How Crypto Gets Hacked: Issue #7
Executive Order on Crypto Reg, DeFi Founder Risk, Ukraine Scams, & More
Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
Biden’s Executive Order on Crypto Regulation
Biden signed an executive order to require federal government agencies to start forming reports on cryptocurrencies and the future of money. In particular, outlining the risks and benefits of using crypto within the US financial system.
They want to focus their efforts on how they will:
Protect U.S. Consumers, Investors, and Businesses
Protect U.S. and Global Financial Stability and Mitigate Systemic Risk
Mitigate the Illicit Finance and National Security Risks Posed by the Illicit Use of Digital Assets
Promote U.S. Leadership in Technology and Economic Competitiveness to Reinforce U.S. Leadership in the Global Financial System
Promote Equitable Access to Safe and Affordable Financial Services
Support Technological Advances and Ensure Responsible Development and Use of Digital Assets
Explore a U.S. Central Bank Digital Currency (CBDC)
This is a big deal. Everyone was wondering whether the US would be on the side of outright banning crypto or trying to cultivate the new industry, and I think they are taking the right approach here.
They are obviously interested in protecting the financial system and preventing another situation like the 2008 sub-prime mortgage crisis, or a bank run from “digital dollars” that are not backed by “actual dollars,” like the recent Tether controversy. Creating a real US CBDC that the government can control themselves will help in that regard.
I also like they want to focus on investor and consumer protections, while at the same time “supporting technological advances” and “establishing a framework to drive U.S. competitiveness and leadership in, and leveraging of digital asset technologies.”
It’s obvious they see the value in digital assets, and they want to integrate them into our current system responsibly.
But there is language in here that may concern some crypto-advocates.
They use words like “protection” and “safety” often in the statement. This will fly in the face of the libertarian ethos of many of crypto’s proponents. The government is going to start telling developers what they can and can’t do, and whether they like it or not there is probably a good reason behind it (preventing systematic financial risk, KYC and AML laws, etc).
They also say they want to support technological advancement “while prioritizing privacy, security, combating illicit exploitation, and reducing negative climate impacts,” which seems like they are taking a shot at the energy-intensive proof-of-work blockchains like Bitcoin, despite some evidence to the contrary (here from HBR).
We’ll see how that plays out in the future.
(PS: Found another good overview with some other thoughts and insights from Inside, here.)
Fantom and Yearn fall to DeFi Founder Risk
Andre Cronje is leaving DeFi, which leaves the protocols Yearn Finance and Fantom without their top leadership, or so the market thinks. Yearn’s token price dropped 9.3% and Fantom dropped 6.9% on the day he broke the news.
Cronje has been a top developer in the space, and was the original creator/founder of Yearn.finance, a “yield aggregator,” where users can deposit tokens and earn high yields across different DeFi platforms. His exit from the space is seen as a huge loss, even though he hasn’t been as active as many seem to believe.
Yearn developer Banteg also took to social media to address concerns about the future of the project. “People burying YFI, you do realize Andre hasn’t worked on it for over a year? And even if he did, there are 50 full-time people and 140 part-time contributors to back things up,” he tweeted.
But even if a protocol appears like it’s losing its top leadership, it can still cause token prices to drop.
A lot of the value of these tokens is based on faith, so when that faith is broken the value starts to break down as well.
An inconvenient truth is that even very decentralized crypto projects are not immune to losing their founders:
Importantly, the reaction to Cronje’s exit shows that crypto participants still hold tokens based on the personalities associated with them. This is a problem Cronje himself noticed, saying on The Defiant’s podcast that despite the point of decentralized products being the ability to walk away, people had inextricably linked him and Yearn.
“It’s sad to see how the space reacts to true decentralized finance,” Foobar, a well-known Solidity developer, said on Twitter. Cronje exemplified the true DeFi ethos, relinquishing control of his projects, for better or worse, the developer added. This flies in the face of many projects that are decentralized in name only, when it’s really a select group that controls the code.
Crypto protocols are still perceived as a founder-led businesses, despite the degree of decentralization. Like investing in startups, there is founder risk in crypto.
