Unchained - Unconfirmed: $12 Billion Has Been Lost in DeFi Value to Crime. Here’s How - Ep.299
Episode Date: December 17, 2021Jess Symington, research lead at Elliptic, a blockchain forensics company, discusses the massive upswing in DeFi hacks during 2021, resulting in over $10 billion of DeFi value lost. Show topics: the... state of crime in DeFi how much value has been lost to exploits whether the majority of hacks are the result of user or developer error the various types of exploits how to confirm when a project did, in fact, rug pull which blockchains are most susceptible to having exploits what has been happening recently in ransomware how DeFi hackers cash out why ransomware attackers, who usually request payment in Bitcoin, have a tougher time cashing out than DeFi hackers whether hackers trend towards a specific profile/demographics how easy it is for law enforcement to find hackers whether blockchain’s transparency is proving to be a helpful tool for regulators Jess’s advice on how to prevent hacks for both protocols and users Thank you to our sponsors! Avado: ava.do Crypto.com: https://crypto.onelink.me/J9Lg/unconfirmedcardearnfeb2021 Nodle: https://bit.ly/3AXGydJ Episode Links Elliptic Website: https://www.elliptic.co/ Blog: https://www.elliptic.co/blog Hack Coverage Elliptic Research DeFi: Risk, Regulation and the Rise of DeCrime: https://www.elliptic.co/resources/defi-risk-regulation-and-the-rise-of-decrime https://www.cnbc.com/2021/12/14/common-defi-crypto-related-scams-and-how-to-protect-your-wallet.html https://cryptobriefing.com/elliptic-estimates-12b-lost-to-defi-exploits/ Rekt Leaderboard (giving a dollar figure for recent hacks along with a summary of what happened) https://rekt.news/leaderboard/ Unchained Podcast on Ransomware https://unchainedpodcast.com/how-ransomware-evolved-into-a-big-business/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hey all, before we begin, a couple quick announcements. First, I'm doing an end-of-year show with
Crypto predictions for 2022 by you. Please make a video or an audio recording of your 2022
crypto prediction or predictions and email it to hello at Unchainedpodcast.com with the subject line
crypto prediction by the end of day, Tuesday, December 28th. And although I have asked people to send
their name and where they're from, as somebody pointed out to me on Twitter, if you don't
want to docks yourself, I guess you don't have to do that either. Unfortunately, I do need to give a
forewarning that if you excessively promote anything, we will not include your prediction. If you just
want me to read on-air a prediction that you just email, that's okay too. It's just a little bit less
fun. Don't forget, the deadline is Tuesday, December 28th, and the email address is hello and
unchainedpodcast.com. Please put crypto prediction in the subject line. Also, a reminder, my book is coming out
on 2222. If you're looking for a holiday gift, pre-order it now to deliver later.
Pre-order sales really helped that book that first week to help establish further demand and
get it on any lists. If you want to get a normie into crypto, this fun tale just may do it.
Someone who worked with me on the book and knew nothing at all about crypto when we started,
and after just two days of reading it and being nowhere near done with it, was asking me such
intelligent questions about crypto that I asked,
how do you know so much about crypto?
Their response?
From your book?
By the end, they were completely obsessed and had already ordered a hardware wallet.
Pre-order the Cryptopians,
idealism, greed, lies, and the making of the first big cryptocurrency craze today at
bitly slash cryptopians.
That's B-I-L-Y-S-C-R-Y-P-O-I-A-N-S.
And now on to the show.
Hi, everyone.
Welcome to Unconfirmed.
The show that is a show that.
reveal is how the marquey names in crypto are reacting to the week's top headlines and gets the
insights keep on what they say on the horizon. I'm your host, Laura Shin, a journalist with over
two decades of experience. I started covering crypto six years ago, and as a senior editor at Forbes
was the first mainstream media reporter to cover cryptocurrency full-time. This is the December 17th
episode of Unconfirmed. With the crypto.com app, you can buy, earn, and spend crypto in one place.
Download and get $25 with the code, Laura.
link in the description.
Tired of your exchange taking 25% of your staking profits?
The Avato blockchain computer allows you to stake Ethereum and other crypto at home and keep 100% of the rewards.
