Tech Brew Ride Home - Mon. 02/21 – When The Contract Allows Your NFTs To Be Stolen

Episode Date: February 21, 2022

OpenSea says 32 users had NFTs stolen when they were scammed into signing malicious smart contracts. Mark Gurman tells us every Mac he expects to be released this year. Is a new crackdown coming for C...hinese tech? And Ford is revving up its attempts to unseat Tesla at the top of the EV mountain. Sponsors: Smith.ai promocode techmeme for $100 off signup Links: OpenSea Investigating ‘Exploit Rumors’ as Users Complain of Missing NFTs (CoinDesk) $1.7 million in NFTs stolen in apparent phishing attack on OpenSea users (The Verge) Apple Readies New MacBooks and iMacs for Part Three of Overhaul (Bloomberg) The Apple M2 could launch alongside up to seven new Mac models this year (TechRadar) Gurman: Apple to Launch New Macs Next Month, With More to Come Around May or June (MacRumors) Tencent Leads China Tech Selloff Amid Fears of Further Crackdown (Bloomberg) PrimaryBid raises $190M to double down on making it easier for ordinary people to invest in IPOs and follow-on fundraises (TechCrunch) Ford Mustang Mach-E usurps Tesla Model 3 as Consumer Reports top EV pick of the year (The Verge) Vote for Grupa on Product Hunt! Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the TechMeme right home for Monday, February 21st, 2022. I'm Brian McCullough today. OpenC says 32 users had NFTs stolen when they were scammed into signing malicious smart contracts. Mark German tells us every Mac he expects to be released this year is a new crackdown coming for Chinese tech and Ford is revving up
Starting point is 00:00:53 its attempts to unseat Tesla at the top of the EV Mountain. Here's what you miss today in the world of tech. Reminder that crypto is code and that smart contracts are thus code also. Code with, often, irreversible mechanisms inside them. The latest example is OpenC says 32 users had NFTs stolen from them as part of a targeted fishing campaign that scam them into signing malicious smart contracts. In other words, this isn't just stealing your password and then stealing your stuff. This is tricking you into actually signing away your stuff because the contract allowed it to happen. And thus, in the world of this enforceable contract, it wasn't illegal?
Starting point is 00:01:41 Quoting CoinDesk. In the wake of a series of viral tweets from panicked NFT traders' leading marketplace, OpenC says it's investigating, quote, rumors of an exploit regarding smart contracts connected to its platform, a vulnerability that may have cost traders' valuable tokens. We are actively investigating rumors of an exploit associated with OpenC related to smart contracts OpenC posted to Twitter Saturday night U.S. hours. This appears to be a fishing attack originating outside of OpenC's website. Do not click links outside of OpenC.io, end quote. Around 10.50 p.m. Eastern Time OpenC., CEO Devin Finzer followed up in a tweet that, quote, 32 users thus far have signed a
Starting point is 00:02:24 malicious payload from an attacker and some of their NFTs were stolen. He added that the company is, quote, not aware of any recent fishing emails that have been sent. to users, and quote, and suggested a fraudulent website may be to blame. OpenC had planned to revise its smart contract, the code governing its trading platform essentially, by releasing a brand-new contract on Friday. The upgraded contract was intended to ensure old inactive listings on the platform would eventually expire. On Twitter, traders shared what they'd initially thought were official OpenC emails about the migration process from contract A to contract B. Peck Shield, a blockchain security company that audits smart contracts stated that the rumored exploit was, quote,
Starting point is 00:03:05 most likely phishing, a malicious contract hidden in a disguised link. The company cited that same mass email about the migration process as one of the possible sources of the link. The apparent attacker's address, which the blockchain explorer website Ether scan has already slapped with a fish slash hack warning badge, holds about $1.7 million worth of ETH, as well as three tokens from the Bored Ape Yacht Club, two. cool cats, one doodle, and one Azuki, end quote. And quoting the verge. The attack appears to have exploited a flexibility in the Wyvern protocol, the open source standard underlying most NFT smart contracts, including those made on OpenC. One explanation, linked by CEO Devin Finser on
