Something Interesting

Share this post
The 3rd largest hack in DeFi history
www.somethinginteresting.news

The 3rd largest hack in DeFi history

plus Dogecoin is for boomers now.

KF
Oct 28, 2021
Comment
Share

In this issue:

  • Dogecoin is for boomers now

  • You should never feel safe in crypto

  • Reddit is getting into NFTs


Twitter avatar for @ShibaInuHodlerShiba Inu @ShibaInuHodler
Hey @elonmusk How Much $Shib You Are Holding!!šŸ’ÆšŸ’ŽšŸ™Œ

October 24th 2021

3,104 Retweets16,733 Likes
Twitter avatar for @elonmuskElon Musk @elonmusk
@ShibaInuHodler None

October 24th 2021

6,741 Retweets49,412 Likes

Dogecoin is for boomers now

We used to talk pretty regularly about Dogecoin on Something Interesting. Back then things suddenly becoming absurdly valuable for no apparent reason was confusing and new. It was a simpler time.

The very first time I wrote about Dogecoin (in January) I concluded with a note saying "I hope you all had fun with DOGE! Between writing this piece and publishing it the party seems to have concluded" and then followed it with a price chart.

This is why I don’t give financial advice.

The price of DOGE has risen ~6-7x since then so obviously I underestimated the diamond hands of Dogecoin fans. But it also did something even stranger - it seems to have stabilized. For months now DOGE has been range bound between ~$0.20/DOGE and ~$0.30/DOGE. At time of writing it is trading for ~$0.24/DOGE, which is equivalent to a market cap of ~$31.6B, roughly the size of the People’s Insurance Company of China. Not bad.

On the other hand, maybe not good? It is not totally clear what motivates someone to buy or hold DOGE but it does seem like volatility was part of the value proposition. You can’t really do anything with Dogecoin other than own it, sell it, or check the price. If the price isn’t exploding the whole game is less fun.1 Dogecoin in April was a cocaine-laced revolution! Dogecoin in October is staid.

There is also more competition now - if you like dog-based investing but you prefer tokens that are backed by assets you can buy fractionalized shares of an NFT of the original Doge meme from pleasrDAO (currently valued ~$163M). And there is a neverending slurry of new dog tokens churned out by shitcoin developers. One such dog token is SHIB, a Shiba Inu themed ERC-20 token built on Ethereum.

We talked about SHIB briefly back in May. They had given half of their supply to Vitalik as a kind of insane marketing gimmick and to discourage other projects from doing the same thing Vitalik liquidated the whole position en masse and donated the coins to various charities. I didn’t cover much detail about SHIB because I assumed it would fade away into obscurity and worthlessness. NOPE.

Price of SHIB (h/t Coinmarketcap)

At time of writing SHIB is ~$0.00008/SHIB with a market cap of ~$30.8B, roughly the same market cap as Etsy. For several moments today SHIB actually overtook DOGE to become the most valuable Shiba Inu-based meme currency in the world. At the moment Dogecoin and Shiba Inu coin are the 10th and 11th largest cryptocurrencies by market cap.

Twitter avatar for @MorningBrewMorning Brew ā˜•ļø @MorningBrew
This wallet bought roughly $8,000 of $SHIB last August. It's now worth $5.7 billion. From $8,000 to $5.7 billion in roughly 400 days. We may actually be looking at the greatest individual trade of all time.
Image

October 27th 2021

5,328 Retweets24,278 Likes

SHIB is dumb but it is honestly less dumb than Dogecoin. Dogecoin is a parody of Bitcoin and shares roughly Bitcoin’s featureset. SHIB on the other hand is a parody of DeFi and is in the process of building dog-themed clones of the entire Ethereum ecosystem. Unlike Dogecoin the SHIB developer community is active and engaged. Different people can have different assessments of how valuable the things they are building are, but they are building things.

There are a variety of ways to see the market’s enthusiasm for DOGE fading but I think the most interesting one is Robinhood’s revenue. In Q1 DOGE trading represented 62% of their cryptocurrency revenue and cryptocurrency represented just over half of their business. By Q2 crypto revenue was down to just ~19%. DOGE traders had moved on.

Twitter avatar for @DogetoshiSteven @Dogetoshi
Robinhood didn't list SHIB in Q3 and this was the result. Crypto went from 51% of their transaction revenue to 19%.
Image

October 26th 2021

12 Retweets53 Likes

You should never feel safe in crypto

In the last post I mentioned a recent rumor of people’s Ethereum wallets being hacked by rogue NFTs. Here’s what I said:

It is difficult to say with certainty what is possible with smart contract security but at the moment it looks like plain old social engineering is the more likely explanation. People would just rather believe they were hacked than that they were scammed.