Go to aVA.do.
Wish you could earn crypto but don't want to spend thousands on hardware?
Just download the Nodalcash app on your smartphone.
Visit nodl.io slash unconfirmed.
That's NodL-E.comfirm.
to start earning no no cash today.
Today's guest is Jess Simmington, research lead at Elliptic.
Welcome, Jess.
Hi, Laura, thanks having me.
There have been a number of recent hacks in crypto and in Defi in particular.
Eliptic just came out with a report giving an overview of crime in Defi,
which you dub D-Crime in the report.
Can you give us an overview of the state of crime in Defi?
Sure. So in terms of hacks, we monitor for two main types. So that's with regard to exchanges and also, as you've said, with regard to Defi. So we've seen a vast increase in the hacks in the Defi space within the last year. So to give you some figures. So of all times, so since around 2016, when we started monitoring for these, there's been a total of over $12 billion worth of loss in the Defi space. And that's, and that's,
with regard to two different types of loss. So one, which we call direct loss, so that's the
funds that was stolen directly from the defy protocols. And the second is called the protocol
loss. So if a defy protocol is attacked by a hacker, the value of the protocol may drop in
the days afterwards. So for example, the value of the governance tokens may drop in the days afterwards.
So there's a lot of that loss is accounted for by the protocol loss rather than the direct
loss. So of that 12 billion, 1.5 billion was lost last year and 10.5 billion has been lost this
year. So we've seen a vast increase in this loss in the last year. Not only are we seeing an increase
in the value loss, but we're seeing an increase in the frequency of these attacks. So these days,
it's not unusual to see sort of over 10 hacks of this type per month. Wow. And just to clarify
about the $12 billion number, $10.5 billion lost this year. Is that the direct loss or is that
the economic loss where it's the value of the protocol that decreased afterward?
The 10.5 this year is accounts for both, both the direct loss and the protocol loss.
So, and then the 1.5 from last year again also accounts for both.
And if you were to just break out direct loss, what is the figure?
So we see generally the direct loss accounts for a much smaller portion of the total loss.
So if we go back to those original figures, so $2 billion in direct loss of all time and
$10 billion in protocol loss of all time.
So you can sort of see how that would work out over this year.
So if we're seeing around $10 billion total loss this year, we might see, you know,
one to $2 billion in direct loss.
Okay.
And so you said that the frequency is accelerating.
What also do you see in terms of the size of the thefts in Defi?
Yes.
So the size of thefts isn't necessarily increasing at the same rate as the frequency.
It really depends on the protocol, which is attacked and the success of the particular hacker.
We are seeing a number of very, very high profile, high value hacks, though.
So we can look at the Polynetwork.
hack earlier this year in which the hacker stole $611 million worth. So we are definitely seeing
an overall increase, but not as easily as we're seeing in the frequency increase.
And for these different hacks, do they tend to be more the user's fault? Because obviously,
I know that everybody in crypto is aware that there are a lot of phishing scams out there
on Twitter and your email, on your text messages and telegram, like just
pretty much anywhere you go on the internet, there's fishing scammers targeting you.
Or is it more often the case that the protocol or smart contract has flaws?
It's definitely more often the case that the protocol or the smart contract has flaws.
So the biggest cause of loss, so the biggest exploit that the hacker takes advantage of
is what we call bug vulnerability.
So that consists of either code vulnerability.
So there's been an error in the coding, which the hacker takes advantage of in order to steal
the money, or there's an error in the way in which the protocol was set up in the first place.
So we call this like an economic vulnerability.
So in an example of that, the mono X hack recently occurred when a hacker artificially
inflated the price of the monotoken, and they used the artificial value in order to purchase
all of the other assets related to that defy.
So that's what we would describe as an economic vulnerability.
But both of those types are under the umbrella.
term of a bug vulnerability. So that's definitely the highest sort of category that accounts for the
most hacks. Further down, we have sort of unauthorised access to private keys, and that's private
keys of private keys of like hot wallets belonging to protocols and exchanges themselves.
