Unchained - Circuit Breakers: Is ERC-7265 the Solution dApps Were Waiting For? - Ep. 515
Episode Date: July 7, 2023In 2022, crypto crime hit an all-time high. A staggering $3.8 billion in crypto was stolen, with DeFi protocols bearing the brunt of these thefts, accounting for 82% of the total losses. Amid this ala...rming scenario, has a beacon of hope emerged in ERC-7265? The proposal aims to create a 'circuit breaker' safety layer for DeFi contracts, potentially revolutionizing security measures in the crypto space. Could this be the key to bolstering security and paving the way for mass adoption of DeFi? Will it essentially centralize protocols? Tune in to find out. Listen to the episode on Apple Podcasts, Spotify, Overcast, Podcast Addict, Pocket Casts, Stitcher, Castbox, Google Podcasts, Amazon Music, or on your favorite podcast platform. Show highlights: what ERC-7265 is meant to do and why they called it a 'circuit breaker’ how the idea would actually work on chain how this ERC could make DeFi applications more centralized, rather than decentralized what can be done to prevent small teams from seizing funds how different teams will be able to design the circuit breaker as they want what unsafe arbitrary calls and unprotected flows are why Philippe believes that this proposal will help newer teams improve their security how the ERC can pave the way for a more decentralized protocol what will it take for protocols to start adopting the new standard Thank you to our sponsors! Crypto.com Railgun DAO Ondo Finance Arbitrum Foundation Guest Philippe Dumonet, Cofounder of DeReg Links Chainalysis 2022 report The Block: Ethereum community proposes new standard to mitigate DeFi hacks Philippe’s thread on ERC-7265 Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi everyone. Welcome to Unchained, your no-hype resource for all things Crypto. I'm your host, Laura Shin, author of The Cryptopians. I started covering crypto eight years ago and as a senior editor of Forbes was the first mainstream media reporter to cover cryptocurrency full-time. This is the July 7th, 2023 episode of Unchained.
Ondo Finance is bringing compliant, institutional-grade finance-on-chain. Ondo is a leader in the tokenization of traditional securities, including with
its roughly 5% yielding tokenized U.S. Treasury's product, OUSG.
Ever wanted to use DFI without being tracked?
Railgun is a leading DFI privacy solution on Ethereum, BSC, Arbitrum, and Polygon.
Shield your funds and use them privately in your favorite defy apps,
while Railgun's cutting-edge zero-knowledge system encrypts your data from public view.
Yes, that includes Dextrating.
Visitrail.org or use the Railway app at Railway.xy-Z.
With the crypto.com app, you can buy, trade, and spend crypto in one place.
Download and get $25 with the code Laura.
Link in the description.
Arbitrum's leading layer two scaling solution offers you ultra-cheap and lightning-fast transactions,
all with security rooted on Ethereum.
Visit arbitram.io today.
Today's guest is Philip Dumene, co-founder of DREG.
Welcome, Philip.
Hey, Laura. Thanks for having me on.
Jane Ellis is reported in its 20th.
22 Crypto Crime Report that not only was last year, the biggest year ever for crypto crime
at a total of $3.8 billion stolen, but that funds stolen from DFI protocols accounted for
82% of that total. And that equates to $3.1 billion stolen from DFI. So you and Ethereum
developers, Dia Here and Merbank, have put forth a proposal to address this problem. And it's called
ERC or Ethereum Request for Comment, 7265.
What's your proposal?
Yeah, so our proposal, it's more of a design that people can implement,
but the proposal is basically creating a safety,
a generalized safety layer that developers can add onto their contracts
that will allow the funds within the protocol to be protected,
even if the core logic of the protocol is vulnerable and could be exploited on its own.
And so the way that you define this, like colloquially,
is as a circuit breaker.
What does that mean?
Yeah, so a circuit breaker is a relatively common mechanism
that you have in traditional finance on, for example, exchanges.
It's basically like an emergency tripwire that allows you to pause the system
in cases of emergencies or irregularities.
I forget which exchange was exactly.
I think it was a NASDAQ, but essentially if a certain asset,
I think it's the, I forget which one it was exactly,
But if it falls by too many points within one day, they'll halt it for a few hours.
And then if it falls even further, they'll halt it by even more hours because in the past,
you had basically like these sell-off cascades where people would just like start to panic and just sell off assets.
And then these circle breakers were intended to allow people to just like cool off and basically like relax a little bit,
reassess the situation with a clear head and then resume the markets when people were in a clear state of mind.
And so how are you proposing that this ERC 7265 would work?
