RollCall by Rollfi
Posts
Ronin Hack, DeFi Regulations, & more reads

Ronin Hack, DeFi Regulations, & more reads

Logan Cloak
April 01, 2022

GM, and welcome to RollCall by Rollfi!

The top stories from the week in 10 minutes or less.

Ronin Hack

As you've probably heard by now, the Ronin sidechain was hacked for over $600M (173.6k ETH and 25.5M USDC) last week but was not discovered until earlier this week. But what exactly happened?

Well, Ronin is a sidechain of Ethereum, meaning it runs parallel and independently of the Ethereum Mainnet but it is Ethereum. And to transfer crypto from the mainnet to a sidechain, you need to use a bridge. This particular sidechain was created by Sky Mavis, the developer of a popular NFT based play-to-earn game Axie Infinity, and the Ronin blockchain is used as the network for which the native tokens of the game are stored.

The purpose of creating a sidechain for a game like Axie Infinity is to create a secure, fast, native blockchain for the game ecosystem. Generally, these sidechains have lower transaction fees than the Ethereum mainnet and have a different consensus mechanism to validate transactions.

A problem here is that sidechains generally have a lot fewer validators than the mainnet, and are thus susceptible to a 51% attack. The Ethereum 2.0 network already has over 300,000 validators (which requires 32ETH or over $100k) with much more incoming, making a 51% attack nearly impossible.

Sidechain pros & cons as outlined here:

However, the Ronin sidechain only had 9 validators, requiring only 5 validator keys to validate illicit transactions. And that's exactly what happened.

In a newsletter post, the team wrote "The validator key scheme is set up to be decentralized so that it limits an attack vector such as this, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator."

Remote Procedure Call (RPC) nodes are a way for decentralized apps to communicate with the blockchain that they run on. And the attacker was able to gain the IP address of the Axie DAO validator once it gained access to the node. With 5 validator keys, the attacker drained the bridge of all funds that were in the process of being transferred to the Ronin network.

Now, the funds are sitting in a few different wallets and exchanges and the attacker has to be very careful because if the funds are cashed out they could be found, as many agencies and companies are currently tracking the main wallet. You can see the wallet here.

Over the past year, Axie Infinity became increasingly popular, generating hundreds of millions in revenue last summer alone and pulling in players from around the globe as a way to earn money while you play. If anyone can survive an attack like this, hopefully, it's this community that has proven an amazing use case for blockchain tech in gaming.

Crypto Regulations Miss the Mark

Over the past week, the European Parliament and the U.S. Securities and Exchange Commission have proposed (and in the EP's case voted) on new regulations in the crypto space.

The European Parliament voted yesterday to outlaw anonymous crypto transactions. This would require exchanges to gather information on every party that sends funds from a self-hosted wallet to a hosted wallet, regardless of the amount. This pulls crypto under the Transfer of Funds Regulations (TFR) but without a 1,000 Euro floor. Brian Armstrong, CEO of Coinbase, shared his thoughts on the matter before the vote:

1/ On 31 March, the EU Parliament will vote on its proposal for a new crypto surveillance regime. The proposal is anti-innovation, anti-privacy, and anti-law enforcement. Make your voice heard and contact your member here:
— Brian Armstrong - barmstrong.eth (@brian_armstrong)
Mar 30, 2022

In the US, the SEC was busy at work this week executing what some are calling a 'shadow attack' on the DeFi ecosystem. First, the SEC released this report, proposing to expand the definition of an exchange. The language seemed intentionally vague as the DeFi Education Fund outlined in their thread:

3/ In a nutshell, the proposed rule would potentially require any org/association/group of ppl that “makes available” a “communication protocol system” (CPS) to comply w/ financial regs designed for exchanges like NYSE if a CPS allows ppl to interact & agree to terms of a trade.
— DeFi Education Fund (@fund_defi)
Mar 30, 2022

Then, the SEC proposed new accounting guidelines for entities that have obligations to safeguard crypto assets. What this means is that crypto exchanges that host user's crypto-assets would be required to list those as both assets and liabilities on their balance sheets and disclose risks associated with those crypto-assets including legal and regulatory risk.

Push back on these guidelines, specifically from Hester Pierce, a Commissioner at the SEC, points out that the bulletin "does not acknowledge the Commission’s own role in creating the legal and regulatory risks that justify this accounting treatment." Pierce also stated that the guidelines are "Yet another manifestation of the Securities and Exchange Commission’s scattershot and inefficient approach to crypto."

What's clear is that the governments across the world are beginning to take action in how they regulate crypto markets, and they are seemingly not off to a great start. Whether the regulations will continue to stifle innovation or incentivize it, is yet to be fully seen.

What we read this week:

The crypto/web3 space is vast and expanding quickly. It can be hard to sort through it all but there are some contributors putting out some really great work. Here are the best things we've read this week across the web3 universe. Heavy on the DAOs this week.

Daren Matsuoka at Andreessen Horowitz wrote this piece on decisions that effect the performance of NFT projects
This piece on ways to onboard the next 1 billion people in web3.
Packy McCormick shares his thoughts on the state of markets today and why there's alpha in always being greedy.

Glossary

We're confused to. We're here to help decode the wild world of web3.

sidechain - "A sidechain is a separate blockchain which runs in parallel to Ethereum Mainnet and operates independently" (More here.)
mainnet - "Short for "main network," this is the main public Ethereum blockchain. Real ETH, real value, and real consequences. Also known as layer 1 when discussing layer 2 scaling solutions" (More here.)
consensus mechanism -"a fault-tolerant mechanism that is used in computer and blockchain systems to achieve the necessary agreement on a single data value or a single state of the network among distributed processes or multi-agent systems, such as with cryptocurrencies" (More here.)
Ethereum 2.0 - An upgraded version of the Ethereum blockchain going live later this year, switching to a proof-of-stake (PoS) consensus mechanism. (More here.)

At Rollfi, we're building the payroll & HR platform for the modern workforce. Give your employees the power to choose exactly how and where they want to get paid.

We'll keep you updated on our progress as we continue to build. In the meantime, if you haven't already, sign up for early access to our crypto enabled payroll platform at the link below.

Enjoying the newsletter? Hate it? Let us know what you think on Twitter!

Disclaimer: Rollfi Inc does not guarantee and is in no way responsible for the accuracy of information provided in this message. All information is provided “AS IS” and with all faults. Data presented here may not reflect all activity in the market.