The Breakdown - Crypto 2023: Even Vitalik Is Getting Hacked
Episode Date: September 12, 2023A look at the hack of Ethereum co-founder Vitalik Buterin's Twitter account over the weekend, plus a catch up on a set of regulatory action from last week....
Transcript
Discussion (0)
Welcome back to The Breakdown with me, NLW.
It's a daily podcast on macro, Bitcoin, and the big picture power shifts remaking our world.
What's going on, guys? It is Monday, September 11th, and today we are catching up on everything in the crypto sphere from last weekend, including the founder of Ethereum getting hacked.
Before we dive into that, however, if you are enjoying the breakdown, please go subscribe to it, give it a rating, give it a review, or if you want to dive deeper into the conversation, come join us on the Breakers Discord.
You can find a link in the show notes or go to bit.ly slash breakdown pod.
Hello, friends.
Hope you had a great weekend.
Like I said, today we are doing a grab bag catching up on just a ton of news.
And let's start with the weird one.
On Saturday, Ethereum co-founder of Italic Buteran's Twitter account was compromised.
The attacker used the account to tweet about a time-limited NFT promotion.
Users that followed the link that tried to mint the NFT instead had their wallet drained.
Around 700,000 in crypto tokens and NFTs were stolen.
Now, the attack followed a similar pattern to many sim swap attacks which have plagued high-profile
crypto figures recently. An attacker fraudulently obtains control over the target's phone number,
and then uses two-factor authentication to gain access to Twitter or other services.
The attacker then posts a link to a poison transaction for victims to sign.
According to Unchained Sleuth Zach XPT, there have been more than 53 SimSwap attacks over
the past four months, which have led to the theft of over 13.3 million in crypto assets.
Now, at this stage, we don't know exactly how the attacker gained access to Vitalik's Twitter account.
Some assume that Vitalik would be using more complicated security design than simple phone number-based
2FA. If so, this attack speaks to much more sophisticated attacks targeting crypto figures.
What was particularly insidious about this attack was how believable the fake communication was.
The attacker's fake message was promoting a Q&A on a forthcoming Ethereum feature known as Proto-Dank Sharding.
Numerous high-profile industry figures were taken in by the fake message and signed transactions
with their wallets. The highest profile NFT that was drained was the very first Cryptopunk to be claimed
valued at around $250,000. To some, the attack demonstrates a clear change in targets for scammers.
DC investors said, Vitalik hacked Twitter is the first big scam I've seen targeting true hardcore
crypto nerds who would care enough to mint an NFT celebrating Proto dank sharding.
Still others pointed out that it could have been a lot worse.
Coin Bureau tweeted, the hacker could have said something that would have spread fud about
Ethereum and the markets would have dumped.
So while they were smart enough to get into such a high-value account, they weren't smart enough to
maximize their profits.
Putting it more simply, CL207 tweeted,
Imagine if the Talic account hacker just tweeted, I'm selling 100,000 eth for my living
conditions, while max short eth, dude would have made $100 million, not $1 million.
Still to others, this was just an example of how difficult it is still for normal people
in the cryptosphere.
Harrison at Pop Punk on Chain wrote,
Do you see how many Web3 native people get their wallets drained every day?
We're not ready to onboard the next billion. We're not even effing ready to onboard the next
100. Only thing we're ready to do is go to zero. Next up, staying in and around the Ethereum ecosystem,
Consensus-owned blockchain infrastructure firm Inferra have announced plans to release a decentralized
version of their service by the end of this year. Inferra provides a range of blockchain
infrastructure but are most well known for their Ethereum RPC nodes. As much as 50% of
Ethereum transactions are rooted through Inferra infrastructure, making their centralization
and ongoing risk. As regulatory efforts move from enforcement to compliance, it's anticipated that
regulators will look for intermediaries within the crypto ecosystem to deputize. And to many, a centralized
infero would be a natural fit for compliance enforcement. Indeed, we've already seen multiple
instances of infera being used as a tool for compliance. Last November, the firm announced that
some 20 million metamask users would have their wallets and IP addresses tracked using infera. Consensus
pushed back on the controversy by noting that Metamask allowed users to opt out by switching to a
different RPC provider. In March, consensus blocked IPs from certain regions in an effort to
comply with sanctions requirements. Also, in March, consensus blocked IPs from certain regions
in an effort to comply with sanctions requirements. Users from Venezuela and Iran were among
those who complained they could no longer use metamask through Infura. At the time,
consensus were criticized for restricting access more broadly than the sanctions called for,
including blocking some U.S. residents who had emigrated from sanctioned nations. Still,
it appears that consensus in the Ethereum ecosystem at large have grown increasingly
uncomfortable with the censorship risk of RPC nodes. And Inferra have been working on this
decentralization project for over a year now. Now, the project will be rolled out in a number of
phases. Inferro refers to the first stage as the quote, federated phase, where trusted partners
will be brought on to run redundant versions of key infrastructure. Tom Hay, decentralized
infrastructure product lead at Inferra said in a statement, we're looking to launch something
later this year, and that is going to be a federated phase. The federated phase will last
at least six months, and will provide the network with the insight on how to build a sustainable
model before introducing further decentralization. Now, according to the team of consensus,
aside from censorship resistance, adding more diversity and redundancy in RPC infrastructure
could also improve the robustness of Ethereum in general. Consensus head of strategy, Simon Morris
said, if you have different people setting up their infrastructure in different ways on different
cloud providers using different node software, then you can start to build antifragility into the system.