So it's very similar. So basically what it does is it adds this layer around your protocol through which all funds flow. And what this allows you to do is that before any assets leave the protocol, it gives you some time to basically evaluate that withdrawal essentially from the protocol and basically do some added analysis on it, whether it's malicious or not. So this can be done on chain or off chain, but basically it gives you time to intervene in case you realize that the code allowed somebody to maliciously withdraw some amount.
So I saw on the proposal that it would limit the withdrawals by these time periods, like you mentioned, as was done on the traditional exchange.
So if that were to happen, then who would get notified in the event of this large withdrawal that trips the circuit breaker?
Yeah, so it would be the team in charge of essentially controlling and monitoring the protocol.
So this would likely be the devs and the core team of the protocol.
Or if it's a protocol that's like more decentralized and has like,
governance, they probably have some small security council that is in charge of, like, stepping in
and assessing the situation, seeing if it's a false positive. So, like, a accidental tripping of
this, like, tripwire or whether it was, like, an actual attempted hack that was detected by the
system and then react accordingly. So would the standard then have a tendency to centralize
the operations of the defy protocol? Yeah, exactly. It would basically require the protocol to have
some central owner or set of owners that have the ability to make that call of,
okay, is this just an accidental, like, tripping of the circle breaker or is this like real
malicious activity? And then you do have like this central actor that has to have the responsibility
for the circle breaker to be feasible, at least in the initial version. There are versions down
the line where this mechanism can be more decentralized and trustless, but that is not what we
have yet at the current stage. So, I mean, most people, when they're proposing things for Ethereum,
and they're not proposing things that would make protocols more centralized.
So why is it that you're willing to do that with this proposal?
I'm a big fan of decentralization, and I would actually specify on the point that it doesn't make
protocols more centralized.
Like centralized protocols, I have the same model centralization.
So basically it allows early stage projects that are usually centralized anyway.
And in fact, if you look at defy, a majority of protocols have some sort of centralized
control somewhere, whether it's delegated to governance or whether it's the team multi-sig,
a lot of projects have these capabilities already.
But we're basically extending the positive things that can be done with these capabilities.
Because already today, these capabilities can be used to, for example, upgrade a contract
or in the worst case, rug the contract.
And what we're adding on top of this is the ability to effectively intervene in a hack in real
time.
So I also wondered about this issue of this small team deciding whether a withdrawal is
legitimate or a hack.
I mean, what's to stop them from realizing, oh, this entity wants to withdraw because there's a fundamental flaw in the protocol.
And we don't want them to withdraw because we don't want to set off panic and have other people realize there's a flaw here.
What if it's something like that?
And it's keeping somebody who has recognized a legitimate problem from keeping their funds safe.
So directly, there's not much you can do to prevent this, but this is already possible today with the centralized protocol.
So if you look at, for example, what happened with the waves blockchain and their lending markets, I forget what it was called, but basically what the team did via governance is they essentially seize funds or forcing people to deposit more collateral into the protocol by essentially threatening to seize their assets if they didn't comply.
And malicious teams do this already.
Again, what the circle breaker does is it doesn't change fundamentally the capabilities
that these teams have is it adds their countermeasure capabilities.
But one way they can mitigate this in the long term is to have essentially custodians that
handle this.
Instead of teams handling this, you have like some set groups that are basically experts
in doing arbitration or these kind of checks and then the team delegates that control
to these more trusted parties rather than themselves.
And the idea here is not necessarily to completely.
solve the centralization issue, but it's more to move things in a better direction and basically
minimize damage. And what about the time limits? Is that something that is determined by
whoever implements the standard? Or is it also? Because I just wonder, you know, is 90 minutes
really enough for figuring out whether or not something is, you know, like a legitimate withdrawal
versus legitimate withdrawal versus something more nefarious?
Yeah.
So the circle breaker basically gives the team time to decide.
So hacks are usually quite complex technically.
And they use a bunch of different transactions to try and manipulate the protocol
into extracting funds.
So it's hard to make the determination in an automatic sense.
So the circle breaker acts as more like an initial flare or signal telling the team,
like there is some irregularity here that might point to a hack.
And it gives them the time to essentially evaluate that situation before anything results in irreversible damage.
Because what happens today is if there's a hack, the only notification they might get is once the funds already left the protocol.
The circuit breaker basically gives a team time to evaluate the situation and intervene before damage is irreversible.
So I also wondered how the circuit breaker works in the context of crypto where prices can be extremely volatile.
I don't know if this applies only for withdrawals.
