August 10 2022       /       Unchained Daily       /       Laura Shin

Daily Bits✍️✍️✍️

  • Shares of Coinbase fell 5% as the company reported a $1.1 billion loss in Q2.
  • Crypto exchange CoinFlex filed for restructuring after freezing withdrawals in June.
  • Celsius CEO Alex Mashinsky took profits after a surge in the CEL token price.
  • Coinbase was sued by a shareholder for allegedly mismanaging its public listing.
  • Bank of England researchers warned about the systemic risks posed by the increased use of the metaverse.
  • Circle announced it will solely support the Ethereum Proof of Stake chain post-Merge.
  • An anonymous user is sending small amounts of ETH to celebrities from a Tornado Cash wallet.
  • Vitalik Buterin confirmed having used Tornado Cash for donating purposes.
  • German fintech firm Nuri filed for insolvency mentioning the Terra/Luna collapse and Celsius as some of the reasons.
  • Solana’s NFT Marketplace Magic Eden submitted a proposal in ApeDAO to build a marketplace for APE token holders.
  • Layer 1 blockchain Fantom is undergoing a governance proposal to reduce staking rewards.
  • Infura and Alchemy blacklisted Tornado Cash after the sanctions imposed by the US Treasury.

Today in Crypto Adoption…

  • FTX partnered with Reddit to roll out tokenized community points.
  • Mercado Libre, the Amazon of Latin America, will expand crypto trading further in the region after a successful launch in Brazil.
  • The Reserve Bank of Australia is exploring CBDC use cases.

The $$$ Corner…

  • a16z and Initialized Capital led a $20 million funding round for CreatorDAO.
  • NFT distribution platform Pinata raised $18 million in a series A funding round.
  • Blockchain developer RISC Zero garnered $12 million in funding led by Bain Capital.
  • Lysto, a gaming blockchain startup, closed a $12 million pre-series A funding round.
  • Crypto analytics platform Messari is raising funds at a $300 million valuation.

What Do You Meme?

What’s Poppin’?

Curve Finance Gets Attacked

by Juan Aranovich

 

DeFi protocol Curve Finance suffered a DNS attack in which more than $500,000 was stolen, according to ZachXBT.

Curve, a decentralized exchange for stablecoins, is one of the most important DeFi applications in crypto, as it is the 5th largest protocol by TVL, according to Defi Llama.

How did it happen? The Domain Name Service (DNS) got hijacked. A DNS basically translates a domain (like unchainedpodcast.com) to an IP address that can be understood by a computer (unreadable numbers for humans). The hackers were able to modify the IP address translated by the DNS for curve.fi.

It was Sam Sun, researcher at Paradigm, who raised the alarms. “Curve’s frontend is compromised, do not use it until further notice!” he warned on Twitter. People who were not aware of the DNS hack were using Curve, unaware that they were approving transactions that led to their funds being stolen.

The team in Curve put the blame on iwantmyname, a DNS management company. “Dear @iwantmyname, looks like something is compromised on your side. Please do something,” wrote Curve.

Only one hour later, Curve announced that the issue had been found and reverted. They recommended revoking any contracts approved on Curve in the previous hours and using curve.exchange instead of curve.fi for the time being.

Someone discovered that the hacker immediately swapped the stolen USDC for ETH, most likely so as not to be blacklisted by Circle before it was noticed.

Antaoly Yakovenko, cofounder of Solana, joked about the situation. “Media is gonna report this as a Solana hack.”

Recommended Reads

  1. Aurora Labs CEO Alex Shevchenko on Aurora as an L2
  2. Cantino on subscription NFTs
  3. korpi on ETH PoW and the Merge

On The Pod…

Will the Nomad Mass Looting Change How Law Enforcement Treats DeFi Hacks? - Ep. 382

Layne Haber, cofounder of ConnextNetwork, discusses the Nomad bridge hack, how it happened, and what can be done to prevent these exploits. Show highlights:

  • what Nomad is and how it works
  • how the hack occurred and what the vulnerability was
  • how much TVL the protocol had and how much of it was drained
  • why the Nomad hack was unique
  • how this exploit resembled the DAO hack on Ethereum
  • the bounty program that Nomad offered and how hackers responded to it
  • how Nomad is working with law enforcement, and the reasons why law enforcement has decided to get involved
  • how Nomad has partnered with TRM Labs to help with tracking the hackers
  • whether privacy developments in the crypto ecosystem will make it harder for law enforcement to track down hackers
  • why cross-chain hacks happen so often
  • what Layne thinks can be done to improve bridge security
  • what mechanism can be implemented to prevent errors that enable these types of mass looting
  • what Layne expects to see in the next few weeks around the Nomad exploit

Book Update

My book, The Cryptopians: Idealism, Greed, Lies, and the Making of the First Big Cryptocurrency Craze, which is all about Ethereum and the 2017 ICO mania, is now available!

You can purchase it here: http://bit.ly/cryptopians