Another day, another few hacks. That’s the current state of crypto

Bank Frick
Crypto Industry Reports

This week, our blockchain experts assessed the following topics:

Our bi-weekly Crypto Industry Report provides you with valuable information on the global crypto industry – picked and analysed by our blockchain experts.

Another day, another few hacks. That’s the current state of crypto

Crypto projects are getting hacked almost every other week and losing millions of dollars. Sadly, users are bearing the brunt of these attacks. On October 12, Solana-based DeFi platform Mango Markets confirmed that the protocol had been attacked by a hacker, who stole funds through an oracle price manipulation. Mango’s price plummeted by more than 40% as a result.

The hacker, who goes by the Twitter handle Avraham Eisenberg, stole $114 million by conducting an extremely profitable trading strategy. Moreover, he told the Mango community he was willing to return a portion of the stolen funds if the treasury repaid a bad debt that originated from a bailout the protocol and DeFi lending platform Solend had put together for a Solana whale that had $207 million in debt. Unsurprisingly, the Mango DAO voted in favour of this proposal, allowing them to recover $67 million of the stolen funds.

Another DeFi protocol that has suffered huge losses in the hands of hackers is the yield farming protocol Temple DAO. A $2.3 million exploit was reported on October 11. This is about 4% of the protocol’s total value locked (TVL). Experts say the funds had been available up for the taking for months, meaning the exploit was pretty easy to execute. Smart contract vulnerabilities are to blame for this attack. The hacker converted the stolen funds to ETH. Transit Swap and Wintermute are other DeFi platforms that underwent attacks in October, among seven others.

DeFi protocols aside, Binance experienced a $100 million exploit on October 6 due to a weakness in the Binance Bridge. The attacker sent himself 2 million BNB tokens worth about $570 million. However, most of the tokens are still on-chain and cannot be transferred, making the loss “only” worth $100 million. Binance asked validators to suspend deposits and withdrawals on the Binance Smart Chain (BSC) to contain the issue. Binance performed a successful hard fork six days later on BSC to address the vulnerability. The fork didn’t replace the stolen funds, however. Cross-chain operations have since resumed and the Binance community is expected to vote on how to handle the matter of stolen funds. Still, many asked about the decentralization of the project that was able to be stopped and resumed at will. 

As it stands, October already marked an inglorious record as the month with the highest total value hacked in 2022 - and yes, the month isn’t even over yet. Chainanalysis says $718 million have been stolen from DeFi protocols so far this month across 11 different hacks. The blockchain analysis firm reckons 2022’s hacking activity may surpass 2021’s at the current attack rate.

Will DeFi become illegal in the US?

Regulatory scrutiny into the crypto market has taken yet another tightening turn as the U.S. Security and Exchange Commission (SEC) determines whether Yuga Labs’s NFTs are securities. The company is the creator of the infamous Bored Ape NFTs that were all the hype in 2021. The regulator has supposedly been investigating the matter since March. The SEC is also examining how ApeCoins - a token launched by Yuga Labs earlier this year - was distributed via an airdrop to holders of BAYC, Mutant Ape, and Bored Ape Kennel NFTs. ApeCoin is the NFT project’s utility and governance token.

"It’s well-known that policymakers and regulators have sought to learn more about the novel world of Web3. [...] Yuga is committed to fully cooperating with any inquiries along the way,” said Yuga Labs spokesperson.

As the SEC probes digital assets that may be securities, the Commodity Futures Trading Commission (CFTC) has gained the support of the SEC in its pursuit to oversee crypto spot markets. “I think the CFTC could well have greater authorities,” the SEC’s chairman Gary Gensler stated. Direct authority over the crypto spot market will give the CFTC oversight over digital assets such as bitcoin that are classified as commodities in the U.S. should the proposed bill — the Digital Commodities Consumer Protection Act (DCCPA) — pass in a few months. The bill will require crypto exchanges within this jurisdiction to register with the CFTC.It’s worth noting, however, that the bill has left out regulations for the DeFi space. This has caused concerns that the U.S. might accidentally ban DeFi activity in the country.