And then we also have Ruggpals. The stats we have show that Ruggpals account for quite a small portion
of the overall hacks. One of the main reasons for that is it's always quite difficult.
to verify rugpole and there's always accusations of rugpoles whenever a defy
protocol is attacked. But a really clear example we can see from this year is the squid
coin. So squid coin was popularized due to the squid game Netflix show and received a lot of interest
from users. Shortly afterwards, they rugpilled and sort of withdrew all the value out of that
token. So, but that's, yeah, a very, very small portion of hacks are down to rugpoles.
And so for the rugpole example, how do you prove that it was something that was intentional?
Because, you know, as you said, I'm sure a lot of the various hacks, you know, do, like people will accuse the developers themselves of having done it.
And in a way, it probably isn't that difficult to, you know, this isn't the normal meaning of civil attack, but, you know, basically fake your identity and pretend like it was somebody else.
So how do you prove that?
Yeah, that's a really good question.
So one of the ways you can try to prove a rugpole is to look at the behavior of the protocol
around the time that the hack occurs.
So some very clear examples might be that all social media or, you know, telegram groups or
Discord groups are closed at the exact same time that the hack occurs and the sort of creator
of the defy protocol is just trying to disappear.
So that would be a very clear end.
that, you know, accusations of a rugpole may be correct.
And so earlier you were saying that code exploits are the number one most common way for
these hacks to take place. What's an example of one of those? Sure. So an example of a code
exploit. So the difficulty with defy and the DAPs that run these DFI protocols is that a lot of
DAPs are based on previous DAPs. So if you find a vulnerability in the code of one of them,
chances are that vulnerability is going to be in existence in a lot of the other codes as well. So
an example of a code hack. Well, from your report, you guys had V-Swap. And when I saw that,
I was like, oh, this is a replay sort of of the first, not the second parody multi-sig wallet hack.
I don't know if you, do you know about the initializing the contract?
No, I'm not sure what you're referring to them. Okay. Well, so in the elliptic report,
it said that this v-swap code hack basically happened because I guess initializing kind of like makes you the owner of so I'm not I'm not going to be able to explain it on a super technical level just off the cuff but then because they were able to make themselves the owner then they they pulled the funds but the same thing happened back in 2017 with the second parody multi-sig hack where they were able to set themselves as the owner and so they did so and
then they locked the funds away.
Right, yeah.
But did you have another idea in mind of another code exploit?
Not at the top of my head.
The example I was going to give you with regard to bug exploits was the Polly Network,
but that was like an economic exploit rather than a code exploit.
Oh, yeah.
And those are really fascinating because I feel like, you know,
they're only possible in Defi or maybe not only, but, you know,
especially very quickly with the flash loans.
So are there any particular chains that you feel are more susceptible to having their defy protocols hacked than others?
Yes. So what we see is the majority of hacks occur on the Ethereum blockchain. And the reason for that is, you know, Ethereum is more established. It's more used in the defy space. But this year in particular, we are also seeing a number of hacks on the Binance smart chain and on Polygon network. So they're definitely diversifying across different blockchains. And another thing that we've seen quite commonly,
in recent instance is that a hack or an exploit will affect a number of different
blockchain. So it might affect Ethereum and Binance Smart Chain rather than just an individual
blockchain. Well, super fascinating. Okay, so in a moment we're going to discuss more about
where hacks are going. But first, a quick quarter from the sponsors who make this show possible.
The ScoreBet app here with trusted stats and real-time sports news.
Yeah, hey, who should I take in the Boston game?
statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
The score bet.
Trusted sports content, seamless sports betting.
Download today.
19 plus Ontario only.
If you have questions or concerns about your gambling
or the gambling of someone close to you,
please go to conicsonterio.ca.
Join over 10 million people using crypto.com.
The easiest place to buy, earn,
and spend over 150.
cryptocurrencies. Spend your crypto anywhere using the crypto.com visa card. Get up to 8% cash back instantly,
plus 100% rebates for your Netflix, Spotify, and Amazon Prime subscriptions. Download the
crypto.com app now and get $25 with the code Laura. Link in the description. There's a new
cryptocurrency made for mobile that you can earn by downloading the Nodal Cash app. It's free,
easy to use, and there's no hardware to buy. The Nodal Cash
App allows you to earn crypto whether you're on the go, stuck in traffic, or even while you're
sleeping.
