Tech Brew Ride Home - Wed. 03/30 – The Axie Infinity Hack

Episode Date: March 30, 2022

I explain the (latest) biggest crypto hack of all time, this time affecting Axie Infinity. Meta is paying to dish dirt on TikTok. Changes to Google Calendar could kneecap a bunch of startups, while th...e DOJ is investigating Google Maps. And signs of difficulty in two red-hot startup sectors, the instant delivery sector, and the fast checkout sector. Sponsors: AltoIRA.com/techmeme Links: Axie Infinity’s Ronin Network Suffers $625M Exploit (CoinDesk) Axie Infinity Owner ‘Fully Committed’ to Reimbursing Players After Hack (Bloomberg) Facebook paid GOP firm to malign TikTok (Washington Post) Messenger gets new shortcuts that let you send silent replies (The Verge) New Google Calendar feature takes the back-and-forth out of scheduling (Ars Technica) EXCLUSIVE-U.S. probe of Google Maps picks up speed -sources (Reuters) Gopuff Plans Hundreds of Layoffs to Cut $40 Million in Costs (The Information) Why Stripe’s ‘Fast’ Horse Is Losing the One-Click Checkout Race (The Information) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech Meme Right Home for Wednesday, March 30th, 2020. I'm Brian McCullough today. I explain the latest, biggest crypto hack of all time, this time affecting Axi Infinity. Metup is paying to dish dirt on TikTok. Changes to Google Calendar could kneecap a bunch of startups while the DOJ is investigating Google Maps and signs of difficulty in two red-hot startup, the instant delivery sector, and the fast checkout sector. Here's what you miss today in the world of tech. Network, which supports Sky Mavis's Axi Infinity game, says it was hacked, and 173,600 ETH, and $25.5 million worth of USDC was stolen. So altogether, that means more than $600 million
Starting point is 00:01:22 has been stolen. Now, again, depending on how you frame this, this is one of the biggest crypto hacks ever. And this is particularly notable because Axi Infinity was seen as one of the wild success stories of this generation of crypto projects, a play-to-earn game doing three and a half billion dollars in NFT transactions last year back in October. They raised a ton of money from A16Z and others at what was rumored to be a $3 billion valuation. So, yeah, this one's big, quoting Coin desk. According to a blog post published by the Ronan Network's official substack, The exploit affected Ronan validator nodes for Sky Mavis, the publishers of the popular Axi Infinity game, and the Axi Dow. An attacker, quote, used hacked private keys in order to forge fake withdrawals
Starting point is 00:02:09 from the Ronan bridge across two transactions, as seen on EtherScan. While the Ronan side chain has nine validators requiring five signatures for withdrawals, it is meant to protect against these types of attacks. The blog post notes that, quote, the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the AXI Dow validator, end quote. The blog post pegged losses at 173,600 Ether and 25.5 million in USC currently worth in excess of $625 million. The Ronan attacker's Ethereum address is a fresh address that transferred ETH in from the Binance Exchange one week ago. Ether scan records show that the attack took place last Wednesday. The majority of the funds remain in the attacker's address, though 6,250
Starting point is 00:02:56 Heath has been transferred to various other addresses. The Ronan Bridge and the Katana automated market maker have both been paused while investigations are ongoing, end quote. So it looks like it took them a week to realize more than half a billion dollars were missing. And in case you were wondering, a blockchain bridge, otherwise known as a cross-chain bridge, connects two blockchains and allows users to send cryptocurrency from one chain to the other. The question is, can Sky Mavis get this money back, or could this potentially bankrupt the entire project? This morning, Sky Mavis C-O, Alexander Larson says the company is, quote, committed to reimbursing AXY Infinity players and is, quote, working on a solution, quoting Bloomberg. We are fully committed to reimbursing our players as
Starting point is 00:03:41 soon as possible, Larson said, via text message. We are still working on a solution that is an ongoing discussion. The funds swiped include the, quote, deposits of players and speculators and the AXE-Infinity Treasury revenue, Larson said. Of the Ether Stolen, 56,000, belonged to the Axi Infinity Treasury, he said. The company doesn't suspect insider involvement in the heist, according to Larson. The attack is the latest to show that bridges are often rife with problems. The computer code of many isn't audited, allowing for hackers to exploit vulnerabilities. It's often unclear who runs them and exactly how. Identities of validators who are supposed to order transactions on bridges are often shrouded in mystery. And yet there are thousands of
Starting point is 00:04:20 bridges out there, and they have moved hundreds of millions of dollars worth of crypto. Sky Mavis has said it keeps all its revenue from Axi Infinity, including fees for joining the game, breeding its non-fungible token creatures, and other in-game payments in its treasury, and only uses outside investor money to maintain its real-world team's operations. It generated $1.3 billion in revenue in the 12 months through February. The easiest way to look at this is, like, the bridge is the bank for the Ronan Network, Larson said. The heist that happened took out all the ETH and USDA, so the ETH-USDC, so the ETHUSDC on RON network is not currently backed by anything, but we are looking at other options, end quote.
