| What you need to know today in crypto and beyond August 12, 2021 Sponsored by Welcome to The Node. Correction – The subject line in yesterday’s edition of The Node incorrectly cited $600B as being the total of funds drained from the Poly Network, not the correct figure of $600M referenced in the newsletter. Thanks to those readers who wrote in to let us know. We’re sorry for the error. If you were forwarded this newsletter and would like to receive it, sign up here. Questions? Feedback? We'd love to hear from you! Simply reply to this email. –Daniel Kuhn Today's must-reads Top Shelf DEFI HACKS CONTINUE: Over half of the $600 million drained from multi-chain platform Poly Network has been returned, following one of crypto’s largest hacks. Just as the Poly hack finds some closure, another DeFi platform was hit: More than $7 million was drained from fundraising protocol DAO Maker. The team reported the average user affected lost $1,250 after the hack exploited a bug in their contract.
CRYPTO CRACKDOWN: China’s central government issued a five-year plan Wednesday that calls for tougher regulation across industries, signaling that the recent crackdown on tech industries that has shaken investors’ confidence will not abate any time soon. Key to the crypto industry, the plan calls for more legislation on tech industries and the environment, intensifying law enforcement in finance and ecological management.
ETF TIME: Crypto trading firm Valkyrie Investments filed a proposal with the U.S. SEC on Wednesday for a bitcoin futures exchange traded fund (ETF). Valkyrie's filing comes less than a week after SEC Chairman Gary Gensler noted that he would favor ETFs based on bitcoin futures traded on the Chicago Mercantile Exchange (CME).
RECORD CRYPTO INVESTMENT: Investment in crypto in the first half of 2021 outpaced the total for the previous three years, according to a report from KPGM. The total was reached by a smaller number of deals, indicating a greater average value per transaction with the report highlighting funding rounds for BlockFi, Paxos and Blockchain.com as examples.
–Eleanor Pahl & Eli Tan A message from Nexo When it comes to buying, borrowing, or earning on your crypto, you won’t find an easier, safer way to do it than Nexo. And right now, with its Referral Program, you can earn $10 worth of bitcoin for each friend you refer. And the best part – your referral gets $10 in BTC, too. You can invite up to 100 friends – so you can get as much as $1,000 in bitcoin by copy-pasting a few links. And you can further bump that amount by earning up to 8% interest p.a. on your bitcoin, paid out daily. Now is the time to unlock the full power of your crypto. Join Nexo and start earning free BTC with your friends. Overheard on CoinDesk TV Sound Bite "We should embark on that journey together with regulators and not let them work on it." –BitMEX and 100xGroup CEO Alexander Höptner, on CoinDesk TV's "First Mover." What others are writing... Off-Chain Signals Over two-thirds of all tether minted across multiple years went to just two crypto companies — Alameda Research and Cumberland Global (Protos) Venezuela cut off power to bitcoin (BTC) mining plants despite legalization (Crypto Slate) There’s Now an App for Bribing Curve Token Holders (The Defiant) How Hackers Bled 118 Bitcoins Out of Covid Researchers in U.S. (Bloomberg) –E.P. Sponsored Content Huobi’s Proprietary Risk Control Infrastructure Protects Users Against BSV Attack Thanks to its advanced risk control systems, Huobi had predicted a month ago there was a risk that BSV could be attacked and was taking measures to protect its users. Putting the news in perspective The Takeaway DeFi Needs Hackers
The likely perpetrator of one the largest crypto heists did it for “fun.” On Tuesday, an anonymous hacker or group stole some $600 million worth of crypto from Poly Network, apparently to teach the multi-chain platform a lesson (that’s what they said in a Q&A about their motivations and plans).
They identified a bug – or rather, a part of the code that enabled them to transfer money to themselves – and acted on it. The developers didn’t intend to put in a “free money” button, but it was there ready to be exploited. And praise be it was: It’s one more mistake that (hopefully) won’t be repeated.