Notal Cash is the crypto you earn 24-7.
Go to nodal.io-unconfirmed to get started today.
That's NOD-L-E.comfirmed.
Back to my conversation with Jess.
So as we were discussing at the beginning, there's been a few big hacks recently.
There was Vulcan Forged, which was hacked for 140.
40 million. Bitmart, which is actually a centralized exchange, was hacked for 196 million.
There was Badger Dow, 120 million. And another one, Ascend acts for 83 million. And I know
Elliptic will be publishing a blog post, I believe, Monday, noting that it's about $600 million
in 14 days that's been stolen. So what do you make of this recent spate of attacks?
Yeah, I mean, it's certainly shocking. And I think it doesn't quite receive the,
attention that it deserves. If this was like a traditional finance, maybe this would be more
sort of front page news. But there is like a very, very high value losses occurring very
regularly. And I think one of the aspects of that, that might be slightly being lost is that it's
not just these sort of decentralized apps that are losing funds. There's very human stories behind
these as well. So whenever like a hack occurs, we see these very sad stories on social media or in
telegram groups of people losing their entire life savings. So that's one aspect of it that I think
could also be focused on more.
And earlier this year, there was an uptick in ransomware
and that really dominated the news.
What's happened to that trend?
They're still very, very active in the ransomware space.
We've seen a number of different trends this year.
So particularly around summer or June, July this year,
a number of very, very high profile attacks occurred.
And as a result, a number of the top ransomware groups retired
slash rebranded, and an attempt to avoid sort of law enforcement attention.
So we've seen a very common trend this year has been these sort of like constant rebrandings
after a very high profile attack.
But another trend that we've seen this year is like increased law enforcement success.
So recently we've seen funds being seized from Reval affiliates.
We've seen individuals associated with those ransomware groups arrested.
So there's been a number of really interesting trends this year around ransomware.
And so now,
Once these various thieves get a hold of their crypto, how easily can they cash out? And are you finding that they're able to at all?
Yes. So I think there's an interesting difference when you look at a type of crime like a Defi hack versus ransomware. So with Defi, there's a very clear method of cashing out, which if you're sort of on the more sophisticated end of the hackers, you'll identify and be able to use very easily. So the first thing you want to do, if you steal a load of
funds, and that's probably going to include like native currencies like Ether and Binance
coin, as well as tokens. So specifically ERC20 tokens are stolen a lot in these type of hacks.
Because you're stealing tokens, there are some token issuers that are able to freeze the funds.
And this is particularly with regards to stable coins, but also other types of tokens.
So if you steal some tether and some USD coin, the first thing you're going to want to do is to
swap that into either the native currency of the blockchain you're using or other potentially
stable coins like Dai, which don't have those freezing abilities. So that's the very first
step that we see hackers take is to quickly swap all of those tokens into the native currency.
And the second thing you'll probably want to do is use something like a decentralized mixer.
And on the Ethereum blockchain is one very, very clear standout leader in that space,
and that's tornado cash. So a lot of these funds are then launched.
through tornado cash, which makes it tricky to follow the flow of funds and to see where they're
cashing out. Interestingly, we don't see all defy hackers use that methodology. So some defy hackers
keep hold of the funds and they might try to bounce it through a few different wallets,
but they don't sort of make any attempt to cash out. And that might be because they were
sort of focused on whether they could steal the funds. And once they've told them, they're not quite
sure what to do with them, or maybe they're just trying to lie low for a bit and not, you know, cause any
huge transactions, which might alert token issuers or exchanges.
So that's sort of the defy space.
If we look at ransomware, it's definitely becoming more tricky to cash out ransomware funds.
And that's because the majority of ransomware payments are still paid in Bitcoin.
And we've developed very sophisticated techniques to be able to trace the flow of funds
on the Bitcoin blockchain.
They are, however, able to utilize certain services, which are still available to them.
So unregulated exchanges, for example, we've seen some in-person exchanges that are accessible
by visiting particular offices in particular countries. Or, you know, there's certain services
available in the Bitcoin blockchain, which are not regulated because they don't take custody of your
funds. So particular services like Wasabi, which is a privacy wallet, is quite heavily used by
ransomware groups. Because of its non-custodial nature, it means it's not currently regulated.