Starting point is 00:05:04 META is apparently paying a consulting and lobbying firm to orchestrate a PR campaign against TikTok in the U.S., including placing op-eds and regional news outlets, quoting the Washington Post. Facebook parent company META is paying one of the biggest Republican consulting firms in the country to orchestrate a nationwide campaign seeking to turn the public against TikTok. The campaign includes placing op-eds and letters to the editor in major regional news outlets, promoting dubious stories about alleged TikTok trends that actually originated on Facebook and pushing to draw political reporters and local politicians into helping take down its biggest competitor. These bare-knuckle tactics long commonplace in the world of politics have become increasingly noticeable within a tech
Starting point is 00:05:46 industry where companies vie for cultural relevance and come at a time when Facebook is under pressure to win back young users. Employees with the firm targeted victory worked to undermine TikTok through a nationwide media and lobbying campaign portraying the fast-growing app owned by the Beijing-based company ByteDance as a danger to American children and society, according to internal emails shared with the Washington Post. Targeted victory needs to, quote, get the message out that while meta is the current punching bag, TikTok is the real threat, especially as a foreign-owned app that is number one in sharing data that young teens are using. A director from the firm wrote in a February email. Campaign operatives were also encouraged to use TikTok's prominence as a way to deflect from
Starting point is 00:06:25 meta's own privacy and antitrust concerns. Bonus points if we can fit this into a broader message that the current bills slash proposals aren't where state attorneys general or members of Congress should be focused. A targeted victory staffer wrote in other emails targeted victory urged partners to push stories to local media tying TikTok to dangerous teen trends in an effort to show the app's purported harms. Any local examples of bad TikTok trends slash stories in your markets? A targeted victory staffer asked, dream would be to get stories with headlines like from dances to danger. How TikTok has become the most harmful social media space for kids, the staffer wrote, end quote. Meta has updated Messenger with Slack-like shortcuts, quoting the verge. Two of the shortcuts are
Starting point is 00:07:13 available today, March 29th, according to Meta, at everyone and forward slash silent. At everyone, we'll let you notify everyone in a chat, which could be useful if you want to make sure to get everyone's attention. On behalf of your friend's notifications, I beg you to please use this one responsibly. However, if you want to send a message without pinging the whole group, you'll be able to use the slash silent shortcut meta says. In the coming weeks, there will be a few more shortcuts. Slash pay will let you send or request money right from the messenger chat box, and will be available soon on iOS and Android in the U.S. Type slash gif and a topic of something you want a gif of to see some potential options to drop into the chat. This feature will be available soon on iOS and
Starting point is 00:07:56 slash shrug and slash table flip, which will be available soon on iOS as well. We'll let you drop the classic emoticons without having to type them out yourself, end quote. And heads up calendar startups, because this new feature could be a real shot across your collective bows. Google has added a booking page to Google Calendar, letting users present available periods for a meeting. Quoting Ars Technica. Workspace users will soon be able to pick the appointment schedule. from the create appointment button. This will fire up a UI that can be used to create an appointment web page. Workspace users highlight the times they would be willing to have a meeting, then
Starting point is 00:08:41 enter the appointment duration and location or a Google Meet Room, and add a title or description. Once everything is filled out, calendar will generate a Google hosted booking page website, and the creator can send the URL to someone else. The other person can then easily pick a time and add the meeting to a calendar. A similar time slot feature was previously available if both users were inside the same workspace organization, but you can now show this time slot UI to anyone you want, even users without a Google account. The creator of the booking page will need to be using at least the business standard version of Google Workspace. The lower-level business starter level is still paid, but it doesn't get access to these sorts of fancy new features. The feature
Starting point is 00:09:20 should roll out to everyone by April 9. Once you have it, just load up the web version of Google calendar, click on the create button and pick appointment schedule, end quote. say the Department of Justice is investigating whether Google bundling Google Maps with its other software illegally stifles competition, quoting Reuters. The probe has two components. One part focuses on apps, including for navigation, that are provided through infotainment screens on vehicles. In its Google Automotive Services package for automakers, the search company bundles together maps, the Google Play App Store, Google Assistant, and other services. Car companies are prevented from, for example, mixing Google Maps with voice assistants developed by smaller rivals, one source said.
Starting point is 00:10:09 In response, Google said the integration provides the best user experience, and that in some instances a rival voice assistant can function with Google Maps. The other component focuses on app and website developers. Specifically, the department is looking at Google's requirement that if a web page or app uses one Google technology, say Google's location search, the website or app developer cannot use maps or other technologies developed by Google's rivals, the two sources said. Two developers have told Reuters over the past year that they received violation notices from Google in recent years after mixing data from the company's services with maps from other providers. The developers said the competing options were less expensive or more detailed than Google Maps in some cases. The developers, speaking on the condition of anonymity due to fear of retaliation by Google, have also expressed concern about the company's new privacy options for users of its Android mobile operating system that could limit data collection by rival mapping providers.