In a different regulatory matter, the Treasury Department has fined crypto exchange Bittrex $29.3 million for violating several sanctions that prohibit U.S. companies from doing business with individuals in Cuba, Sudan, Syria, Iran, and the Crimea region of Ukraine. Turning the tables is Coin Center, a research and advocacy centre for cryptocurrency. The non-profit organisation has sued the Treasury Department for overstepping its mandate and authority when it sanctioned crypto mixer Tornado Cash in August. Six individuals, including two Coinbase employees, have joined Coin Center in suing the Treasury Department over these sanctions.

Crypto developer activity is on fire

Crypto developer activity has been the highest it’s ever been in 2022 despite the bear market. For example, the number of active DApps in the market has grown by about 1,200% from 1,000 in 2018 to 12,495 in 2022 according to DappRadar. Smart contracts have also climbed from 44,023 in 2018 to 117,922 in 2022.

In relation to Web3 developer activity, Google aims to make it easier and faster for developers to build in Web3 through its cloud services. The global tech giant has announced that it will start accepting crypto payments for this service in 2023 in collaboration with Coinbase. Google has been getting more involved in the space in various ways. For example, it provided a countdown to Ethereum’s Merge upgrade which took place on September 15. Also, blockchain addresses can now be searched directly through Google’s search bar. 

Famous crypto projects are also making major moves. MetaMask announced an added feature that will allow U.S. customers to instantly fund crypto purchases via ACH settlement merchant Sardine. Instant ACH will enable users to complete purchases in minutes. This will make it easier for wallet users to bridge from fiat to cryptocurrencies. Also, crypto’s most famous wallet provider has chosen 30 tokens to start with, which suggests that they might have taken a closer look at the legal status of different tokens, choosing only the ones that they believe are no securities. 

At the same time, Institutional activity in the crypto sector is progressing further. The latest news reveals that the oldest American bank, BNY Mellon, launched a digital asset custody platform for select U.S. clients on October 11. The platform permits users to hold and transfer BTC and ETH. This development comes after the bank created an enterprise Digital Assets Unit in 2021.

"Touching more than 20% of the world's investable assets, BNY Mellon has the scale to reimagine financial markets through blockchain technology and digital assets," said Robin Vince, BNY Mellon’s CEO.

One month of Ethereum post-Merge

While Ethereum is going strong post-Merge, one thing has been worrying to many: Its transactions may no longer be censorship-resistant, fulfilling predictions that this was a likely outcome after the Merge. Based on data on MEV watch, 54% of all Ethereum blocks were enforcing OFAC’s censorship every day at the time of writing. This means that Ethereum blocks are made compliant with the Treasury Department’s Office of Foreign Assets Control’s (OFAC’s) sanctions against Tornado Cash and the associated Ethereum addresses.

Although this level of censorship may seem like a bad thing, there’s evidence to show that the Ethereum network isn’t at critical risk of actual censorship. That’s because there is a difference between creating/validating a block compared to building on prior blocks. The former means deciding what will be put in a block while the latter means determining if it is okay to build a block someone else made. As of now, the censorship-compliant validators are excluding Tornado Cash transactions “when creating their own blocks but building on prior valid blocks as normal even when they contain ‘contaminated’ blocks.”

In other words, 46% of the validators are including Tornado Cash transactions and the rest are building on those blocks. Therefore, Tornado Cash transactions are still added to the chain, indicating that a smaller number of censorship-resistant validators can still prevent censorship. A problem would arise if the compliant validators stopped building on prior blocks. As long as there is still 1% of validators including any transaction, no true censorship is happening.

Meanwhile, ether’s supply stats denote that inflation has declined by 98% thanks to the Merge, also as predicted. If Ethereum was still on PoW, the supply would have increased by 349K ETH. This is way higher than the supply change of 7K ETH which is the case now with PoS.

So yes, ETH issuance has plummeted by about 90% post-Merge since validators’ rewards are lower than what miners got. This, in addition to the portion of ETH transaction fees burned each day, is contributing to the decreasing supply bringing the digital asset closer to deflationary status notwithstanding the bear market. It will be interesting to see what happens to Ether should demand come back. 

Bank Frick Crypto Industry Report
Bank Frick
Bank Frick is a family-run enterprising bank serving intermediaries with a strong expertise in funds and emissions and a focus on blockchain banking.