And therefore, they can use that service.
to enable their caching out activities.
Wow, this is so fascinating.
I just wanted to ask about one of the examples you gave of how people can do this in person,
they can cash out in person.
I'm assuming that those are either in jurisdictions where there isn't a lot of law enforcement
around these things or how to, like what jurisdictions does that typically happen in?
Yeah, that's, I mean, you're, you're completely correct.
there. That is specifically in jurisdictions where there's not that sort of law enforcement
appetite to crack down and ransomware. But interestingly, we've seen those services also operate
in other jurisdictions. So recently we came across a service very similar to the two exchanges
which have recently been sanctioned by the US. So those two exchanges were called Suex
and Chatex. And it's a very similar service to that, which also has the ability to facilitate
pay cash transfers in America.
So we are actively investigating those services as well.
And can you put a percentage on maybe how many of these thieves
or what amount of the funds actually does get cashed out?
In terms of the ransomware groups.
Or just for, yeah, all of crypto crime, or both.
Okay, sure.
I can give you an exact percentage.
In terms of ransomware, we see like a much longer term cashing out strategy.
So they don't tend to move, they don't necessarily move the funds as quickly as something like a hacker for a defy protocol.
But, yeah, unfortunately, I can give you a percentage on the exact number of all illicit funds that are cashed out.
But we have seen very, very high usage of services like Wasabi Wallet.
And who do the hackers tend to be?
have you guys identify, and maybe they differ depending on whether it's like D5 versus
ransomware or centralized exchanges?
Yes. Yeah, I would say they differ depending, not necessarily on the crime type, but
with regard to DFI hacks, we don't necessarily always, or most occasions potentially,
don't identify individuals behind the hacks, but there could be features of the hacks,
which might enable you to build like a profile of the type of hackers.
So we see very sophisticated tax that occur
and then very sophisticated money laundering patterns that occur afterwards,
which indicates they might be, you know, experienced in this,
whereas we also see hackers who steal the funds
and then sort of panic afterwards.
They might be in contact with the exchange.
We see the use of messages on the Ethereum blockchain,
so messages are bouncing back between the hackers and the victims,
or they might sort of show off about their hacks on social media,
particularly sort of Twitter.
So there's very like a very distinguished different groups
of people that commit these sort of defy hacks.
With regards to crime types like ransomware,
again, we see sort of variety of people
engage in these kind of activities,
but generally sort of young,
technically capable individuals.
Okay. And how well has law enforcement been able to go
after these various thieves?
Yeah.
So again, differs per crime type. Because crimes like ransomware occur in jurisdictions where
sort of US, UK law enforcement don't have easy access to, they're not always able to successfully
conduct investigations, although we have seen an increase in success this year particularly.
And even where individuals haven't been, you know, like arrested, they may have been sanctioned
or they may have had funds seized from them. So there still are law enforcement
activities that can take place other than like the arrest of a suspect. So yeah, it really differs per
crime type and and it differs with regard to sort of the sophistication of the crime. So some hacks or
some like money laundering activities can be susceptible to very easy mistakes. And if those
mistakes occur, it makes it easier to follow the flow of funds and therefore it might be
easier to identify, like identification opportunities, for example, if those funds then go to a
regulated exchange, which does conduct like KYC, then that might be an identification opportunity for
law enforcement. And does the fact that most of these blockchains, or is the fact that most of
these blockchains are transparent affect that ability, or does it make it easier for law enforcement?
It's definitely a benefit to law enforcement. So if you think about the transparency of the FLURF funds on
something like the Bitcoin blockchain versus traditional finance. So the benefit of Bitcoin is that
we can all study the blockchain and we can look for patterns and identify sort of red flag
indicators or identify suspicious activity. And we also, you know, blockchain analytics companies like
Elliptic have been around for a fair amount of time now and have developed very sophisticated
techniques to be able to follow the flow of funds. So definitely the transparency of blockchains
is a massive bonus in these kind of cases. And what would you say could be done to
help prevent more of these hacks in the future? Yes, so that's a really good question. So
because right now, DFI is like a very new, very innovative space, unfortunately, that also
means it's not particularly sophisticated yet in terms of like regulation or industry-wide,
like agreed upon certain standards. So there are certain things as a user you might be able to
look out for. So some DFI services have their smart contracts audited. And
And that's just an indication that they are trying to, you know, avoid things like code exploits.