Several readers reached out to push back on my dismissing the threat. Tim Copeland of The Block sent me a link to this article about an exploit of RUNE, a non-standard token contract used by Thorchain. The attacker gave away free tokens that were structured in such a way that any attempt to spend or sell them gave the attacker control of any RUNE tokens. This was a vulnerability in RUNE not in Ethereum but it was still a serious exploit.

Twitter avatar for @Timccopelandtimcopeland.eth @Timccopeland
Really good @knifefight email today on the bitcoin ETFs. On the exploit bit, there are certainly some token exploits. Particularly the Rune one where certain airdropped tokens were able to steal Rune tokens. This is because it used tx.origin.

October 23rd 2021

3 Retweets5 Likes

Another reader observed this:

"I don't know much about these specific attacks, but just wanted to call out that the fact that hacked users are signing transactions with their private keys (as the tweet in the article depicts), that doesn't rule out an attack. The most likely attack of this kind is a XSS vulnerability in wallets, that could be executed by putting a malicious script inside an NFT image or metadata payload ... given how many wallets are out there, and how little regard there is for infosec yet on the crypto ecosystem, I would be not surprised at all if some of them have vulnerabilities of this kind..." — AJ

I am not aware of any code-injection attacks but it is absolutely possible and a good rule of thumb in crypto is to assume that everything is exploitable. Just today a hacker pulled off the third largest heist in DeFi history stealing ~$130M worth of ETH from DeFi lending protocol Cream Finance.2 The most interesting thing about the attack is that the vulnerability it exploited has been around for almost a year. The hacker was just the first person to notice it.

Twitter avatar for @danielvfDaniel Von Fange @danielvf
1/6 Today’s 120 million C.R.E.A.M. finance attack was not a bug in the traditional sense - rather two, otherwise normal, blockchain constructs mixing together explosively. A thread:

October 27th 2021

39 Retweets228 Likes

The only real way to know the security of a crypto-economic system is to put a bunch of wealth inside and wait to see if anyone steals it. Everything in crypto is too new to have been properly battle-tested — we don’t know what we don’t know. Even Bitcoin should still be considered a dangerous experiment.


Other things in this issue:

  • Local hero sabotages sinister plot using artificial eyeballs:

Twitter avatar for @iBobbyShellBobby Shell ⚔ āˆž/21M @iBobbyShell
Found an engineer on @Upwork who is helping me create fake and augmented retinas so @sama and his #WorldCoin no longer can viably succeed. We are making tons of retinas by the hour. What a diabolical idea they had which I just destroyed thanks to remote work. šŸ¤šŸ‘ŠšŸŒŽ

October 27th 2021

160 Retweets1,089 Likes
  • Reddit just posted a job listing for a senior engineer to "Design, build and ship backend services for millions of users to create, buy, sell and use NFT-backed digital goods." For those keeping score at home that means Reddit, Coinbase, Twitter and Facebook have all started building support for NFTs.3

Twitter avatar for @decryptmediaDecrypt @decryptmedia
Reddit is seeking a senior engineer to build out an NFT platform for millions of users, according to a recent job ad.
decrypt.co/84121/reddit-b…
Image

October 22nd 2021

14 Retweets58 Likes
  • The WuTang album Once Upon a Time in Shaolin was recorded and sold as a single unique copy. It was bought by dime-store villain Martin Shrkeli and then seized by the US government before ultimately being sold to pleasrDAO for $4M and then converted into an NFT. The music is probably pretty good, too!

  • Decentralized Autonomous Organizations (DAOs) are a kind of crypto-based governance tool that allows communities of token holders to pool resources and then vote on how those resources are spent. If you are not sure what that means exactly then you and the courts are in agreement.

Twitter avatar for @kashdhandaKash Dhanda @kashdhanda
Not enough people talk about the legality of DAOs. This article I found does a nice job of laying out a few different approaches:
What I Wish I Knew Before Talking to Lawyers about DAOs — MirrorDisclaimer: In no way should this be construed as legal or tax advice. Unless you enjoy being subpoenaed, you should definitely talk to a real lawyer ASAP.mirror.xyz

October 25th 2021

27 Retweets170 Likes
  • Presented without comment:

Twitter avatar for @nogoodloganNOGOODLOGANšŸŒ @nogoodlogan
ā€œShoutout to the bored apes… we goin to 100 ETH floorā€¦ā€ šŸ

October 23rd 2021

378 Retweets2,333 Likes
1

Obviously you could make the same criticism of Bitcoin, too - but Bitcoin was never really intended to be fun.

2

We talked about the largest hack in DeFi history twice - once when it happened and then again when the hacker decided to give the money back.

3

Disclosure: I used to work for Reddit. I don’t own any Reddit stock.

CommentComment
ShareShare

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

Ā© 2022 KF
Privacy āˆ™ Terms āˆ™ Collection notice
Publish on Substack Get the app
SubstackĀ is the home for great writing