But, you know, I'm sure you're aware, and you kind of mentioned this in when you talked about the NASDAQ example, that prices can fall dramatically for purely legitimate reasons. And so does this apply in that situation or not?
Yeah. So teams will have the discretion to configure their circle breaker as they want. So if they want to also pause the protocol or delay it when there's extreme price action, they may choose to do that. But the design of the circle breaker is such that users can still close their position and trade within the protocol.
even while there's a halt essentially.
But the main thing the circuit breaker does is it delays any outgoing effect.
So anytime assets might leave the protocol.
And so to say irreversibly, like, cause damage to the protocol, which is like when the funds are
outside of the jurisdiction of the protocol, that's basically what the circuit breaker mitigates
and allows teams to value that part.
So if you have like an exchange within the protocol or a lending market, you can still close
in open positions.
You can still trade.
But just like exiting from the protocol is what might be temporarily halted.
Okay.
So you're saying basically, if this had been implemented at the time of the Manko markets exploit, then essentially at the time he manipulated the price or allegedly manipulated the price, that it wouldn't have been tripped then. It only would have been tripped when he went to withdraw. Is that how it works?
Exactly. Yeah. So it would have tripped the circle breaker when he tried to draw like the large amount of assets from the lending protocol.
Okay. But I thought you said earlier that teams can configure it how they want. So potentially because of economic attacks, potentially it's,
teams could, if they wanted, also implement it to prevent price manipulation?
Yeah.
So they could also configure it so that if there's like a sudden large change in the
Oracle price, that they also alerts them and temporarily holds the protocol for them to
evaluate whether it was like a real price swing or just like a manipulated price stick.
Okay.
Yeah.
This gets into super tricky territory, in my opinion.
But so in a moment, we'll talk about more of those edge cases.
But first, who quick word from the sponsors who make this show possible.
Ando Finance is connecting the on-chain economy to real-world assets with compliant, institutional-grade, tokenized securities.
Undo's flagship product, OUSG, a tokenized U.S. Treasury's vehicle, brings the roughly 5% yield from treasuries on-chain.
Ando is also launching a tokenized wrapper of government money market funds, OMMF.
Investors can learn more and subscribe to Ondo's products at Ando.
dot finance. Arbitrum stands at the forefront of innovation as the premier suite of layer two scaling
solutions, bringing you lightning fast transactions at a fraction of the cost, all with security
rooted on Ethereum. From defy to gaming, Arbitrum 1 plus Nova is home to over 500 projects, and with
the recent launch of orbit, Arbitrum welcomes you to build your very own tailor-made layer 3,
or an orbit chain. Propel your project and community forward by visiting Arbitrum,
i.o today. Ever wanted to use defy without being tracked? Railgun is the leading defy privacy
solution on Ethereum. It's available on BSC, Arbitrum, and Polygon 2. Shield your funds and use
them privately in your favorite defy apps, while Railgun's cutting edge zero knowledge system
encrypts your data from public view, all without leaving your preferred chain. Yes, that includes
Dex trading. Coming soon are integrations with leading yield, lending, and perp
trading platforms on multiple chains. Defy and privacy together at last. Visit railgun.org or use
a railway app at railway.xy Z to find out more. Back to my conversation with Philip.
So another thing that I wondered is, is this limited to just a single entity withdrawing funds?
Because, you know, attackers could game this where it's multiple, you know, a civil attack,
basically where they withdraw from multiple entities,
and then they sort of sneak in under that limit
and nobody really notices.
Is that something that you guys have accounted for?
Yeah, so there's different, like, countermeasures
or ways attackers will adjust their attack
when they notice if protocols protected by a circuit breaker.
So first, the circuit breaker is such that it's a general,
it's a general encompassing layer of the protocol.
So even if the attacker splits their withdrawals
into different smaller pieces,
they'll also have to go through the layer.
So if the protocol has a rate limiter, like connected to the circuit breaker, then just the aggregated volume of those small withdrawals will still trip the circuit breaker.
Now, the other attack a smart attacker could do is if they find some sort of exploit that allows them to do that, is slowly like trickle out funds.
So just like maybe steal, you know, 1,000, 2,000 a day, maybe a bit more of like the volume of the protocol is really high.
And over time, just drain the protocol like that.
But even in that case, that's already better than the alternative because you're mitigating the damage.
and because they can only withdraw that much per day, right?
So it gives you time to actually find the exploit and just monitoring the protocols
for other ways or maybe even through your bug bounty program, you'll eventually catch that
bug.
And the fact that the circle breaker was there mitigated the damage in the sense that it forced
the attacker to withdraw funds more slowly and over time.
