Something Interesting

Share this post

The 3rd largest hack in DeFi history

www.somethinginteresting.news

Discover more from Something Interesting

Everything about crypto explained, simply.
Over 1,000 subscribers
Continue reading
Sign in

The 3rd largest hack in DeFi history

plus Dogecoin is for boomers now.

KF
Oct 28, 2021
1
Share this post

The 3rd largest hack in DeFi history

www.somethinginteresting.news
Share

In this issue:

  • Dogecoin is for boomers now

  • You should never feel safe in crypto

  • Reddit is getting into NFTs


Twitter avatar for @ShibaInuHodler
Shiba Inu @ShibaInuHodler
Hey @elonmusk How Much $Shib You Are Holding!!πŸ’―πŸ’ŽπŸ™Œ
4:37 PM βˆ™ Oct 24, 2021
16,733Likes3,104Retweets
Twitter avatar for @elonmusk
Elon Musk @elonmusk
@ShibaInuHodler None
5:53 PM βˆ™ Oct 24, 2021
49,412Likes6,741Retweets

Dogecoin is for boomers now

We used to talk pretty regularly about Dogecoin on Something Interesting. Back then things suddenly becoming absurdly valuable for no apparent reason was confusing and new. It was a simpler time.

The very first time I wrote about Dogecoin (in January) I concluded with a note saying "I hope you all had fun with DOGE! Between writing this piece and publishing it the party seems to have concluded" and then followed it with a price chart.

This is why I don’t give financial advice.

The price of DOGE has risen ~6-7x since then so obviously I underestimated the diamond hands of Dogecoin fans. But it also did something even stranger - it seems to have stabilized. For months now DOGE has been range bound between ~$0.20/DOGE and ~$0.30/DOGE. At time of writing it is trading for ~$0.24/DOGE, which is equivalent to a market cap of ~$31.6B, roughly the size of the People’s Insurance Company of China. Not bad.

On the other hand, maybe not good? It is not totally clear what motivates someone to buy or hold DOGE but it does seem like volatility was part of the value proposition. You can’t really do anything with Dogecoin other than own it, sell it, or check the price. If the price isn’t exploding the whole game is less fun.

1
Dogecoin in April was a cocaine-laced revolution! Dogecoin in October is staid.

There is also more competition now - if you like dog-based investing but you prefer tokens that are backed by assets you can buy fractionalized shares of an NFT of the original Doge meme from pleasrDAO (currently valued ~$163M). And there is a neverending slurry of new dog tokens churned out by shitcoin developers. One such dog token is SHIB, a Shiba Inu themed ERC-20 token built on Ethereum.

We talked about SHIB briefly back in May. They had given half of their supply to Vitalik as a kind of insane marketing gimmick and to discourage other projects from doing the same thing Vitalik liquidated the whole position en masse and donated the coins to various charities. I didn’t cover much detail about SHIB because I assumed it would fade away into obscurity and worthlessness. NOPE.

Price of SHIB (h/t Coinmarketcap)

At time of writing SHIB is ~$0.00008/SHIB with a market cap of ~$30.8B, roughly the same market cap as Etsy. For several moments today SHIB actually overtook DOGE to become the most valuable Shiba Inu-based meme currency in the world. At the moment Dogecoin and Shiba Inu coin are the 10th and 11th largest cryptocurrencies by market cap.

Twitter avatar for @MorningBrew
Morning Brew β˜•οΈ @MorningBrew
This wallet bought roughly $8,000 of $SHIB last August. It's now worth $5.7 billion. From $8,000 to $5.7 billion in roughly 400 days. We may actually be looking at the greatest individual trade of all time.
Image
7:36 PM βˆ™ Oct 27, 2021
24,278Likes5,328Retweets

SHIB is dumb but it is honestly less dumb than Dogecoin. Dogecoin is a parody of Bitcoin and shares roughly Bitcoin’s featureset. SHIB on the other hand is a parody of DeFi and is in the process of building dog-themed clones of the entire Ethereum ecosystem. Unlike Dogecoin the SHIB developer community is active and engaged. Different people can have different assessments of how valuable the things they are building are, but they are building things.

There are a variety of ways to see the market’s enthusiasm for DOGE fading but I think the most interesting one is Robinhood’s revenue. In Q1 DOGE trading represented 62% of their cryptocurrency revenue and cryptocurrency represented just over half of their business. By Q2 crypto revenue was down to just ~19%. DOGE traders had moved on.

Twitter avatar for @Dogetoshi
Steven @Dogetoshi
Robinhood didn't list SHIB in Q3 and this was the result. Crypto went from 51% of their transaction revenue to 19%.
Image
8:17 PM βˆ™ Oct 26, 2021
53Likes12Retweets

You should never feel safe in crypto

In the last post I mentioned a recent rumor of people’s Ethereum wallets being hacked by rogue NFTs. Here’s what I said:

It is difficult to say with certainty what is possible with smart contract security but at the moment it looks like plain old social engineering is the more likely explanation. People would just rather believe they were hacked than that they were scammed.