Next up on this breakdown, a regulatory roundup. On Friday,
the SEC filed their response in the Ripple lawsuit, arguing that the case should be allowed to proceed to
appeal. Ripple had previously objected to the appeal, stating that the regulator had not made a
sufficient argument to ground an appeal. The SEC's filing hit back, stating that, quote,
the defendants themselves say that the issues have industry-wide significance and are of special
consequence. They claim that this pivotal decision should be subjected to the scrutiny of an
appellate court to ensure a clear precedent is made. The SEC's filing hit back, stating that,
quote, the defendants themselves say that the issues have industry-wide significance and are of
special consequence, end quote. They claim that this pivotal decision should be subjected to the
scrutiny of an appellate court to ensure a clear precedent is made. The SEC noted that one judge
has already rejected the ripple decision as a persuasive precedent, opening the door to contradictory
rulings. The regulator further argued that halting the rest of the ripple case to deal with the
appeal immediately would, quote, preserve the resources of the court. They even went so far as to
take a swipe at Ripple, claiming that the firm was deliberately dragging out court proceedings.
Speaking of the SEC, Republican Housewhip Tom Emmer has introduced an appropriations amendment to
rein in the SEC's crypto enforcement agenda. In a tweet, Emmer wrote,
Gary Gensler has abused his authority to grow the administrative state to the detriment of the
American people. Congress must use all our tools, including the appropriations process,
to restrict Chair Gensler from further weaponizing taxpayer dollars. End quote.
The appropriations amendment would limit the SEC from utilizing funds.
to pursue digital asset enforcement until comprehensive rules and regulations are put in place.
Now, of course, Emmer has long been critical of the SEC's approach to crypto regulation.
In June, he supported fellow Congressman Warren Davidson's SEC Stabilization Act proposal,
which would limit the authority of the SEC chair by introducing a sixth commissioner
to require bipartisan support for regulatory actions.
Gensler is scheduled to appear at an oversight hearing before the Senate Banking Committee
on Tuesday.
The House Financial Services Committee, meanwhile, will hold their SEC oversight hearing on
September 27th. So we should get a chance to hear more about whether there has been any shifts
in the Gensler-S-SEC attitude since some of these court proceedings have gone through. Now, moving over to
the Fed, in a speech given at a fintech event on Friday, Fed Vice Chairman of Supervision Michael
Barr made a number of comments about CBDCs and stablecoins. When it comes to CBDCs, Barr emphasized
that the Fed is still firmly in the, quote, basic research phase and is far from making any decisions.
Barr said that, quote,
Investigation and research are very different from decision-making about next steps in terms
of payment system development, and we are a long way from that.
By way of detail, he explained that the research is currently focused on system architecture
and tokenization models.
Barr continued to reinforce the idea that the Fed won't make any decision on CBDC issuance
without, quote, clear support from the executive branch and the authorizing legislation from Congress.
On stablecoins, Barr said, quote,
I remain deeply concerned about stablecoin issuance without strong federal oversight.
If non-federely regulated stablecoins were to become a widespread means of payment and store of value,
they could pose significant risks to financial stability, monetary policy, and the U.S. payment system.
It is important to get the legislative and regulatory framework right before significant risks emerge.