So that might be something you can look out for.
But really the onus on this potentially should be more on the Defi protocol itself
to ensure they are carrying out these checks to look for any vulnerability so that they can be sort of closed off.
And what would your advice be for people who participate in Defi who don't want to become victims of these various crimes?
I think my advice would be, as always, with anything to do with crypto, if you're using it as an investment,
don't invest more obviously than you're prepared to lose. So we see lots of stories of people investing
their life savings into various cryptocurrencies or into defy protocols, who are then obviously
very distressed when they lose all of these funds. So that's very like one general rule around
cryptocurrency in general. Again, as a user, there's not a whole lot you can do other than
out for these things like, has the smart contract been audited? Is the issuer of the token or
the creator of the smart contract, is there any footprint about them that you could look at?
Do they have like a website or is there like a telegram group that you could join and engage
with the creator? But in general, as the user, yeah, is unfortunately a little bit risky.
All right. Well, this has been such a fascinating interview. Thank you so much for coming on Unconfirmed.
No way, thank you very much having me. It's great to speak with you.
Don't forget, next up is the weekly news recap. Stick around for this week in crypto after this short break.
Did you know that exchanges take up to a 25% cut on your staking rewards? But you don't need an exchange to stake. You can run a validator at home.
To earn thousands of solo stakers, get an Avato device, plug it in, deposit your stake, and earn the full reward.
Avato created the best hardware and specific software to stake, and keep some sort of,
your validator on the latest version through auto updates. One-time investment, 100% profit. Go to Avato.
That's AVA.do. Thanks for tuning into this week's news recap. In hearing, Senators go tough on
stablecoins. This week, Senators took both stablecoins and defy to task during a banking committee
meeting. Senator and committee chair Sherrod Brown started the hearing with prepare remarks, saying,
Cryptocurrency's advocates argue that crypto assets are superior to real dollars because they are
decentralized and transparent, but stable coins are neither. He added,
Stablecoins make it easier than ever to risk real dollars on cryptocurrencies that are at best volatile
and at worst outright fraudulent. Senator Elizabeth Warren also chimed in expounding upon the dangers
of stable coins and defy, saying, stable coins pose
risks to consumers and to our economy. They're propping up some of the shadiest parts of the
crypto world, defy, where consumers are least protected from getting scammed. She went on to say,
defy is where the regulation is effectively absent. And no surprise, it's where the scammers and the
cheats and the swindlers mix among part-time investors and first-time crypto traders.
Not every voice in the room was so negative. Senator Pat Toomey took the side of the side of
of Defi, citing cross-border payments, programmability, and efficiency as different ways that
stable coins improve upon Fiat money. To Me also emphasized that regulation should not stifle
innovation and called for regulators to have the humility to recognize that many of our views
about how financial services are delivered and how investments work are quickly becoming outdated.
Tuesday's Senate hearing comes less than a week after the House Financial Services Committee,
Committee hosted CEOs from six digital asset firms in a meeting deemed positive by FDX CEO Sam
Bankman-Fried. It also comes shortly after the President's Working Group released a report on
stablecoins, which advised regulators to restrict stablecoin issuers to insured banks.
Bitcoin jumps as Fed accelerates its stimulus taper. On Wednesday, the Federal Open Market Committee
began its two-day summit to discuss U.S. monetary policy.
During day one, Federal Reserve officials acknowledged the threat of inflation, which is currently
at a 39-year high in the wake of COVID-19 induced stimulus packages.
Supply and demand imbalances related to the pandemic and the reopening of the economy
have continued to contribute to elevated levels of inflation, the FOMC explained.