Scammers Target Ukraine Fundraising Efforts
I originally thought this was a scam when I first saw it.
There were reports that Ukrainian government accounts were being hacked by Russian forces.
But it was true: Ukraine was asking for direct donations to their public cryptocurrency addresses:
And it appears they’ve been relatively successful at raising funds this way:
Then, the government of Ukraine promised an airdrop for everyone that donated, which caused a lot of excitement in the crypto community:
But then accounts started popping up on Twitter and Telegram channels pretending to be Ukraine-focused charities or Ukrainians asking for direct donations.
Infoblox noticed a spike in the number of web domains which included the word “Ukraine” at the start of the war. They found one DAO called “Save Ukraine” which was set up to scam donors:
At first glance, the content is similar to that of Ukraine DAO; however, based on several factors, we assess that this website is a cryptocurrency scam:
The advertised Ethereum address has no transactions
There is no publicly validated claim of this site
Established researchers from ESET have concluded the website is fraudulent
The owners of the site are creating third-party transactions to another recently registered domain, unchain[.]fund, for which they receive fees
They also include a whole list of other sites which contain malware, phishing, spam, etc.
CyberScoop explains how scammers have been targeting Telegram users as well:
Telegram, a known hunting ground for cryptocurrency scammers, saw an uptick in accounts themed around Ukraine right before and after Russia invaded the country. Scammers were quick to take advantage, Brittany Allen, trust and safety architect at fraud protection company Sift, found.
Allen says the scams fall into three buckets: Users pretending to be in need of donations, users pretending to be companies collecting donations and offers to help others create fake donation websites.
One of the channels Allen observed, “Ukraine Support Donation,” tried to show its legitimacy by posting screenshots of emails from Coinbase noting new donations. (A CyberScoop review of the wallet addresses provided showed no transactions.) In another channel, a user posed as trading platform Binance collecting donations with the account “Binance Support.” Clicking on the account shows its actually registered as “Binancesuport” and is not the real company.
Another example were the “Peaceful World” tokens that were airdropped into donor’s wallets. The scammers were able to make it seem as if they had been sent by the Ukrainian government:
Because the Ukrainian government had promised an airdrop, sites like CoinDesk started reporting that this could be what they were talking about, creating even more excitement. Then as the scammers started dumping their tokens on Uniswap to sell them (they already held most of the tokens), people started to wise up and figured out it was a scam, trying to make a quick buck.
Because of this, the Ukrainian government decided they would do an airdrop, and would instead create NFTs to support the war effort.
It’s always the same old story: excitement followed by scammers taking advantage of the excitement.
I fear the Ukrainian government trying to sell NFTs will only open donors up to a whole new set of scams and frauds.
Be careful who/what you interact with out there and make sure you are donating to a legitimate and well-recognized charity if you are going to donate. Don’t just take someone on the internet’s word for it (even if it seems like it’s coming from the Ukrainian government).
Crypto’s Batman: ZachXBT
I liked this interview with anonymous Twitter user ZachXBT, who has been the source for uncovering numerous hacks and scams by doing his own independent investigations.
He does this all on his own purely because he hates seeing people get taken advantage of, with no interest in receiving compensation thus far.
Give him a follow if you want to stay up to date on what he’s paying attention to.
Chainalysis Launches Free Sanctions Screening Tools
Chainalysis, the blockchain data platform, today announced the accelerated launch of two sanctions screening tools – an on-chain oracle available today and an API expected to launch next month – for the cryptocurrency industry free of charge. As countries around the world continue to leverage economic sanctions in response to Russia's invasion of Ukraine, decentralized web3 groups like DEXs, DeFi platforms, DAOs, and DApp developers are searching for lightweight tools to help them and their customers comply with sanctions policies. These tools will enable users to easily validate they are not interacting with cryptocurrency wallets associated with sanctioned entities.
Now there’s no excuse. The tools are out there and free for anyone to use to make sure they are compliant with US sanctions, including decentralized protocols.
I hope they use them. I hope it helps.
Thanks for reading, and have a great week!