And then what about a scenario where people have lost faith in the protocol for some reason?
And I don't like I don't have in my.
anything from Defi, but, you know, obviously the FTX example is a pretty recent one where
users went to withdraw in large numbers at a very specific point in time. And they had a legitimate
reason to do so. You know, what if this were used in a way where the people kind of holding the
keys to the drawbridge were like, nope, we're not letting you out, even though they would have had a
reason that anybody else would view as legitimate to withdraw. Yeah. So that goes, I think it goes back again
the point of the beginning, like, can it be used maliciously? And it definitely can. So if the team
decides to abuse their power for any reason, whether it's, they just want to go away with
the funds or they don't like where people are moving their money, they can abuse that power.
And the only way to mitigate that really is, again, to have like these third-party arbitrators
or like these services that basically intervene in that or have like a more extensive
governance process. But this is not a problem that is unique to circle breakers. Any project
that has centralized keys can have this at any time. And it's a surprising amount of protocols.
Like if you go on EtherScan, anybody, you can check this for yourself as an indication of whether your protocol centralizes.
You go to the address that holds the assets for the Defy protocol and just check is EtherScan telling you that this is a proxy.
And if this is a proxy, this usually means that there's somebody behind the contract that can upgrade it and change it to whatever logic they want, which includes moving the funds to their own wallet.
And this is present in a lot of protocols.
So what the Circle Breaker does here is that it doesn't add to what they can do maliciously, but it does add to what good teams can do to save their own protocols.
And I wondered also, because it just felt like there could even be a scenario similar to what happened with the Dow in 2016, where this hacker got access to 31% of the funds.
And during that time, granted, obviously it was a very different time.
So people who wanted to rescue the money of theirs that was in the Dow had very limited tools to do so.
but you know, you could see a scenario where if the same event were to happen today on a modern day defy protocol,
that the hacker could kind of sneakily get the 31% of funds and then everyone else that wanted to withdraw suddenly would be stopped.
So I don't know if you have kind of like a way to mitigate that kind of situation.
I'm not sure fully understand the question.
Is it can we mitigate the governance attack where the attack requires a large percentage of like voting tokens?
or is it stopping the scenario where an attacker withdraws before everyone else and then everyone
else is like basically bottlenecked by the circuit breaker?
The latter.
Yeah.
So that really depends on how the circle breaker is configured again.
So there's two main versions.
There's one which is delayed settlement by default where all transactions go through a like review
delay before they exit the protocol by default.
So let's say like a one, two hour delay.
So you would draw from AVE.
Let's say imagine Avey has the circle breaker.
And then you would get your funds, would actually.
land in your wallet after two hours. So in that scenario, that would block the attacker because
you would see the spike of funds from the attacker, and it would be in a queue same as everyone
else. And then that would give you time to actually see that and block that. But in the other scenario
where you have a rate limiter on chain, where then it depends on the configuration. So the protocol
will have to say, okay, is the maximum drawdown 5%, 10%, 20% of TVL within a certain window?
And then if an attacker finds a vulnerability, then the damage will only be limited to the maximum
drawdown because they will obviously a smart attacker will wait, okay, when is the volume low?
And then I'll just max out the limits.
And then that will be my profit from the attack.
And then all the other funds I could have stolen will be in there again.
So again, I want to reiterate with any security measure in a smart contract, it's not bulletproof.
It won't stop all the attacks.
It won't stop all damage.
But I think it will be a very useful tool for early projects or in general, like projects
that are still at centralized stage to really massively reduce risk and mitigate.
damage in attacks, but it won't stop everything, of course.
Your proposal itself actually contains two scenarios that would still allow for funds to be
stolen. One of them you called unsafe arbitrary calls, the other untracked or unprotected flows.
So can you just describe what those are?
Yeah, so these are mistakes that can be done at the implementation level.
So the idea, the fundamental philosophy of the circle breaker is how do we protect the protocol
even if the core logic has mistakes. But a dev, adding a
a circle breaker can still make mistakes at the, basically at the integration point between
their protocol and the circle breaker.
So, for example, if they have assets coming in and out of the protocol, but they forget to
add the line that actually tracks the ins and outflows, because the rate limiter has to know
what money is coming in and out to be able to, like, block any malicious funds going out.
But if they forget to actually track that, then obviously funds can go out without being
tracked by the rate limiter and it's just be blocked.
And then the second type is a unique but very dangerous.
vulnerability when it does occur, where you have in your code somewhere the ability for you to
basically execute anything on behalf of the protocol or on behalf of the smart contract.
