The 3rd largest hack in DeFi history
Discover more from Something Interesting
The 3rd largest hack in DeFi history
plus Dogecoin is for boomers now.
In this issue:
Dogecoin is for boomers now
You should never feel safe in crypto
Reddit is getting into NFTs
Dogecoin is for boomers now
We used to talk pretty regularly about Dogecoin on Something Interesting. Back then things suddenly becoming absurdly valuable for no apparent reason was confusing and new. It was a simpler time.
The very first time I wrote about Dogecoin (in January) I concluded with a note saying "I hope you all had fun with DOGE! Between writing this piece and publishing it the party seems to have concluded" and then followed it with a price chart.
The price of DOGE has risen ~6-7x since then so obviously I underestimated the diamond hands of Dogecoin fans. But it also did something even stranger - it seems to have stabilized. For months now DOGE has been range bound between ~$0.20/DOGE and ~$0.30/DOGE. At time of writing it is trading for ~$0.24/DOGE, which is equivalent to a market cap of ~$31.6B, roughly the size of the Peopleβs Insurance Company of China. Not bad.
On the other hand, maybe not good? It is not totally clear what motivates someone to buy or hold DOGE but it does seem like volatility was part of the value proposition. You canβt really do anything with Dogecoin other than own it, sell it, or check the price. If the price isnβt exploding the whole game is less fun.
Dogecoin in April was a cocaine-laced revolution! Dogecoin in October is staid.There is also more competition now - if you like dog-based investing but you prefer tokens that are backed by assets you can buy fractionalized shares of an NFT of the original Doge meme from pleasrDAO (currently valued ~$163M). And there is a neverending slurry of new dog tokens churned out by shitcoin developers. One such dog token is SHIB, a Shiba Inu themed ERC-20 token built on Ethereum.
We talked about SHIB briefly back in May. They had given half of their supply to Vitalik as a kind of insane marketing gimmick and to discourage other projects from doing the same thing Vitalik liquidated the whole position en masse and donated the coins to various charities. I didnβt cover much detail about SHIB because I assumed it would fade away into obscurity and worthlessness. NOPE.
At time of writing SHIB is ~$0.00008/SHIB with a market cap of ~$30.8B, roughly the same market cap as Etsy. For several moments today SHIB actually overtook DOGE to become the most valuable Shiba Inu-based meme currency in the world. At the moment Dogecoin and Shiba Inu coin are the 10th and 11th largest cryptocurrencies by market cap.
SHIB is dumb but it is honestly less dumb than Dogecoin. Dogecoin is a parody of Bitcoin and shares roughly Bitcoinβs featureset. SHIB on the other hand is a parody of DeFi and is in the process of building dog-themed clones of the entire Ethereum ecosystem. Unlike Dogecoin the SHIB developer community is active and engaged. Different people can have different assessments of how valuable the things they are building are, but they are building things.
There are a variety of ways to see the marketβs enthusiasm for DOGE fading but I think the most interesting one is Robinhoodβs revenue. In Q1 DOGE trading represented 62% of their cryptocurrency revenue and cryptocurrency represented just over half of their business. By Q2 crypto revenue was down to just ~19%. DOGE traders had moved on.
You should never feel safe in crypto
In the last post I mentioned a recent rumor of peopleβs Ethereum wallets being hacked by rogue NFTs. Hereβs what I said:
It is difficult to say with certainty what is possible with smart contract security but at the moment it looks like plain old social engineering is the more likely explanation. People would just rather believe they were hacked than that they were scammed.
Several readers reached out to push back on my dismissing the threat. Tim Copeland of The Block sent me a link to this article about an exploit of RUNE, a non-standard token contract used by Thorchain. The attacker gave away free tokens that were structured in such a way that any attempt to spend or sell them gave the attacker control of any RUNE tokens. This was a vulnerability in RUNE not in Ethereum but it was still a serious exploit.
Another reader observed this:
"I don't know much about these specific attacks, but just wanted to call out that the fact that hacked users are signing transactions with their private keys (as the tweet in the article depicts), that doesn't rule out an attack. The most likely attack of this kind is a XSS vulnerability in wallets, that could be executed by putting a malicious script inside an NFT image or metadata payload ... given how many wallets are out there, and how little regard there is for infosec yet on the crypto ecosystem, I would be not surprised at all if some of them have vulnerabilities of this kind..." β AJ
I am not aware of any code-injection attacks but it is absolutely possible and a good rule of thumb in crypto is to assume that everything is exploitable. Just today a hacker pulled off the third largest heist in DeFi history stealing ~$130M worth of ETH from DeFi lending protocol Cream Finance.
The most interesting thing about the attack is that the vulnerability it exploited has been around for almost a year. The hacker was just the first person to notice it.
The only real way to know the security of a crypto-economic system is to put a bunch of wealth inside and wait to see if anyone steals it. Everything in crypto is too new to have been properly battle-tested β we donβt know what we donβt know. Even Bitcoin should still be considered a dangerous experiment.
Other things in this issue:
Local hero sabotages sinister plot using artificial eyeballs:
Reddit just posted a job listing for a senior engineer to "Design, build and ship backend services for millions of users to create, buy, sell and use NFT-backed digital goods." For those keeping score at home that means Reddit, Coinbase, Twitter and Facebook have all started building support for NFTs.
The WuTang album Once Upon a Time in Shaolin was recorded and sold as a single unique copy. It was bought by dime-store villain Martin Shrkeli and then seized by the US government before ultimately being sold to pleasrDAO for $4M and then converted into an NFT. The music is probably pretty good, too!
Decentralized Autonomous Organizations (DAOs) are a kind of crypto-based governance tool that allows communities of token holders to pool resources and then vote on how those resources are spent. If you are not sure what that means exactly then you and the courts are in agreement.
Presented without comment:
Obviously you could make the same criticism of Bitcoin, too - but Bitcoin was never really intended to be fun.
We talked about the largest hack in DeFi history twice - once when it happened and then again when the hacker decided to give the money back.
Disclosure: I used to work for Reddit. I donβt own any Reddit stock.