However, according to Fed Chair Jerome Powell, the economy no longer needs increasing amounts
of policy support. With that in mind, the Fed announced that it is looking to cut down on stimulus
spending and will taper monthly bond purchases twice as quickly as planned, reducing purchases
by $30 billion per month to zero by early 2022. For context, the Fed had originally intended to
decrease stimulus spending by $15 billion per month. On Wednesday, after the FOMC statement,
crypto prices jumped, with the entire crypto market searching from a low of $2,000,
$2.03 trillion that morning to a high of $2.27 trillion by afternoon.
AVE votes to close source code.
Token holders of AVE, the fourth largest defy protocol by total value locked, voted to make the code
for the upcoming AVE V3 release, restricted by a business license.
This vote is essentially a signal on whether or not the AVE community wants to protect its
intellectual property from unauthorized use or simply allow anyone to.
use the code in any way they prefer, explained the proposal that was passed by a slim majority
of 55%. A business license restricting the use of code in Defi was first introduced by Uniswap,
which most likely instituted such a practice due to being forked and vampire attacked by Sushi
Swap during 2020's DFi summer. The proposed of a V3 business license would be similar to uniswaps
in that it would restrict the usage of code for an initial amount of time.
time, which would most likely be one year. During that time, AVE governance would keep the rights
to authorize code for projects and teams who have a track record of collaborating with AVE in the
past. The proposal didn't pass with overwhelming support. Forty-four percent of Avey's community
voted for V3 to be released under an MIT license, which grants, without limitation, the rights to
use, copy, modify, merge, publish, distribute, sublicense, and or sell copies of the code for free.
Sin and Pain Ventures Adam Cochran believes that DeFi Protocol's close sourcing some of the code
is a slippery soap that could lead to crypto applications running into the same issues they are trying to solve.
Wrote Cochran,
We've seen more restrictive licenses in closed source pop up across Defi Protocol and other chains over the past year.
When we design systems to be anti-competitive profit seekers,
we're just going to recreate the broken banking system, but on-chain.
One week, three unicorns.
NIDIG, a New York-based Bitcoin firm,
announced a $1 billion funding round at a valuation of more than $7 billion.
According to Dove Metrics, this is tied as the largest funding round of 2021 in the cryptospace.
The capital from the raise will be used to further develop its VTC infrastructure capabilities,
including Lightning Payments.
Westcap led the round joining existing investors like a firm, FIS, FIS, FI-Serve, Mass Mutual, Morgan Stanley, and New York Life.
On Wednesday, Anchorage, a crypto-focused bank, announced a $350 million raise at a valuation of over $3 billion in a Series D funding round.
Anchorage, which launched in 2017, as primarily a custodian for digital assets, has since grown into a
full-service bank. KKR, a private equity firm with $459 billion in assets under management,
led the investment through a technology fund, its first direct equity investment in a crypto firm.
Also included in the round are Goldman Sachs, BlackRock, PayPal Ventures, and Reese-Nhorowitz,
and Alameda research. On Thursday, the block reported that Dune Analytics, a crypto-analytics
company, is raising money at evaluation of $1 billion. The block says that Dune's raise
would make for 39 crypto unicorns minted in 2021.
Shopify is launching an NFT marketplace.
On Thursday, the e-commerce platform Shopify announced the beta release of an NFT marketplace,
where businesses can mint and sell branded NFTs with Shopify and Shopify payments from their
own storefront.
The website notes that NFTs will be available on Ethereum, Polygon, Near, and Flow,
with customers being able to claim NFTs via email.
Nike made a Metaverse acquisition.
RTFKT Studios, an NFT fashion company, has been acquired by Nike.
Created in January 2020, the Metaverse native RTFKT is known for creating NFTs of virtual
sneakers and other collectibles.
This is not Nike's first foray into digital goods.
Nike has shown interest in tokenized fashion since 2019 when it filed for a patent regarding
crypto kicks.
In 2021, Nike has actively pursued virtual fashion, filing for patents on Nike and Just Do It, along with Air Jordan, Jumpman, and Spooch logos.
For that reason, Benoit Pagoto, a co-founder of RTFKT, is super excited about the acquisition.
Nike is the only brand in the world that shares the deep passion we all have for innovation, creativity, and community.
and we're excited to grow our brand which was fully formed in the Metaverse, concluded Pagoto.