So those are the two ways that your protocol can still get hacked despite having a circle breaker.
But the interesting thing about the circle breaker is that these are very limited and these are
very easy to review for.
So unlike an audit where you need to do an in-depth review of the entire protocol, understand all
the logic and make sure there's basically no corner case, no loophole that allows the attacker
to leave with funds.
it basically becomes this checklist where you can see, okay, all the places where assets are going in and out, do they have this one line of code?
And then arbitrary calls, are they properly protected?
They're rare in general, but when they do occur, then you can review them specifically.
And it just reduces again the attack surface and places where things can go wrong.
But still, things can go wrong.
And you've said that you intend to make this for defy protocols that are upgradable by governance to not contribute to centralization.
describe what you mean by that?
I mean by that similar to before.
I'm a big fan of completely decentralized protocols like unoswap v2 that had very limited governance interference
and is completely autonomous.
And I do want the defy space to eventually strive to build more primitives there are like that.
But I also see the reality that unfortunately is often not like that.
So I really believe that the circle breaker can help these newer teams to improve their security
and also give them the leeway and flexibility to eventually transition into being a fully decentralized
protocol and essentially removing the circuit breaker shell because the way the circle breaker is also
designed is that a protocol can eventually migrate away from it. So once they're ready,
like let's say it's a new protocol, it's a startup. And they maybe don't have that much
money to do like the extensive audits and security processes that like these larger defar
protocols have. So instead they deploy a more cost effective solution like a circle breaker for the
first two years. And then once their protocol has traction, they can actually invest heavily into
their security and then do this like one time review, have a buck bounty program out for like half a
year, one year. And then when they're really confident that this protocol is independently secure,
then they can strip the centralizing shell of upgradeability, of governance, of the circuit breaker,
and then become like a fully independent primitive on chain. You're working on a startup called DREG,
which is related to this proposal. What does DREG do? So DREG, basically right now, we're mainly
contributing to the circuit breaker and making sure that the standard is good. It's not too opinionated.
It can be used by a lot of people. But our goal is to create infrastructure that supports protocols
that are integrating circuit breakers, because beyond the circuit breaker itself, you do want some
monitoring infrastructure, some alerting infrastructure that notifies you as a team when something goes
wrong on chain so that you can review it. And then on top of that, we do want to mitigate the
issue or more like the downside of the circuit breaker, which is like the delay. So as mentioned
before, the way the protocol or the circuit breaker secures protocols is through this delay. So you would
draw funds and then you only get them after two hours. And what we want to provide is a service that
says actually instead we'll pay out users in advance. So it looks like a normal protocol where
they get their funds immediately. But on the back end, it's actually us assuming the risk.
So basically what we would do is we would in real time, before it goes on chain, we would look
at the transaction estimated for ourselves, okay, let's just look like a hack or not. And if it's not a
hack, we say, okay, we'll pay out this user in advance for like a tiny fee. And then in return,
they get their funds immediately and the protocol still has that safety. Because if we're wrong,
for example, our algorithm makes a mistake and it turns out it was a hack, then the, then the team will
say, well, no, you assume risk for this hack and it turned out there'll be a hack, so that's
your loss, essentially. So that's how we would enable protocols to both have that security, but still
have the same atomic, like, user experience of I make a transaction, and then within that one
transaction, I get my funds out. And as you mentioned earlier, this is a proposal and also
it's something that's up to each protocol, whether or not they want to adopt. So does that mean
that it doesn't need to go through the official Ethereum improvement proposal process to be adopted?
Yeah, so it's an, so in Ethereum, there's like EIPs and ERCs, so they both are on the EIP page,
but ERCs are different in the sense that they're application level standards.
So they're completely opt-in.
They're essentially, if a developer wants to build an application, they usually look at these
standards so that their application maybe follows just like, in general, better practices,
that it's interoperable with more protocols.
You know, for example,
a very popular ERC20 standard
just ensures that your fungible token
is compatible with all the dexes and lending protocols.
And ERC 7265 is similar to that.
It's not a change to the Ethereum blockchain itself.
It's more a standard on the level of smart contracts
that says, hey, if you do want to make a circle breaker
like your own, then just follow the standard
because then it'll be compatible with all the infrastructure
that people might build around it,
such as like all the infrastructure we build,
if you want to build your own circle breaker that under the hood works a little bit differently,
if you follow the standard, then we'll support it basically out of the box.
So to answer the original question, like, no, it doesn't have to be accepted as a final proposal
to be adopted by other people.
And so do you have a sense yet of how many protocols are interested in adopting it?
We're still working on that, to be entirely honest.