Starting point is 00:11:01 At stake are money and data, including about places and people's interests. Google does not separately disclose sales from licensing the map-related tools, but Google over the years has hiked mapping fees and tied the business to its cloud unit, whose sales growth is of keen interest to investors, end quote. And two stories that make me once again wonder if VCs really have mathed out the realities of two really hot startup spaces. First one, a source is telling the information that, Philadelphia-based delivery startup gopuff valued at $15 billion last fall plans to layoff around 3% of its staff to cut $40 million in costs. The layoffs follow the resignations of several key executives, quote.
Starting point is 00:11:47 The cuts are part of an effort to reduce annual headcount costs by at least $40 million, said a person who has briefed about the move. The planned layoffs at the Philadelphia-based company, which employs roughly 15,000 workers, follows a hiring freeze earlier this month and the resignations of several key executives. The job cuts, part of a broader organizational restructure, are likely to focus on top earning managers outside GoPuff's core delivery operations, the person briefed said. The company on Friday parted ways with Sherrod Saundarrison, a senior vice president of product and growth, who reportedly reported directly to CEOs Rafael Ischayev and Yakir Gola. Earlier in the year, GoPuff's vice president of marketing solutions, Andrew Berman, and its director of strategic partnerships, Phil McAulov, also submitted their resignations. the person added, the departures hadn't previously been reported. The recent turnover could complicate GoPuff's plans to go public later this year, as it had hoped to do. Last year, other senior executives including GoPuff's chief customer officer, Jocelyn Wong, its vice
Starting point is 00:12:44 president of product management, Grady Leno, chief financial officer Mark Godosi, and chief business officer Jonathan DiOrio left the company. In October, GoPuff launched its instant delivery services in New York before expanding into British cities like London and Manchester the following month in these and other cities GoPuff runs a network of warehouses where it stocks its own purchased inventory using contractors for delivery to nearby homes. Executives had forecast the company would generate annualized revenue of at least $2 billion this year based on the company's fourth quarter performance. This year, however, the sharp drop in the stock prices of fast-growing tech companies such as DoorDash, Shopify, and Zoom has made it harder for older
Starting point is 00:13:22 startups to raise money. To write out the tougher funding conditions, some startups are trying to conserve cash by scaling back expansion plans. Virtual conferencing startup hoppin, online makeup seller Glossier and automation software company HyperScience have announced layoffs this year, and Digital Bank Chime and JustWorks, a developer of human resources software, have reportedly delayed public offerings initially set for early 2022, end quote. And I thought that GoPuff was the leader of the space, so if they're in choppy waters. And also from the information, sources are saying that Stripebacked one-click checkout service Fast generated just $600,000 in revenue in 2021.
Starting point is 00:14:08 Sources say that Fast tried raising a $100 million Series C round recently that did not go well. Quoting from the information again, the San Francisco-based Fast, which launched its one-click service in 2020, tried to win by signing up small merchants. Its main startup rival, Bolt, launched its service in 2018 with a different strategy, landing large customers, including Lucky Jeans and Notica. The startup's financial results have diverged. Last year, Fast generated around $600,000 in revenue, three people with knowledge of the number said, while the information previously reported that Bolt generated roughly 50 times that figure.
Starting point is 00:14:42 And when Fast late last year tried to raise a $100 million Series C financing at a valuation north of $1 billion, it didn't find any takers at the time, a person with direct knowledge of the matter said. One-click checkout requires hefty merchant volumes to bring in significant revenue, and Fast strategy of targeting small merchants puts it at a disadvantage. Fast had been hoping to significantly ramp up its business in 2021 by signing on larger merchants. It was telling employees its goal was to process $1 billion in transactions by the end of the year, three people familiar with the matter said. But it fell short of that target.
Starting point is 00:15:15 Financials Fast prepared for investors showed that its transaction volume last year reached around $30 million. In the investor document, Fast projected it would process $1.6 billion in merchandise sales in 2022 and generate $40 million in revenue. Bolt generated around $50 million in revenue last year on about $5 billion in merchant volume, the information previously reported. Bolt declined to comment on its financials for this story. In terms of funding, Bolt has also far outpaced fast, raising $700 million over the past 12 months. That included a January Series E round involving mutual fund giant BlackRock that valued the company at $11 billion, end quote. A unicorn valuation on $600,000 in revenue?
Starting point is 00:15:55 Yes, that would be, if you're curious, bubbly sort of valuation. Today I learned that the whole reason there's been this flood of checkout technology companies is because Amazon's patent for one-click checkout technology expired in 2017. I woke up this morning with a cold, a wicked cold. Came out of nowhere. I'm not sure if you can hear it in my voice. Negative COVID tests so far, but I'm off to bed. Talk to you tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.