Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
OpenSea Phishing and/or Exploit
Twitter was blowing up on Sunday (2/19/2022) with reports from many NFT holders about a possible exploit and/or phishing attack on the popular NFT marketplace OpenSea:
You can read through their threads above for more info, but OpenSea is still investigating the issue and thinks it may be much less impactful than some others have reported:
Maybe the downside of having too much transactional information open to everyone is that everyone believes they know how to read the Etherscan data? That they can correctly identify what happened and who did it? (See Dunning-Kruger effect)
Either way, this story is still developing so I can’t say for sure what’s going on.
What I can say is this is either typical smart contract risk (exploiting how a smart contract is written, nothing you have control over) or a typical phishing attack and people not checking exactly what/who they are interacting with on OpenSea (something everyone has control over).
It might seem simple, but if you want to experiment in this space, check that you are interacting with the correct address/entity that you intend to. Be safe out there.
CRYPTOCURRENCY MAY NEVER have fulfilled its promise as the quotidian currency for buying a cup of coffee. But it's proven to be a powerful, regulation-resistant means of sending large amounts of money anywhere in the world. That now includes war zones—or more specifically, Ukraine, a country whose long-burning, limited war with Russia and pro-Russian separatists may be about to rapidly expand.
Their story is based on research from blockchain forensics and compliance firm Elliptic, who reported that volunteer groups who assist the Ukrainian military have been receiving donations in the form of cryptocurrency:
These groups are funded by private donors, who have used bank wires and payment apps to donate millions of dollars. Bitcoin has also emerged as an important alternative funding method, allowing international donors to bypass financial institutions that are blocking payments to these groups.
Some of these groups provide military equipment and some are hacktivists fighting back with cyberattacks of their own against Russia and Belarus (including an attack on the Belarus railway system).
On the one hand, this could be considered a good thing if you’re against Russian aggression. We already know that Ukraine may be severely outmatched against the massive Russian military if it comes to a full-scale conflict, and this could be seen as a way to even the odds. It’s an outlet for donors who “may not want their banking records to show that they sent money to organizations that might be perceived as paramilitary groups.” And if Russia attacks and banks or other forms of financing get shut down, these groups will still have a way to receive funds and continue the war effort.
On the other hand, this may set a dangerous precedent in the future. Hacktivists and volunteer groups receiving funding from pseudonymous individuals to fight against an enemy government? Sounds like a nightmare for the US and its allies.
And it already is: in the same report, Elliptic mentions that pro-Russian groups are also raising money through cryptoasset donations.
The fact they can identify them is a good thing though. In the Wired piece, they mention that in 2020 the Department of Justice was able to seize terrorist’s cryptocurrency from their own accounts.
Nonetheless, we could be witnessing the beginning of a new way to fight proxy wars: transferring cryptoassets to fund insurrection.
Basically, when you have control over 50% of the computing power to validate transactions on the network, then you can validate all your own transactions to do things like double-spend and ruin user’s trust in the network.
MineXMR, a mining pool on the Monero blockchain, is currently in control of 45-46% of the processing power of the network. Once it crosses 50%, these miners will be able to do whatever they want with their own transactions and could start scamming others.
The Monero Reddit forum has more info on the most recent developments, and is urging other miners to start using other mining pools to prevent MineXMR from potentially compromising the network.
My take: I don’t really care for Monero anyway because it’s used by criminals, China, and N.Korea for cryptojacking. It won’t be missed by me if it fails.
Read the thread above for more info on how an individual accidentally stumbled upon a glitch which would have allowed him to swap any amount of one cryptocurrency for another in a transaction, even if he didn’t have any of the other cryptocurrency.
For example, he tried to replace the source of his funds from SHIB (currently $0.000025), which he currently had in his wallet, to BTC (currently $38,436.72), which he did not have in his wallet for a limit sell order. He saw the limit order appear in the order book without any errors. In other words, he could have immediately sold 50 SHIB (or more) for the price of 50 BTC and gotten away with it.
Thankfully he did not. He contacted the developers at Coinbase and they were able to quickly fix the issue. For this he was rewarded with a $250K bug bounty. Not bad for a day’s work.