I'm more of a developer and programmer.
And although I'm a co-founder at the startup with my co-founder,
trying to basically do the business development effort. I'm not the best at finding protocols to
do that, but we do have one protocol that is on board and currently looking to integrate the
circle breaker asymmetry finance. They're like a LSD aggregator. So basically you deposit your
eth and then they put it in a bunch of different LSDs to basically diversify your LSDs. And then
they're looking for their next DFI product to use circle breakers to improve, improve their security.
Because similar to other early stage protocols, they still have those upgrade keys because
they want to be able to maybe make changes to their protocols or if a bug was found like internally,
then they want to be able to patch that up. So for a protocol like that, it can have very large
benefits and they're looking to pilot it as one of the early adopters. Great. Yeah. And for listeners
who don't know LSD sticking derivatives, some examples are Lido and Rocket. And since this was an aggregator,
I guess they're using multiple of them. And were you going to add something else?
Yeah. I was just going to say we're also talking to a few security audit companies who want to
want to also collaborate with us and their customers to add circuit breakers, but that's like still
in the talking stage. All right. Well, we'll have to see where this all goes. Thank you so much
for coming on Unchained. Yeah, thank you so much for having me on. And I hope we can just improve
the space and just, yeah, improve the reputation of Defi because we always promise security, like,
oh, this is like autonomous, secure finance, but let's actually do it and let's make it accessible
to people. Yes, making it secure, I think would be very helpful to actually,
having it grow. Yeah, absolutely. Don't forget. Next up is the weekly news recap. Stick around for
this week in crypto after this short break. Join over 80 million people using crypto.com,
one of the easiest places to buy, trade, and spend over 250 cryptocurrencies. Spend your
crypto anywhere using the crypto.com visa card. Get up to 5% cash back instantly. Plus, 100% rebates
for your Netflix and Spotify subscriptions and zero annual fees.
Download the crypto.com app now and get $25 with the code Laura.
Link in the description.
Thanks for tuning in to this week's news recap.
Winklevoss shares open letter targeting Barry Silbert.
Cameron Winklevoss, co-founder of Gemini, issued a stern warning to Barry Silbert,
CEO of Digital Currency Group, which is the parent company of the bankrupt crypto lender, Genesis.
Winklevoss has accused Silbert of fraud and trapping one point.
$2 billion worth of assets belonging to $232,000 earn users. He proposed a repayment offer,
threatening legal action if not accepted by July 6th, which as of press time Thursday had not
received a response. Winklewaz also criticized the SEC's refusal to license spot Bitcoin exchange
traded funds, calling it, quote, a disaster for U.S. investors. He argues that the SEC's policy
has pushed spot Bitcoin activity offshore to unregulated venues and into, quote, toxic products
like the grayscale Bitcoin Trust.
Senior Binance executives resign amid regulatory scrutiny.
Several high-ranking executives at Binance have stepped down due to dissatisfaction with CEO
Cheng Peng Zhao's approach to ongoing regulatory probes into the company, according to a fortune
report.
The departures include General Counsel Han Eng, chief strategy officer,
Patrick Hillman and Senior Vice President for Compliance Stephen Christie.
This follows the recent exit of Matthew Price, who was overseeing global investigations and
intelligence for the company. The resignations come at a critical time for Binance, which is under
intense regulatory scrutiny globally. The executive's decision to leave, particularly from the
legal and compliance units, could potentially escalate the regulatory pressure on the company.
Meanwhile, Binance U.S., the American subsidiary of the world's largest crypto exchange,
has experienced a user exodus following the recent actions from the SEC,
leading to major cryptocurrencies trading at a discount of between 2% and 5%.
BlackRock CEO envisions Bitcoin as a global asset revolutionizing finance.
BlackRock CEO Larry Fink highlighted Bitcoin's potential as an international asset
that could, quote, revolutionize finance.
In an interview with Fox business,
think suggested Bitcoin could serve as a digital alternative to gold
for hedging against inflation.
This perspective marks a significant shift from his 2017 view of Bitcoin as, quote,
an index of money laundering.
In Bitcoin-related news, this week saw the introduction of the BRC-69 standard by Bitcoin
Ordnals launchpad Luminix, promising to reduce inscription costs by over 90% and enable on-chain
pre-reveal processes for collections.
Meanwhile, crypto-traders are migrating from decentralized to centralize.
centralized exchanges, with monthly dex volumes falling from 22% to 16.8% between May and June.
This shift is attributed to the ETF sparked Bitcoin rally and the growing interest in large caps,
like Bitcoin and Ethereum.