"I am not very interested in money! I know it hurts when people are attacked, but shouldn't they learn something from those attacks?" the exploiter posted Wednesday in Ethereum blockchain data. At press time, approximately half of the stolen funds have been returned.
It’s not really my place to say whether they’re genuinely a “white hat” hacker or a black hat that realized it would be impossible to cash out. For what it’s worth, Tor Ekeland, an attorney who built a career out of defending computer miscreants, said: “Hacking is often more about the thrill of the hack than any object obtained in the hack.”
Hacks and exploits are not uncommon in the growing, multi-billion dollar decentralized finance (DeFi) ecosystem, of which Poly Network was a part. Often the result of hastily designed scripts or deeper flaws in at the protocol level, attacks are also an important part of how any computer network grows more secure. That’s doubly true in the world of blockchain.
In fact, some would say hacks lead to unhackable code. It’s a controversial point, especially because hackers don’t always return the stolen funds, and undoubtedly people are harmed in the process.
“In the world of blockchain, when somebody deploys a smart contract – like on Ethereum – that has a vulnerability, hundreds of millions of dollars disappear overnight and there’s no recourse,” legendary former Google computer scientist and founder of Agorist, Mark Miller, said at a Foresight Institute conference in 2018. “There are these huge bug bounties, effectively. And when one of these things gets collected, the software with these vulnerabilities dies.”
In other words, blockchain-based systems face evolutionary pressure. Weak projects face “an early death” so the entire system becomes populated by secure code.
Blockchain technology has only been around for a little over a decade. DeFi, as we know it, is even younger. There’s a case to be made we’re just at the beginning stages of adoption, with many more mistakes likely along the way.
Hacks aren’t the only way for projects or protocols to evolve. People can build simple things slowly, as in the case of Bitcoin, which has only ever been down twice over its 12-year lifespan. There are external audits and a potential role for policy-makers or government regulators to play.
But searching for flaws in a codebase or finding exploiters after the fact is like “hunting the wolves,” Zooko Wilcox-O'Hearn, computer security specialist and brainchild behind Zcash, said in a direct message, borrowing a line from Vitalik Buterin.
He should know. In 2015, his auditing company, Least Authority, was hired by a group of devs to do a security audit of the soon-to-be-launched Ethereum network. Many of the vulnerabilities they found were fixed, but not the one having to do with “reentrancy,” which enabled people to deploy smart contracts that could be exploited.
Just years later that same vulnerability was exploited in “The DAO hack,” a $55 million headache that led to the contentious fork between Ethereum and Ethereum Classic. At the time it filed its report, Least Authority even provided a hypothetical example of a smart contract that could be exploited: a crowd-funding smart contract, like The DAO.
As more money piles into smart contracts, it’s going to become harder and harder to “hunt the wolves” or individual exploiters. With hacks entire communities learn together what should and should not be repeated. Over time this leads to more “reliable” code. It’s one way to “armor the sheep.”
“If we as humans are going to rely on computers to do important things for us — and we are! — then we really require those programs to be unhackable. And despite the cynicism and despair among my fellow security experts, it is actually achievable!” Wilcox said.
“For every program like The DAO and Poly that got exploited because it had a vulnerability, you can point to another program that did the same thing but did not have that vulnerability. So progress is possible!”
–D.K. The CoinDesk DeFi Index (DFX), measuring the investable DeFi market, is now available for investors watching decentralized finance. It is the latest index by CoinDesk Indexes, the market standard for crypto assets since 2014. The DFX provides a market-cap-weighted index for a representative basket of DeFi-sector cryptocurrencies that is designed to be investable and replicable for professional investors. Find out more at coindesk.com/indexes/dfx, or email indexes@coindesk.com. The Chaser... The Node A newsletter from CoinDesk See Previous Editions Copyright © 2021 CoinDesk, All rights reserved. 250 Park Avenue South New York, NY 10003, USA You can manage your preferences here or unsubscribe from all CoinDesk email. | 