Starting point is 00:03:49 Twitter, described the attack in two parts. First, Target signed a partial contract with a general authorization and large portions left blank. With the signature in place, attackers completed the contract with a called to their own contract, which transferred ownership of the NFTs without payment. In essence, targets of the attack had signed a blank check. And once it was signed, attackers filled in the rest of the check to take their holdings. I checked every transaction, said one user who goes by Niso. They all have valid signatures from the people who lost NFTs so anyone claiming they didn't get fished, but lost NFTs is sadly wrong, end quote. OpenC was in the process of updating its contract system when the attack took place, but OpenC has denied that the attack originated,
Starting point is 00:04:30 with the new contracts. The relatively small number of targets makes such a vulnerability unlikely, since any flaw in the broader platform would likely be exploited on a far greater scale. Still, many details of the attack remain unclear, particularly the method attackers used to get targets to sign the half-empty contract. Writing on Twitter shortly before 3M Eastern Time, OpenC CEO, Devin Finzer said the attacks had not originated for OpenC's website, its various listing systems, or any emails from the company. The rapid pace of the attack, hundreds of transactions in a matter of hours suggests some common vector of attack, but so far no link has been discovered, end quote. So I tweeted over the weekend, say what you will, about the 3,000-year
Starting point is 00:05:12 history of capitalism, but it has pretty much locked down property law and the mechanisms they are in, like I'm all for improvements to the current system, but as Chris Maddern tweeted, quote, read the contract is not a long-term solution for trust and safety in Web 3, end quote. Right, look, if I own a Picasso and someone breaks into my house and steals it, I have recourse, known as the legal system. Even if I were to be duped into signing a blank check, I'd have recourse, known as the state, which would attempt to retrieve my stolen items and punish those responsible. I, too, as I've said before, find the idea of functioning markets, and legal systems that exist without the enforcement mechanisms of a state without centralization,
Starting point is 00:06:01 very appealing. But in practice, like, if you were to steal my Apple shares, I can get made whole for that. I like that system. It's a system that's existed for thousands of years, going back to warlords and aristocrats, writing the laws to protect their own property rights at the expense of, say, the serfs and everybody else. And I agree, that sucked morally. And hopefully it got slightly better over the years, maybe in modern times. It's only slightly less unfair to the little guy, but capitalism and Western legal canon is also a system that works, has worked. It can be reformed and made more efficient, no doubt, but it's not exactly broken. So putting it on the blockchain fixes what? As ever, I'm pro-Web3 and all the ideas surrounding it, but being completely
Starting point is 00:06:49 maximalist about decentralization as a part of Web3 doesn't seem the smartest to me. since it won't further the cause as much as some people might think. Mark German has listed what he feels like will be Apple's full lineup of Mac releases in 2022, quoting German himself. This year, the transition to Apple Silicon will shift into high gear with several new Mac models based on the following processors, a new M2 chip, last year's M1 Pro and M1 Max chips, superpowered versions of the M1 Max. A third round of Mac updates is likely to kick off on March 8th,
Starting point is 00:07:27 When Apple is planning to hold its first media event of the year, the presentation is likely to focus on the 5G iPhone SE and iPad Air, but I'm told to expect at least one new Mac that day. Recent filing support the idea that a new Mac is coming soon. Apple has listed three new Mac models with at least one of them labeled as a laptop in the database of the Russian equivalent of the FCC, end quote. As for the full lineup, German is expecting this year, quoting Tech Radar, a new 13-inch MacBook Pro, which will introduce the M2, a MacBook Air with an M2, hopefully with that colorful redesign, a new Mac Mini with an M1 Pro chip, a Mac mini with an M2, a new 24-inch IMac with an M2, a larger IMac Pro with optional M1 Pro and M1 Max, a Mac Pro with the equivalent of two or four M1 Max chips. Only a few of those are expected to make an appearance at the upcoming Apple March event,
Starting point is 00:08:25 namely the redesigned 13-inch MacBook Pro. Though if the M2 system on a chip is unveiled, then it's likely we will also see the Mac Mini and redesigned MacBook Air also released with the next generation of Apple Silicon, end quote. It is that larger iMac Pro that I'm looking for, and it seems to be unclear when that will come, probably not until WWDC, maybe slightly before, quoting Mac rumors.
