What's going on in Web3? Issue #12 | August 3, 2022
GM, yesterday we saw a HUGE #Solana exploit (still ongoing as of publishing this), a Gucci & ApeCoin collab, Magic Eden announcing support for #Ethereum #NFTs and more. Dig in to find out What's going on in web3!
Solana Hack?
Update 3:00 PM CT: Slope Finance issues an initial official statement
Update 12:45 PM CT: Zach Dhihan confirms with another researcher, Adam Cochran , his observation that Slope Finance seems to be the common denominator in the attack.
Update 5:00 AM CT: Zach Dhihan , #Solana Co-founder, is all but confirming this is a iOS/Android level supply chain attack.
Original Post:
Ok, so yesterday afternoon #Solana wallets started getting drained. Other tokens such as #USDC were drained as well.?As of writing this over $1.7 Million (USD) worth of Solana was drained out of almost 8000 unique wallets.
The current resounding theory is that mobile users have their private keys/phrases cached on the phone as a JSON file (.env file) and that is somehow being exploited due to malware in the source code of the wallets themselves.?
The exploit seems to have mainly affected iOS devices, but some android devices were exploited as well. Phantom , Trust Wallet , and Slope Finance wallets across mobile and browser extensions were affected.?
There are a handful of #whitehat hackers who were able to trace the IP of the attackers to Moldova by sending self-hosted NFTs - with some fancy code tucked in - to the attackers' wallets and then waited for them to open the NFTs in Phantom . After doing that the server hosting the NFTs was able to scrape the data to get the IP and browser information.?
I’ll keep covering this story as it evolves.?
Gucci X Apecoin
BitPay is behind the collaboration between Gucci and ApeCoin where the luxury retail chain will begin accepting the token at select stores.?
This isn’t the first dip into #web3 for Gucci though, they’ve been partnered with #10KFT, a digital merchant, who designs clothing and accessories for collectors to adorn their favorite pfps with.?
The chain has also been accepting other #cryptocurrencies through bitpay for a couple of months now.?
The news is less reflective of the retail chain making changes, but rather the payment infrastructure adding support for Apecoin.?
Textbook company doesn’t make enough off of students, so it’s embracing NFTs
I wish I was exaggerating. Pearson plans to sell their books as #NFTs to capture royalties from secondary sales.
This is the company that requires you to pay a month's worth of rent just to get a book for a class you might use 5 times.?I can't even write a whole thing about it cause I'm a millennial and I can't even rn...
Magic Eden adds Ethereum support
In a strange twist that even M. Night couldn’t have written, Magic Eden is rolling out support for Ethereum-based NFTs.?
领英推荐
This is interesting mostly because OpenSea has all but invalidated Magic Eden existence since rolling out support for Solana NFTs. I’m having a hard time trying to figure out who would prefer to put their #EthereumNFT up for sale on Magic Eden. Please help me figure this out.?
And get this. Magic Eden won’t be holding #Ethereum NFTs in escrow like they do with Solana, oh and they are also automatically indexing collections from other eth marketplaces, another feature absent for #Solana users.?
What the heck? This is just confusing.?
New Opensea feature gets exploited?
#Phishing and social engineering just got easier thanks to a new OpenSea feature that allows users to gift tokens to arbitrary wallets.?
Opensea’s new feature allows users to mint tokens from one wallet but have the token delivered to another wallet. When viewing the transaction through certain wallet trackers, the tokens show up as purchased, rather than gifted.?
This feature is being exploited by sending NFTs to celebrities & influencers after which the scammer will take screenshots of the transactions to post on social media to generate FOMO by making it look like that celebrity endorses their project. If done properly the FOMO will start a domino effect type cascade which will get people to mint from the scammers.?
Best case scenario it’s just a crappy project, worst case scenario it’s a complete rug pull and you get your wallet drained as a bonus.?
This type of behavior isn’t new, btw, it’s been happening as long as NFTs have existed. The issue itself is very simple to fix in nature. The developers for the wallet trackers just need to add a new option for “gifted” NFTs and plug that into their existing system.??
I don’t expect this to be a long-term issue, but it does present a good opportunity to educate about how these types of phishing scams work.?
Opensea is working on a fix right now to ship out to dev teams.?
Artist of the week: Shurooq Amin
Shurooq is a champion of NFTs, but not for the reasons you might think.?
Shurooq lives in Kuwait and she’s been making art for years, long before NFTs were a thing.?
Shurooq likes to make art that reflects her feminine spirit, but this is frowned upon due to the local customs. Her art has caused so many issues with the local authorities that she’s been raided twice since 2012 and has had her art seized. It’s for this reason that she got into NFTs.?
NFTs can’t be removed or augmented (in most cases) after being committed to their blockchain. Shurooq can mint her work onto the blockchain of her choice and as long as that chain continues to operate, her work will continue to exist and be available to whoever requests it. She can’t be censored, at least not in traditional ways.?
N.B. Due to the nature of private, centralized companies running a lot of what we consider to be web3 marketplaces, there will always loom the threat that the government can outlaw the platform or force the platform to act on behalf of the authorities, similar to how Facebook operates outside of the US.?
Web3 Word of the Day:?
Web3 Tip of the Day:?
Come talk about the news with us and ask questions during one of our daily morning spaces!
Thanks for reading this far. If you read the entire thing DM me and I'll send you one of our Happy Quokka NFTs.* We're celebrating getting listed on Opensea finally and we're just giving away tokens to people who actually care.
*If the Solana blockchain hasn't imploded, that is
CHEQs - Join the Waitlist Now | Founder @ DTS Technology Global | Business Analysis & Optimisation
2 年Hey Dennis Layden?? just wanted to say thanks for your time and highly valuable comments with insides on my recent post here: https://www.dhirubhai.net/posts/dainis-t-2bb5b1124_solana-crypto-hacking-activity-6960601638059294720-TNbC?utm_source=linkedin_share&utm_medium=member_desktop_web Keep it that way man! ??
A mind that never sleeps.
2 年Amazing work mate. ????