- RollCall by Rollfi
- Posts
- Insecurity
GM, and welcome to RollCall by Rollfi!
Get caught up from the past week in 10 minutes or less:
More hacks ๐ฅ๏ธ
Weekly Highlight ๐
Other stories from the week ๐ฐ
INSECURITY
While blockchain technology is very secure, there are still weak points in the crypto ecosystem that can be exploited.
Over the past week, two major hacks have taken place in the crypto world.
Nomad
A blockchain bridge called Nomad was exploited for ~$190M earlier this week by what some are referring to as the first 'decentralized hack'. In reality though, Nomad was not exactly hacked.
If you're unfamiliar with blockchain bridges you're not alone. Bridges allow users to port their assets over from one blockchain to another. If users want to port their BTC holdings to the Ethereum network, a smart contract locks the BTC holdings as collateral and provides the equivalent dollar value of your BTC holdings in an ETH-compatible token on the Ethereum network, like wBTC.
However, the hack (or exploit) happened because of a bug in Nomad's code. Nomad's smart contract code allowed users to withdraw much more in assets than they had deposited in the smart contract. And once users realized this issue in the smart contract, several users jumped on the opportunity to drain the bridge for all of the assets it held in collateral.
Now, Nomad is offering those who exploited the bridge to keep 10% of their funds if they return 90% in an effort to restore customer assets:
Update: Nomad Bridge Hack Bounty
(see below for details)
Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154
โ Nomad (โคญโ๐) (@nomadxyz_)
8:45 PM โข Aug 4, 2022
For the technical folks, you can read an in-depth explanation on what happened from @samczun - a researcher at the popular crypto VC firm Paradigm.
Solana Wallets
Approximately 8,000 Solana wallets were drained this week to the tune of at least $5M.
Details around how the hack happened are still hazy several days later. Initially, Solana co-founder Anatoly Yakovenko suggested the attack could have come from up the iOS supply chain, but Android users were drained as well.
Then, on Wednesday, after coordinated efforts from around the ecosystem, Solana put out a statement on their investigation that they believe the hack originated from Slope mobile wallet applications, meaning that private keys were not stored securely enough and hackers were able to access them to create illegitimate transactions.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2
โ Solana Status (@SolanaStatus)
8:05 PM โข Aug 3, 2022
The good news is that the issue did not stem from the Solana protocol and the blockchain is still secure.
These instances do prove, however, that there are still many weak points in the crypto ecosystem where users can be exploited. And while crypto is still so early in its evolution, it is important for users to understand their risks, especially when it comes to wallets and private key storage.
WEEKLY HIGHLIGHT
Sometimes it's hard to pick just one, so this week, we'll just leave you with a dose of optimism.
While many go back and forth on whether we're in a recession or not, startups in web3 continue to build with their heads down. Each week, TechCrunch releases a list of startups in the crypto space that have raised money. And just this last week (in a down market no less) web3 startups have raised over $100M to build things like crypto development infrastructure, credit protocols, and much more. Investors include the likes of a16z, Amex Ventures, and many other prestigious firms.
MORE STUFF FROM THE WEEK
Famous Bitcoin maximalist Michael Saylor is stepping down as CEO of MicroStrategy and into a chairman role to focus solely on acquiring more bitcoin. The company has bought almost 130k BTC in the last 2 years.
Robinhood announced that it will be laying off 23% of its staff (about 700 employees).
11 people were charged in an alleged $300M crypto Ponzi scheme for the platform Forsage.
The world's largest asset manager, BlackRock, is teaming up with Coinbase to provide institutional crypto management and custody to BlackRock's clients.
GLOSSARY
We're confused too. We're here to help decrypt the crazy world of crypto.
Blockchain bridge - a protocol connecting two blockchains to enable interactions between them (Binance)
wBTC - an Ethereum based token that represents Bitcoin and can be swapped on a 1:1 basis for Bitcoin (Decrypt)
smart contract - A smart contract is a self-executing contract with the terms of the agreement between buyer and seller being directly written into lines of code (Investopedia)
private keys -like a password - a string of letters and numbers that allows you to access and manage your crypto funds (Coinbase)
At Rollfi, we're building the payroll & HR platform for the modern workforce.
Our platform can enable your business to seamlessly pay your teams in both cash & crypto. And your company doesn't need to have any crypto to make it happen.
Want to see the platform in action? Click the link below to book a live demo with our founding team. We're super excited to share what we've built and get feedback on how we can improve the customer experience.