Starting point is 00:08:50 Apple has a redesigned MacBook Air and a new 24-inch IMac in the work set to be released this year that will both feature the M2 Apple Silicon chip alongside the new high-end Mac Mini and updated 13-inch MacBook Pro. Another new IMac mini and a replacement to the currently Intel-based 27-inch IMac is also in the works, and will feature M1 Pro and M1 Mac's chip options, according to German. The timeline set forth by German suggesting Apple could announce new Macs around May or June, implying a release around its worldwide developers conference lines up with a report from Reliable Display Analyst Ross Young, who last week
Starting point is 00:09:25 said Apple's mini-LED iMac Pro could launch during the summer. Regarding Apple's highest end Mac, the Mac Pro, German reiterated that it had come with versions of the M1 Max chip, with the first iteration featuring 20 CPU cores and 64 GPU cores, followed by the second chip and 40 CPU cores and 128 GPU cores, end quote. Putting this on your radar real quick, Tencent shares fell 5.2% on Monday, as Chinese tech stocks had their worst two-day drop since July 2021, amid fears of a new round of regulatory crackdowns by the Chinese government, quoting Bloomberg. Traders pointed to everything from warnings from regulators over the weekend about scams in the metaverse to talk about yet more curbs on the gaming industry.
Starting point is 00:10:18 Separately, Chinese authorities told the nation's biggest state-owned firms and banks to start a fresh round of checks on their financial exposure and other links to Jack Ma's aunt group, Bloomberg reported after markets closed. Alibaba, which owns a third of Ant, fell 3.9% prior to the report. Hong Kong's Hongseng Tech Index, which tracks the biggest Chinese tech firms, lost 5.9% over two sessions the most since July. The decline started Friday when Maituan plunged as much as 18% after Beijing rolled out a new policy to curb the delivery giant's service fees, end quote.
Starting point is 00:10:58 Interesting raise time. Primary bid, which helps companies include, ordinary retail investors in IPOs and follow-on fundraisers, raised a $190 million series round led by SoftBanks Vision Fund 2, quoting TechCrunch. Thanks to the growth of FinTech, financial services like investing are getting ever more accessible to the wider population of consumers. Now, one of the bigger players pushing the boundaries of that concept is announcing a big round of funding on the heels of strong demand and what it believes are even bigger
Starting point is 00:11:30 opportunities ahead. Primary bid, which helps companies that are going public or public companies that are raising more money, offer their shares to retail investors, that is, ordinary people, not professionals, alongside more traditional share sales, has raised $190 million. Anan Sambasovan, the CEO and co-founder of primary bid, said the London-based startup plans to use the funding both to continue building out the products that it offers to companies such as the ability to invest in SPAC-based public listings and investments in retail bonds and to expand to new geographies, specifically with an eye on building out an office in the U.S., where it is going through the process of getting regulatory approvals to work with companies listing in that market and is likely to launch in late 2022 or 2023.
Starting point is 00:12:15 Primary bid today interoperates with some 60 channels to enable investments, which include brokerages and apps that people use to make investments today, and that list is also likely to continue growing. The company's mission is to bring the public back into the concept of a public offering, giving ordinary people a chance to invest directly in IPOs alongside banks and other large professional investors, Sambasovan said. Primary bid has been on a growth tear, fueled by an increasing appetite among everyday people to get more involved in the world of investment. The company says that in the past 18 months, it has helped facilitate share offerings for retail
Starting point is 00:12:50 investors for some 150 IPOs and follow-on share issues. These have been primarily in the UK, although the company is also starting to work with companies in France and with the help of its investor, ABN Amro, it is also looking to open for business in the Netherlands. Some of the bigger share sales that it has delivered include sales for Deliveroo, Pension B, and the U.S. IPO of MCG Group, Soho House in 2021, which was done via a share sale in the UK, end quote. And that's why I'm including this as an interesting raise. There already was a growing movement toward making your customers, also your investors, then the whole meme stock movement happened, as well as the ascendancy of religious stocks like Tesla,
Starting point is 00:13:36 only accelerated all this, and now the whole Web3 movement is here, the movement of the community also owning the product. So all of this is only going to rev up this movement even more. This is closer to the basic idea of letting retail investors in on deals, but again, expect all of this to continue as companies increasingly see having an army of customers slash partisans in their corner, because they have skin in the game, as something that has unbelievable value in the modern investing world. Finally today, speaking of Tesla for the first time, the Ford Mustang Mock-E has claimed King of the Hill status, at least in terms of reviews, knocking the Tesla Model 3 off the top spot in the Consumer Reports EV pick of the year, quoting the verge.
