Web3: FTX swallows Voyager for almost free; CFTC goes after bZeroX DAO and founders to pay $250K penalty; Wintermute hacked for $160MM in maybe inside job
Did FTX get Voyager for free by paying $1.4B for $1.3B in crypto assets, with a $111MM thrown in to save them the embarassment? Looks like it.
Gm Fintech Futurists —
Welcome to our Web3 newsletter, covering DeFi, digital assets, NFTs, and the emergence of the financial metaverse. This content is premium only — give it a share, and leave suggestions in the comments!
DeFi Protocols and Digital Assets
Crypto market maker Wintermute was hacked for $160MM last week, making it the 5th largest hack in DeFi this year. The hacker's wallet now holds $9.4MM in ether and $114MM in 3CRV. The news comes a few months after Wintermute sent $20MM of Optimism (OP) tokens to the wrong address.Wintermute has lost ~$160M, making it come to #5 on our 2022 DeFi exploit leaderboard In this incident, exploiters immediately put the most stables into 3CRV pool to avoid blacklisting, while ～50% of Top 10 exploiters transferred to Mixer before Tornado sanction
The Wintermute hack appears to be a hot wallet compromise. Wintermute used the Profanity tool to create a vanity wallet (beginning with 0x0000000) to save on gas fees — it spun up private keys until a public key with seven leading 0s (0x0000000___) was identified. Since the company is a market maker and wins on speed, execution, and transaction cost, this optimization was meant to be a competitive advantage, not a technical disadvantage.
Days before the hack, however, the 1inch Network disclosed a Profanity bug, the tool Wintermute used to spin up the private keys, which allowed hot wallet to be comprised. When Wintermute discovered the bug, it moved its ETH out of the address but did not update its Treasury administration addresses. The Treasury only allows admins to make such transfers, and as Wintermute’s hot wallet was an admin, the hacker acted as one and transferred the funds. There is now also a theory that the whole thing was an inside job.Wintermute was hacked for ~160m a few hours ago. I took a quick look and my best guess is that it was a hot wallet compromise due to the Profanity bug that was publicly disclosed a few weeks ago.
Wintermute issued a 10% white-hat bounty, which the hacker ignored. Now the market maker has to proceed with the legal route, but fund recovery is rare in such cases. For context, Qubit Finance offered a $2MM bounty, and Harmony offered $1MM for the return of the $100MM stolen from Horizon bridge — nothing was recovered in either case. On a side note, PeckShield, a Blockchain security company, said that 50% of stolen protocol funds, equivalent to $1.16B, had previously been washed via Tornado Cash.
On-Chain Action Disappears on Terra’s Luna Classic Token - The Defiant
Cryptoeconomics and Blockchain Protocols
Cardano blockchain has deployed the Vasil Hard Fork, which improves smart contract performance and network throughput. Cardano’s Hard Fork Combinator (HFC) ensured that the transition to Vasil did not interrupt the system. The Vasil hard fork was named after Vasil St. Dabov, a Cardano community member who died in 2021.ICYMI: Cardano’s hard fork events are unlike other blockchain protocols. Cardano’s Hard Fork Combinator tech preserves block history, allows nodes to upgrade gradually and prevents radical chain restarts. Learn more: essentialcardano.io
Vasil features comprise (1) Reference inputs (CIP-31), which give access to information on the blockchain without the churns associated with spending UTXOs (unspent transaction outputs), (2) Incline datums (CIP-32), which allow datums to be attached to outputs instead of datum hashes, such that developers can code scripts that directly point to the inputs, (3) Reference scripts (CIP-33), which allow developers to reference a script without including it in each transaction, thereby reducing transaction size and transaction size, and (4) Diffusion pipelining, which propagates blocks (within five seconds) before their full validation, thus overlapping the time spent on diffusion with the time needed for validation.
Cardano couples the UTXO model with the ability to handle smart contracts into an Extended Unspent Transaction Output (EUTXO) accounting model. See here to read Cardano's EUTXO handbook.
To be honest, we are not sure what to do with this news item. The ETH Merge just happened, and for us that overshadows the technical accomplishment of many other blockchains, but we should still pay attention to the world out there. Further, the alts ecosystem right now is primarily around Solana and Move (Aptos, Sui, 0L), rather than Cardano, which is controversial to say the least. Let the curious reader figure it out — let us know what you think!
Exploring The Cosmos - Galaxy Digital
DAOs, NFTs and the Metaverse
CFTC Pursues First Case Against A DAO - Blockworks