Nomad, Solana hacks show DeFi’s inherent flaw | #emailsecurity | #phishing | #ransomware


Good morning, and welcome to Protocol Fintech. This Thursday: the “hack me” sign on crypto’s back, Aparna Chennapragada leaves Robinhood, and a new bill could boost the CFTC’s role in crypto regulation.

Off the chain

Economist Frances Coppola dove deep into the filings generated by Three Arrows Capital’s liquidation proceedings and came back with a picture of a deeply troubled company — even before the luna-UST meltdown sent it over the edge. “Its entire balance sheet is a massive unhedged bet that crypto prices will always go up,” she wrote. The Monetary Authority of Singapore comes out well in Coppola’s account, moving quickly to investigate the firm in June, but authorities were slow to freeze the firm’s assets, which may have given the founders time to move crypto tokens and NFTs to wallets that may now be offline. Only $40 million has been recovered against $2.8 billion in claims, a liquidator reports.

I’m taking a vacation, so “Off the chain” will return next Friday. Until then!

— Owen Thomas (email | twitter)

Crypto’s ‘hack me’ sign

You’d think after the crypto market shed $2 trillion in value in the last eight months, hackers might move on to more promising targets. But even a smaller market is providing tempting prey. News that criminals made off with $190 million after hacking the Nomad crypto bridge protocol was followed by Solana reporting that unknown attackers had drained more than 7,500 wallets of about $4 million worth of crypto tokens.

Bad code leads to bad outcomes. The Nomad and Solana breaches were “perpetrated through vulnerabilities in the coding of a contract and the software on which wallets run,” said Michael Fasanello, chief compliance officer at LVL.

  • Experts blame the Nomad hack on a flawed update which created an opening for hackers, making it easy to simply copy and paste transactions with a new address to access tokens.
  • The Nomad attack exemplified the problems with crypto bridges, which have come under increasing attack in recent years. They play an important role in crypto, but have also served as a weak link that hackers routinely exploit.
  • The Solana hack involved a “cohort of wallets” which were “compromised in the breach,” according to Slope Finance, whose software enables Solana users to access their wallets. Phantom Wallet, a popular Solana wallet, also pointed to Slope.

Crypto has turned into a hacker’s paradise. Sam Curry, chief security officer at Cybereason, said the recent attacks show how hackers now have “a plethora of tools” to take on a space with “poor cyber standards” and “high value and fungible targets.”

  • New crypto ventures are particularly attractive to hackers since they practically “have a ‘hack me’ sign outside,” Curry told Protocol. “The typical startup mentality of getting the code out there and fixing it on the fly is a recipe for disaster — and isn’t acceptable.”
  • Nomad raised $22 million in April and recently touted its high-profile investors along with its goal to “create a safer crypto ecosystem.”
  • Blockchain technology and cryptocurrencies promise a new financial system where users have complete control, free from intermediaries like banks and regulators, and transactions are totally transparent. But that also means there are few protections. The Nomad and Solana hacks highlight how, in DeFi, “there are few arbiters of the space beyond a project’s customer base, and the group in charge of running the project,” Curry said.
  • DeFi proponents argue that having open-source code and many eyes on transactions serve as safeguards, but how well is that working out in practice?

It’s ironic, then, but centralized crypto exchanges — CeFi — are looking safer for customers willing to compromise their DeFi ideals. There’s a real “disparity in security” between DeFi and CeFi, Fasanello said. In crypto, “no individual or party [is] 100% responsible for security.” Fasanello isn’t sure DeFi can ever be made 100% secure. Buyer beware, hacker rejoice.

— Benjamin Pimentel (email | twitter) and Tomio Geron (email | twitter)

SPONSORED CONTENT FROM SOUL MACHINES

They created Digital People. Now they’ve made celebrities available as Digital Twins: Soul Machines co-founder and CEO Greg Cross and his co-founder Mark Sagar, Ph.D., FRSNZ are leading their Auckland and San Francisco-based teams to create AI-enabled Digital People™️ to populate the internet, at first, and soon the metaverse.

Read more from Soul Machines

On the money

Crypto miners could get a tax reprieve. A Senate proposal would exempt crypto mining firms from being considered “brokers” under a 2021 law, which could trigger requirements to collect information on customers’ capital gains and losses and other transaction data.

A carbon-credit registry operator has proposed crypto token rules. Verra, a nonprofit organization that runs the world’s biggest registry by carbon credits issued, laid out a slate of rules for trading carbon credits on cryptocurrency exchanges to address concerns about the anonymity of digital-token holders.

Bankrupt Celsius wants to rehire a former executive. The crypto lender is seeking a judge’s permission to pay its former chief financial officer $93,000 per month while the bankruptcy filing makes its way through court, citing the “need for stability” and his financial expertise in its request to keep him on board.

Text-marketing startup Attentive and Shopify have teamed up for pay-by-text. Retailers using Shopify’s Shop Pay checkout system will be able to take payment from customers directly through customer service text chats powered by Attentive.

The CFTC’s Capitol backers

A new Senate bill would give the Commodity Futures Trading Commission authority over the markets for bitcoin and ether, the two largest cryptocurrencies. The bill is the latest attempt in Washington to set more clear federal rules for digital assets. It was introduced Wednesday by Sen. Debbie Stabenow, a Michigan Democrat, and Sen. John Boozman, a Republican from Arkansas.

The CFTC and Securities and Exchange Commission have been battling for position in overseeing cryptocurrencies; tension heightened recently when the SEC declared a list of crypto tokens as securities within an insider trading complaint, prompting a public rebuke from CFTC Comissioner Caroline Pham.

The new bill could provide some level of clarity. It would give the CFTC direct oversight of tokens that qualify as “digital commodities.” That includes bitcoin and ether, according to a bill summary. Online exchanges and other services that facilitate trading of the tokens would be required to register with the CFTC.

Read the full story on Protocol.com.

— Ryan Deffenbaugh (email | twitter)

Moves and hires

Robinhood’s Aparna Chennapragada stepped down as chief product officer. “ … the world has changed. As Robinhood adapts to this new context, it’s time for me to move on,” she wrote in a tweet. She’ll remain as an adviser to CEO Vlad Tenev. She cleared around $10 million in stock sales in her 16 months as an executive at the company.

PayPal has named Blake Jorgensen as its next CFO. Jorgensen, who held the same role at Electronic Arts, will succeed John Rainey, who left PayPal earlier this year to become Walmart’s CFO.

Michael Saylor is dropping the CEO title at MicroStrategy and becoming executive chairman. Saylor will “focus more on our bitcoin acquisition strategy and related bitcoin advocacy initiatives,” he said in a statement. The business-software company’s large bitcoin holding led to a $917.8 million impairment charge last quarter. But hey, Saylor once lost $6 billion of his personal net worth in a single day during the burst of the dot-com bubble.

Meghan Welch is Plaid’s new chief people officer. Welch was previously executive vice president, head of enterprise HR and chief diversity officer at Capital One.

Jim Magats has been named CEO of MX, an open-finance technology company. Magats was most recently PayPal’s senior vice president for omni-payments solutions.

Yieldstreet has named Timothy Schott its first chief financial officer. Schott was previously CFO of Associated Capital Group, an alternative investment adviser.

SPONSORED CONTENT FROM SOUL MACHINES

They created Digital People. Now they’ve made celebrities available as Digital Twins: Soul Machines is at the cutting edge of AGI research with its unique Digital Brain, based on the latest neuroscience and developmental psychology research.

Read more from Soul Machines

Thanks for reading — see you tomorrow!





Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

fifty one − 46 =