Coinbase partners with Tradfai giants.
Despite the SEC's stance on grayscale, the race to offer a spot Bitcoin ETF remains high.
After receiving notice from the SEC that their filings were inadequate, BlackRock and Valkyrie
named Coinbase their surveillance sharing partner in updated filings. These agreements will provide
NASDAQ with supplemental access to Bitcoin trade data on Coinbase, enhancing its ability to detect
potential market manipulation. Meanwhile, the ProShare's Bitcoin Strategy ETF has seen a surge in inflows,
pushing its assets under management back above $1.04 billion. This renewed interest in digital asset
investment products is likely spurred by the optimism surrounding the potential approval,
of a spot Bitcoin ETF. Despite a cooler market, the AOM across digital asset investment products
has increased 69.5% year-to-date, reaching $33.4 billion in June. Celsius faces regulatory heat.
The Commodity Futures Trading Commission has concluded that Celsius Network and its former
CEO, Alex Mishinsky, violated U.S. regulations before the crypto-lender's bankruptcy. The CFTC found
that Celsius misled investors and should have registered with the regulations.
later. The SEC and federal prosecutors are also investigating the firm. If the CFTC commissioners
agree with the findings, a case could be filed against Celsius this month. These probes coincide
with the lawsuit from Celsius creditors accusing marketmaker Wintermute of aiding and wash trading,
allegedly helping inflate the value of the cell token. Moreover, Celsius has begun converting
its altcoins into Bitcoin and Ethereum, following approval from a New York court. The move,
which involves the transfer of around $74 million in alt coins,
aims to maximize value for creditors.
However, the transition has not been smooth,
with Celsius-facing backlash over its decision
to convert all creditors' alt-coins.
Meanwhile, a collapsed lender Voyager's committee
of unsecured creditors has been billed $5.1 million by law
from McDermott, Will, and Emery,
for work completed from March to May.
This brings the total compensation charge
to the group to $16.4 million.
surpassing the budgeted $11.2 million for the restructuring process.
The news follows last week's reveal that FTX has spent more than $200 million on legal fees.
In related news, defunct crypto lender BlockFi's bankruptcy plans are facing objections from
FTX, 3 Aeros Capital, and the SEC, with FTC claiming the proposals unfairly downgrade its
substantial claims against BlockFi.
3AC founders pledged to donate OPNX future earnings.
In a surprising turn of events, Kyle Davies and Sue Zhu, founders of the bankrupt crypto hedge fund,
Three Arrow's Capital, have pledged to donate future earnings from their new venture,
open exchange or OPNX, to the creditors of 3AC.
This pledge termed a, quote, shadow recovery process was announced in a Twitter spaces event
on July 3rd.
Davies cited karma as the driving force behind this decision.
He said, quote, if we do bad and they do well, then that's great.
And that's good karma, or whatever you want to call it.
However, this announcement has been met with skepticism by the crypto community and Tenio, the firm
overseeing 3AC's liquidation. A Tenio spokesperson suggested the founders should focus on court-ordered
activities already underway. Despite the controversy, OPNX, a trading platform for bankruptcy claims,
as well as Spot and Perpetuals, is reportedly seeing around $50 million in daily trading volume.
court orders Cracken to disclose data to IRS.
The U.S. District Court for the Northern District of California has ruled that Crypto Exchange
Cracken must provide the Internal Revenue Service with account and transaction information
spanning the tax years 2016 through 2020.
The IRS initially requested this data in May 2021 to identify accounts that conducted
at least $20,000 in digital asset trading in any year within the specified period.
Cracken resisted, prompting the IRS to seek court enforcement.
Despite Cracken's argument that the IRS request was, quote, an unjustified treasure hunt,
the court has now ordered the exchange to hand over approximately 160 million transaction records
and information on 59,351 accounts.
Judge Joseph Sparrow, who is overseeing the case, stated, quote,
the court concludes that this request is not overbroad, nor is it unduly burdened.
some. Late Thursday, the New York Times reported that the FBI searched the home of Cracken co-founder
Jesse Powell in March. Three people with knowledge of the matter told the paper that the agency
is conducting a criminal investigation into allegations that he hacked and cyberstocked Verge
Center for the Arts, a non-profit that he founded. A spokesperson for Cracken said the investigation
has nothing to do with the exchange. Polly Network's Phantom Fortune. Hacker mints billions in
tokens. In a shocking exploit, the cross-chain bridge protocol Polly Network fell victim to a massive
hack, with the perpetrator minting an estimated $42 billion in tokens across multiple chains.