Starting point is 00:14:30 Tesla has long dominated Consumer Reports' EV rankings with the Model 3 holding the top position the past two years, but the publication says a variety of factors including ride quality, reliability, and the in-car user experience have led it to crown a new winner in the Mustang Mach E. Make no mistake, the Model 3 is still a great choice, and Consumer Reports recommends it. CR's deputy editor, Jeff Bartlett, writes today, but the Mustang Mach-E is also very sporty, plus it's practical and easier to live with. The Ford is also quieter and rides better. Both cars have large infotainment center screens, but the Mach-E's is far easier to operate and doesn't require multiple steps to activate routine features, such as using the defroster or adjusting the mirrors, as with the Tesla, end quote.
Starting point is 00:15:16 Consumer Report sends its members a survey each year to gather information regarding reliability and drive quality, as well as a host of other factors. This year, the publications members, quote, reported very few problems with the Mustang Mach-E so far, giving it an important advantage over the Model Y and even the Model 3, end quote. CR notes that the Mach-E is more similar to the Tesla Model Y than the Model 3, but that the Model Y's issues with reliability have kept it out of its top picks. Most notably, the publication praises Ford's decision to include a driver monitoring system in the Mustang Mach-E, earning the vehicle an extra two points in its overall score.
Starting point is 00:15:52 Tesla has long resisted efforts to include a DMS in its vehicles, despite pushing more software updates for its advanced driver assist systems that would benefit from a more robust driver monitoring system. Ford recently introduced its hands-free driver assist system dubbed Blue Cruise via an over-the-air software update to its 2021 Mustang Mach-E vehicles. Owners pay $600 for a three-year subscription to Blue Cruise. In infrared sensor monitors the driver's eye movements, and the vehicle will issue a series of alerts if the driver's attention begins to wander. In contrast, Tesla system only requires a hand on the wheel and has no system for monitoring the driver's visual gaze. This isn't the first time CR has soured on the Model 3. Back in May of 2018, the organization said it could not recommend the electric
Starting point is 00:16:36 car due to a shockingly long stopping distance during emergency braking tests. Tesla CEO Elon Musk attacked CR's methods, but later Tesla shipped an over-the-air update that improved the vehicle's breaking distance by nearly 20 feet. The update mollified CR, which went back to recommending the Model 3. The Tesla Consumer Reports' relationship is a veritable roller coaster ride, though. Back in 2015, the publication broke its own rating system in its effusive praise of the Model S. P85D. But that love affair started going south almost immediately when it surveyed about 1,400 Tesla owners and used that data to project a, quote, worse than average overall problem rate, end quote, for new buyers over the lifespan of the vehicle. As a result, it pulled its coveted recommended rating for
Starting point is 00:17:22 the Model S, end quote. I think for this week's bonus episode slash Twitter space, we're going to try to do my annual check-in on the world of Elon Musk, working on booking that. More details soon. Hey, if y'all are interested in helping Grupa out, Grupa, the company that we talked about this weekend, there's a link at the very bottom of today's show notes to their product hunt post. They hunted this morning. Please upvote them if you get a chance by following that link. And the whole reason I wanted to try out Horizon Forbidden West this weekend was because I wanted to see what modern gaming consoles are capable of. And the verdict so far is jawdropping. I still haven't gotten the embassy going yet, but that's the next thing to do.
Starting point is 00:18:19 So maybe I'll go do that after this. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.