decrypt.co
After two consecutive weeks of growth, crypto markets cramped up a bit. Even as reports of liquidity troubles appear to have slowed, investors were cautious.
This week, Bitcoin-HODLing corporations Block Inc. and MicroStrategy both reported significant impairment charges on their holdings. Block is down $36 million, while MicroStrategy is down a staggering $917 million. There also were massive attacks on Solana and the token bridge project Nomad.
Reports of the Nomad exploit first appeared early Tuesday. A researcher at crypto/Web3 investment firm Paradigm called Sam Sun (Twitter handle @samczsun) inspected the situation and tweeted a lengthy play-by-play analysis of the smart contract configuration error that cost users $190 million.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022
The exploit ostensibly was easy to pull off for anyone with the know-how, resulting in a bit of a free-for-all as attackers piled in to loot the protocol. Nomad promptly offered a reward for anyone who returned the funds, and, as of Friday, had recovered $22 million.
Nomad Bridge Funds Recovery Process
Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,
Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022
‘Widespread’
Barely 24 hours after the Nomad exploit, reports started flooding in of a major Solana hack that may have drained up to $8 million.
🚨 Widespread Solana private key compromise 🚨
- attacker is stealing both native tokens (SOL) and SPL tokens (USDC)
- affecting wallets that have been inactive for >6 months
- both Phantom & Slope wallets reportedly drained pic.twitter.com/AkZXOGLD0Q— foobar (@0xfoobar) August 3, 2022
🚨🚨🚨There seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem
Here's what you can do right now to best protect yourself
1. Go to >Settings on your @phantom wallet
2. >Trusted Apps
3. >Revoke Permissions for any suspicious links💜
— Magic Ethen 🪄 (@MagicEden) August 3, 2022
Binance CEO Changpeng “CZ” Zhao offered a solution: Send your funds to his company.
There is an active security incident on Solana. Many (7000+ and counting) wallets are drained of SOL & USDC. Don't know root cause yet. Maybe permissions granted to apps. For remediation, send the funds to a cold wallet or CEX like @Binance. https://t.co/nQrBXAgCbf
— CZ 🔶 Binance (@cz_binance) August 3, 2022
Justin Barlow, an investor at Solana VC firm Solana Ventures, was one of the casualties.
For reference I haven't interacted with any contracts at all in ~40 days. My ERC-20 and SPL USDC held on both @slope_finance and @TrustWallet were drained
— Justin.sol (@JustinBarlow) August 3, 2022
A few hours into the hack, Solana reported that almost 7,800 wallets had been victimized.
Engineers are currently working with multiple security researchers and ecosystem teams to identify the root cause of the exploit, which is unknown at this time.
— Solana Status (@SolanaStatus) August 3, 2022
The team then posted a partial explanation, alleging that the exploit likely was due to stolen private key information. Solana also said affected users appeared to have been compromised through their Slope wallets.
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.
While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3
— Solana Status (@SolanaStatus) August 3, 2022
Ava Labs CEO and Founder Emin Gün Sirer shared his thoughts, including some highly technical explanations about how the private keys were accessed.
There's an ongoing attack targeting the Solana ecosystem right now. 7000+ wallets affected, and rising at 20/min. Because it's very early and the attack is ongoing, there's a lot of misinformation and speculation. So here are a few thoughts and clarifications.
— Emin Gün Sirer🔺 (@el33th4xor) August 3, 2022
Slope eventually responsed.
See below for our official statement on the breach situation (now posted to our Medium).
We empathize with everyone affected, and are doing our best to solve and rectify the situation.https://t.co/E9xrKbdLOy
— Slope (@slope_finance) August 3, 2022
Twitter user and blockchain developer @fubuloubu pointed out one of the downsides of IP.
The Solana wallet hack demonstrates why it's irresponsible not to have open source code in crypto
Researchers have been working around the clock to discover what the issue is and can't because the code is closed source
Hundreds of millions lost due to unnecessary IP protection
— señor doggo (@fubuloubu) August 3, 2022
Elsewhere
On Monday, the U.K. High Court ruled that Dr. Craig Wright, a man who claims to have invented Bitcoin, put forward false evidence as part of his latest defamation court battle against crypto podcaster Peter McCormack, who has repeatedly called Wright a liar. So McCormack was asked to pay him 1 pound ($1.21) in damages. Who says you can’t see a person grinning behind their tweet?
As some of you will now have seen, the judgement in my trial v Dr. Craig Wright has now been handed down.
I want to thank my lawyers for their diligent work on the case.
I also want to thank Mr Justice Chamberlain for this result. We are very pleased with his findings.
— Pedro ☠️ (@PeterMcCormack) August 1, 2022
In other news, eagle-eyed crypto reporter Jacqueline Melinek wants to know why Gucci will be accepting APE.
ok I’ll ask:
out of all the cryptocurrencies out there, why is Gucci accepting ApeCoin? https://t.co/LqC902fprU
— Jacquelyn Melinek (@jacqmelinek) August 2, 2022
Crypto fan Hsaka (@HsakaTrades) on Thursday point out how even extremely successful investors like Cathie Wood make mistakes. Pretty big ones, too: Looks like she sold the dip on Coinbase shares. Big time.
Oof, that's dirty.$COIN pic.twitter.com/cM1F9TpbuK
— Hsaka (@HsakaTrades) August 4, 2022
And no matter how you feel about crypto, there’s something odd about a Virginia pension fund investing in “yield farming” ... now. Is it not a little too soon after Terra and Celsius collapsed? Twitter finance analyst Sean Tuffy smells something fishy.
Welp, this is horrifying https://t.co/C3b66IlZkF pic.twitter.com/WnoJ5tr5iG
— Sean Tuffy (@SMTuffy) August 4, 2022
Arguably the week’s biggest story, MicroStrategy announced that Bitcoin-loving CEO Michael Saylor would be stepping down after 33 years on the job, moving into a new role as executive chairman. Phong Le, the company’s president, is set to fill Saylor’s shoes on Monday. Saylor is set to focus even more on Bitcoin.
In my next job, I intend to focus more on #Bitcoin.
— Michael Saylor⚡️ (@saylor) August 3, 2022
A popular blockchain sleuth believes that powerful forces are plotting to FUD Binance.
I'm 90% certain people are being paid big bucks to FUD Binance in the mediahttps://t.co/2fNHrreaxi
— FatMan (@FatManTerra) August 1, 2022
And finally, entrepreneur Liron Shapira tweeted a fascinating thread accusing blockchain game Axie Infinity of being “a blatant ponzi.”
.@a16z, @Accel and @paradigm looked directly at a blatant Ponzi scheme, Axie Infinity.
They called it “play-to-earn” and invested $311M into its parent company.
Then it collapsed.
How Web3 VCs stumbled into funding a Ponzi. 🧵
— Liron Shapira (@liron) August 3, 2022
The CEO of the studio behind Axie moving millions of dollars in tokens before disclosing a massive hack probably didn’t help matters.