The hacker exploited a vulnerability in the protocol's smart contracts, creating a malicious
parameter that allowed them to mint tokens on various blockchains, including Ethereum, Polygon,
Avalanche, and B&B chain. Despite the staggering figure, the hacker's ability to cash out is limited
due to low liquidity for most of these tokens.
So far, they've managed to swap around $5 million worth of crypto through decentralized exchanges.
This is the second major attack on Polly Network, which lost $600 million in a similar exploit in 2021.
The Polly Network team has since suspended its services and urged users to withdraw liquidity.
Azuki goes through turbulent times amidst NFT route.
Last week, the launch of Azuki's new collection at Elementals drew criticism from holders
for its striking similarity to the original Azuki collection,
leading to a significant drop in floor price.
Adding to the difficult situation,
this week,
Azuki Dow's governance token, Bean,
was exploited due to a contract vulnerability,
resulting in a loss of 35th.
The exploit occurred during a community vote
to hire a lawyer to recover 20,000 Eth from Zagabond,
Azuki's founder.
The community alleges that Zagabond has abandoned multiple projects,
also known as rugpooling.
As Suzuki attempts to rebuild, the community remains divided, with some questioning the legitimacy of the Dow itself.
Things are not going great for other popular NFTs either.
The Blue Chip BoardApe Yacht Club NFT collection sought its floor price drop to a 20-month low of 27.4Eth, approximately $53,000, marking a steep decrease since the NFT boom in April 2022.
However, at least NFT trading on Ethereum is seeing some benefits.
trading volumes there experienced a significant surge in the last week of June,
marking the highest weekly increase since February.
Others who are hurting are creators since the royalties earned by them reached a two-year low,
according to blockchain analytics firm Nansen.
Defy Roundup.
There's a lot going on in the world of defy.
First, a possible security breach at the multi-chain bridge on the Phantom Network led to the withdrawal of tens of millions of dollars in tokens.
The withdrawn assets include significant amounts of USDC,
wrapped Bitcoin, wrapped ether, and die.
The funds have not been moved or sold beyond the initial wallets,
and the Phantom Foundation is currently evaluating the situation.
AVE token holders are participating in a vote on a governance proposal to convert 1,600
ETH, approximately $3 million, from the Protocol's Treasury into Wrapped Steak ETH and RocketPool
ETH, the liquid-staking tokens of LIDO and RocketPull, respectively.
Also, in response to concerns flagged by a LIDO contributor regarding centralization within
Rocket Pool's protocol Dow, the liquid-staking project has committed to pursuing full decentralization.
The team behind Magic Internet Money and Spell Tocons is advocating for a transition from their current
decentralized finance structure to a more centralized legal model to bolster protection.
Decentralized Exchange, DYDX launched its public test net on Cosmos, allowing users to conduct market
orders, generate private keys, and place limit orders with advanced options, following a
controversial decision to shift away from Ethereum last year.
Starknet, an Ethereum Layer 2 network, is set to roll out a substantial quantum leap upgrade
on July 13th, aiming to drastically enhance the network's transactions per second rate.
Solano, which has been in the eye of the storm since the FTX collapse, witnessed a substantial
91% increase in the value locked in its liquid staking protocols like Marinate and Lido during
the first half of the year. Time for fun bits. The United Kingdom
passed a bill on crypto last week.
Hear it from Unchains, Jenny Hogan.
Move over, Harry Potter.
The next big British thing has arrived.
The British Financial Services and Market Act of 2023
now classifies crypto as regulated financial activity.
The bill was first introduced in July 2022,
which was like eight failed exchanges ago,
but on Thursday it was given the Royal Ascent by King Charles.
Yes, that's actually what it's called when a bill becomes a law.
The Royal Ascent.
Everything in Britain is so quite.
Would you like some tea and crumpets with your bald Ipe?
According to the UK Financial Services Minister, the goal of this bill is to allow for the UK's safe adoption of crypto,
a term that had previously been reserved for taking a vaccinated puppy home from the pound.
But doge coins need loving homes too, you know.
Under this bill, crypto can now be treated as its own type of property class.
Specifically, it's the hill you die on.
The government claims that this law is going to be a rocket boost to the British economy.
Submarine, one of those.
Thanks so much for joining us today.
To learn more about Philip and ERC 7265, check out the show notes for this episode.
Unchained is produced by me, Laura Shin, with help from Kevin Fuchs, Matt Piltred,
Zach Seward, Juan Aranovich, Sam Shreveh, Ginny Hogan, Leandro Camino, Shoshank, and Margaret
Curia.
Thanks for listening.