Now, Barr has recently spearheaded the Fed's novel activity supervision program,
which requires banks to obtain a written non-objection before they can interact with stablecoins.
He claimed that the safeguard was in line with previous guidance issued by the Office of the Comptroller of the currency.
Barr argued that strong federal oversight of dollar-backed stablecoins was in the Fed's interest,
arguing that the tokens, quote, borrow the trust of the central bank.
Now, of course, federal oversight of stablecoin issuers has become a line in the sand for
establishment Democrats who sought to hold up the progress of stablecoin legislation back in July.
Barr also reflected on the July launch of FedNow, which is the new instant gross settlement
system operated by the Fed.
He said that Fed Now has been made available to depository institutions of all size, but, quote,
while current volumes on Fed Now are small, I expect that participation will grow over time.
Now, next up, one we talked about a bit in the weekly recap, but giving the details just
for completeness. On Thursday, the CFTC announced enforcement actions against three D5
firms. Open, Zerox, and Diradex all settled lawsuits for offering unregistered derivatives
products to U.S. customers. The fines were relatively small, $250,000, $200,000, and $100,000
respectively, but the message was clear. CFTC Director of Enforcement Ian McGinley said in a statement,
Somewhere along the way, defy operators got the idea that unlawful transactions become lawful
when facilitated by smart contracts. They do not. The defy space may be novel, complex and evolving,
but the division of enforcement will continue to evolve with it and aggressively pursue those
who operate unregistered platforms that allow U.S. persons to trade digital asset derivatives.
Now, while both Open and Derodex were offering derivatives trading, the situation around ZeroX
was a little more complex. ZeroX is an open-dex platform which allows anyone to list tokens.
They attracted the attention of the CFTC by simply having derivative tokens with embedded leverage listed.
The CFTC claimed that simply retaining the ability to draw fees from the trading,
though not actually profiting from the platform and having access to shut down the platform,
was sufficient to be held liable for how other developers use the platform.
Now, one CFTC commissioner offered a scathing dissent to the enforcement action.
Commissioner Summer Mercinger wrote,
Although each case presents different facts,
they have been lumped together for commission consideration and vote,
presumably for messaging purposes, as quote-unquote,
defy cases. She added that, quote, I am concerned that the commission in these cases is taking
another step down the path of bringing enforcement actions when we should be engaging with the public.
It is important to emphasize that enforcement first has not always been the CFTC's default
positioned. These cases are especially concerning in that they represent a significant shift in
position on the merits of engagement with defy market participants. Finally, today, over in the UK,
the United Kingdom Financial Conduct Authority have pushed back the commencement date of some
elements of strict new crypto advertising rules. The core rules will come into force on October 8th.
They require advertisements to be clear, fair, and not misleading. In addition, risk warnings will now
be mandatory and incentivizing platform use with both monetary and non-monetary rewards is
prohibited. Other parts of the regulations could be pushed back to as late as January, according to the
FCA. Individual firms would need to apply for additional time on a case-by-case basis. The regulator
explained that firms are running up against technical issues implementing some parts of the new rules.
In particular, a 24-hour cooling-off period which would allow customers to ask for full refunds
is proving difficult to comply with. It would require programming changes to platforms at a minimum,
if not an overhaul to business models. Lucy Castledine, Director of Consumer Investment at the
FCA, said, as a proportionate regulator, we're giving firms that apply a little bit more time
to get other reforms requiring technology and business change right. We'll maintain our close eye on
firms during this extended implementation period. Now, the FCA's strict new rules have been
criticized for their broad scope and draconian punishments. Foreign firms that advertise to U.K.
customers would be covered by the regulations, which capture social media posts, websites, and in-app
advertising. Influencers would be held liable for their promotion of crypto products, and a failure
to adhere to the new regulations could result in criminal charges. The maximum punishment for breaches
includes an unlimited fine or even jail time. The FCA has said that the strict rules are designed to,
quote, prevent harm to consumers from investing in crypto assets that do not match their risk
appetite. The regulator added that, quote, it is up to consumers to decide whether they buy
crypto assets, but they should do so based on fair and accurate information that helps them make
effective investment decisions. So friends, this is the other side of the prepping for the next
bull run. It is going to be a much tighter environment, certainly for any types of promotions,
although whether that will end scams given where we started this episode, I think that remains to be
seen. However, that is going to do it for today's episode. I appreciate you guys listening as always.
Until tomorrow, be safe and take care of each other.
Peace.