Several readers reached out to push back on my dismissing the threat. Tim Copeland of The Block sent me a link to this article about an exploit of RUNE, a non-standard token contract used by Thorchain. The attacker gave away free tokens that were structured in such a way that any attempt to spend or sell them gave the attacker control of any RUNE tokens. This was a vulnerability in RUNE not in Ethereum but it was still a serious exploit.

Twitter avatar for @Timccopeland
timcopeland.eth @Timccopeland
Really good @knifefight email today on the bitcoin ETFs. On the exploit bit, there are certainly some token exploits. Particularly the Rune one where certain airdropped tokens were able to steal Rune tokens. This is because it used tx.origin.
5:23 PM βˆ™ Oct 23, 2021
5Likes3Retweets

Another reader observed this:

"I don't know much about these specific attacks, but just wanted to call out that the fact that hacked users are signing transactions with their private keys (as the tweet in the article depicts), that doesn't rule out an attack. The most likely attack of this kind is a XSS vulnerability in wallets, that could be executed by putting a malicious script inside an NFT image or metadata payload ... given how many wallets are out there, and how little regard there is for infosec yet on the crypto ecosystem, I would be not surprised at all if some of them have vulnerabilities of this kind..." β€” AJ

I am not aware of any code-injection attacks but it is absolutely possible and a good rule of thumb in crypto is to assume that everything is exploitable. Just today a hacker pulled off the third largest heist in DeFi history stealing ~$130M worth of ETH from DeFi lending protocol Cream Finance.

2
The most interesting thing about the attack is that the vulnerability it exploited has been around for almost a year. The hacker was just the first person to notice it.

Twitter avatar for @danielvf
Daniel Von Fange @danielvf
1/6 Today’s 120 million C.R.E.A.M. finance attack was not a bug in the traditional sense - rather two, otherwise normal, blockchain constructs mixing together explosively. A thread:
6:21 PM βˆ™ Oct 27, 2021
228Likes39Retweets

The only real way to know the security of a crypto-economic system is to put a bunch of wealth inside and wait to see if anyone steals it. Everything in crypto is too new to have been properly battle-tested β€” we don’t know what we don’t know. Even Bitcoin should still be considered a dangerous experiment.


Other things in this issue:

  • Local hero sabotages sinister plot using artificial eyeballs:

Twitter avatar for @iBobbyShell
Bobby Shell ⚑ ∞/21M @iBobbyShell
Found an engineer on @Upwork who is helping me create fake and augmented retinas so @sama and his #WorldCoin no longer can viably succeed. We are making tons of retinas by the hour. What a diabolical idea they had which I just destroyed thanks to remote work. πŸ€πŸ‘ŠπŸŒŽ
7:56 PM βˆ™ Oct 27, 2021
1,089Likes160Retweets
  • Reddit just posted a job listing for a senior engineer to "Design, build and ship backend services for millions of users to create, buy, sell and use NFT-backed digital goods." For those keeping score at home that means Reddit, Coinbase, Twitter and Facebook have all started building support for NFTs.

    3

Twitter avatar for @decryptmedia
Decrypt @decryptmedia
Reddit is seeking a senior engineer to build out an NFT platform for millions of users, according to a recent job ad. decrypt.co/84121/reddit-b…
Image
9:05 PM βˆ™ Oct 22, 2021
58Likes14Retweets
  • The WuTang album Once Upon a Time in Shaolin was recorded and sold as a single unique copy. It was bought by dime-store villain Martin Shrkeli and then seized by the US government before ultimately being sold to pleasrDAO for $4M and then converted into an NFT. The music is probably pretty good, too!

  • Decentralized Autonomous Organizations (DAOs) are a kind of crypto-based governance tool that allows communities of token holders to pool resources and then vote on how those resources are spent. If you are not sure what that means exactly then you and the courts are in agreement.

Twitter avatar for @kashdhanda
Kash Dhanda @kashdhanda
Not enough people talk about the legality of DAOs. This article I found does a nice job of laying out a few different approaches:
mirror.xyzWhat I Wish I Knew Before Talking to Lawyers about DAOs β€” MirrorDisclaimer: In no way should this be construed asΒ legal or tax advice. Unless you enjoy being subpoenaed, you should definitely talk to a real lawyer ASAP.
1:10 PM βˆ™ Oct 25, 2021
170Likes27Retweets
  • Presented without comment:

Twitter avatar for @nogoodlogan
NOGOODLOGAN🍌 @nogoodlogan
β€œShoutout to the bored apes… we goin to 100 ETH floor…” 🏝
6:04 AM βˆ™ Oct 23, 2021
2,333Likes378Retweets
1

Obviously you could make the same criticism of Bitcoin, too - but Bitcoin was never really intended to be fun.

2

We talked about the largest hack in DeFi history twice - once when it happened and then again when the hacker decided to give the money back.

3

Disclosure: I used to work for Reddit. I don’t own any Reddit stock.

1
Share this post

The 3rd largest hack in DeFi history

www.somethinginteresting.news
Share
Comments
Top
New
Community

No posts

Ready for more?

Β© 2023 KF
Privacy βˆ™ Terms βˆ™ Collection notice
Start WritingGet the app
Substack is the home for great writing