Notably, the acquisition comes on the heels of a series of Metaverse partnerships from Adidas, a Nike competitor.
Senators rally across the aisle to push for changes to infrastructure bill.
This week, U.S. Treasury Secretary Janet Yellen received a letter from six senators asking her to clarify
how the Treasury Department will interpret the broker definition for crypto tax reporting
in the recently past infrastructure investment in jobs act.
In the letter, Senators Rob Portman, Mark Warner, Mike Crapbo,
Kirsten Cinema, Pat Toomey, and Cynthia Lemis noted that the vague definition of broker
could pose significant issues for crypto actors and asked Yellen and the Treasury Department
to honor the intent of the bill, which they felt was cemented during a conversation between
Senators Portman and Warner on the floor of the Senate earlier this year.
At that time, they spent the time.
The term would only cover brokers who enable the transfer of digital assets,
while entities' ancillary to the process would not be considered brokers.
The senators urged the Department of Treasury to provide information or informal guidance
within the current calendar year.
The move from the bipartisan group comes after multiple failed attempts at changing the
language in the bill during its time in the Senate.
Catherine Hahn leaves A16C crypto to launch her own fund.
on Wednesday, Katie Hahn, a general partner at Andresen Horowitz and GP of A16Z crypto, announced her intention to leave A16Z to start her own crypto fund focused on crypto and Web 3 early next year.
The information reports that Andrewson Horowitz will be an anchor limited partner in her new fund and make a large capital commitment up front.
But at least one other institution has made a larger commitment.
Additionally, A16 founders, Mark Andreessen and Ben Horowitz, and her partner GP of A16Z Crypto, Chris Dixon, are all personally investing in her fund.
As the firm's first female general partner, Han was hired with the launch of A16Z's first crypto fund in 2018.
In the past year alone, she has helped ink 45 deals.
The information reports that she will be the sole GP of her new fund and intends to hire as many as 20 people, with at least
six founding team members being women, which is notable in the male-dominated industry.
Recently, Han has been hosting dinners for celebrities, crypto community members, lawmakers,
drawing together people who intersect with crypto, from everything from the NFT to regulatory
angles, and all are in various ways necessary to crypto success.
Han sits on the boards of OpenC and Coinbase. Before joining A16Z in 2018, Han served at the
Department of Justice for over a decade. A16C crypto will now be helmed by Dixon, Ariana Simpson,
Anthony Albanese, and Aliya. Time for Fun Bits. Elon Musk says Tesla is letting the Doge out.
According to data from Coin Gecko, Dogecoin was at 15 cents at 5 a.m. Eastern Time on December 14th.
By 6 a.m. Eastern time, the price of Doge had jumped to 21 cents, an increase of 40% in roughly two hours.
Why? Because Elon, of course, at 5.34 a.m. on the 14th, the Tesla CEO tweeted,
Tesla will make some merch buyable with Doge and see how it goes. Now, what does this mean?
It means that Doge holders can order anything from a Tesla umbrella to a Tesla buckle belt on Tesla's website.
Though, after perusing the shop, Dogecoin purchases do not seem to be live yet.
And if T's come to a congressional race.
Shrina Karani is running for a house seat in California and dropping 2222 NFTs on Salana,
representing potential Web3 policies.
In a conversation with CoinDesk, Krani said there is a ton of misunderstanding surrounding crypto
and specifically points to tax and accounting rules as areas that can be addressed with new legislation.
South Park makes crypto Twitter feel seen.
South Park did a bit on crypto that pokes hilarious fun at crypto and all that's
memes, drama and jargon. Although I probably can't play the whole thing without creating copyright
issues for myself, here is a fun little taste. Next thing you know, these people over here started
chanting, hoddle, hoddle, and their NFD started moaning, and then these guys over here started
saying those guys right there, right clicked them, and called for a pumping dump, which made these
guys beat the living hell out of anyone who said it was just FOMO and died screaming that it was the
Flippening.
All right, thanks for tuning in.
To learn more about Jess, elliptic, and TFI hacks,
be sure to check out the links in the show notes.
Unconfirmed is produced by me,
Laura Shin,
with all from Anthony Yoon, Mark Murdoch, and Daniel Ness.
Thanks for listening.