacker were identified and a call was put out to freeze the funds where possible.
Tether is a cryptocurrency that runs on top of other blockchains. It is a centralized protocol so the company issuing Tether has some controls of the funds. Because of the visibility on the blockchain, the company was able to freeze the Tether stolen by the hacker. Though this was only a small portion of the stolen funds.
Tether froze approximately $33 million in relation to the hack, Tether CTO Paolo Ardoino tweeted.
Update 08/12/2021 3:30 EST Tether’s Response to Freezing the Funds
While the Tether was frozen some of the other types of cryptos stolen have been moved into a yield farming protocol Ellipsis Finance.
Meanwhile, close to $100 million has been moved out of the Binance Smart Chain address in the past 30 minutes and deposited into liquidity pool Ellipsis Finance.
Because the blockchain allows for visibility many exchanges have blacklisted the funds from being traded. Curve.fi rejected a transaction from the hackers to deposit the funds into their liquidity pools.
At the time of writing it is still uncertain exactly how the hack was executed. However, the Blocksec team offers two possible explanations for how the attackers got access to the funds.
Based on these two observations, we suspect that
The attacker may have the legitimate keys to sign the messages, which indicate the signing keys may have been leaked.
2. There is a bug in the signing process of the PolyNetwork that has been abused to sign a crafted message.
Wanted Dead Or Alive
What recourse if any is there for the investors’ funds? CZ, the CEO of Binance, one of the world’s largest crypto exchanges, has said that they are doing everything they can to help recover the funds.
Poly Network @PolyNetwork2Important Notice: We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses: ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
In the spirit of the new lawless web 3.0 PolyNetwork has pleaded with the thieves for the return on the funds.
BREAKING; As of 8am EST, PolyNetwork’s plea to the hacker appears to be working somewhat. $4.7mm have been sent by the hacker back to PolyNetwork.
Update : 8/11/2021 10:56 AM EST
The New Cowboys
When you use a DeFi protocol that was created only a few months ago you are taking a big risk. Think about all the times you installed some software only for it to fail shortly after installation. Having to turn it off and on again. Bitcoin is revolutionary in that it has worked for over a decade with 24/7 network uptime and no failures. Ethereum does a pretty good job as well, but smart contracts allow any one to create programs that run on the Ethereum network. These programs are not the bullet proof blockchains backing the Bitcoin and Ethereum networks they are more similar to the software you are used to using like games and web browsers. You know - things that fail a lot.
It’s not impossible that they can eventually become secure. You’ve noticed that over time Operating Systems crash less, web browsers are more reliable, video conferences are getting smoother. But the way to better software is product testing.
The minds behind the many DeFi protocols have built a gaming layer on top of their products. Knowing that a new protocol could contain unforeseen bugs that could result in the total lose of all investor funds, creators offer huge APYs to bring in risk takers seeking high rewards. Often these rewards must be manually harvested through a button press to interact with a smart contract. This in effect is a gaming layer to attract product testers willing to risk it all to harden the security of these smart contracts.
DeFi users are the new cowboys of the wild wild web 3.0 . Driving forward into the new frontier hoping for fortune and willing to risk it all.
Please share with any crypto junkies or crypto noobs you think would enjoy our content:
Don’t forget to press the like button and leave any comments or questions you have.