Crypto has weak spots. Hackers are pouncing.
Good morning, and welcome to Protocol Fintech. This Tuesday: the blockchain security arms race, Jack versus Vlad, and Coinbase versus the SEC.
Off the chain
“U thirsty?” “U mad?” No, that’s not Twitch trash talk; that’s an actual Twitter conversation between Block CEO Jack Dorsey, 45, and Robinhood CEO Vlad Tenev, 35. Look, we get it: Jack, you’re into bitcoin, and Vlad’s partial to dogecoin. Can’t we all get along, and, I don’t know, act our age?— Owen Thomas (email | twitter)
The target on crypto’s back
Crypto hackers and scammers have been having a field day, striking on multiple fronts over the past few weeks. Online games, stablecoins, crypto wallets: Nothing seems safe.
Even Elon Musk has taken note. One of his complaints about Twitter is the prevalence of crypto scammers. The attacks underscore the vulnerability of DeFi and the complexity of securing decentralized blockchain operations.
Scammers are exploiting weak spots and hitting the jackpot. Willie Sutton may never have said that he robbed banks “because that’s where the money is,” but it’s certainly a rationale for recent hacks.
- Hackers stole more than $650 million in ether and stablecoins in the Axie Infinity breach. That attack put the spotlight on sidechains, networks that connect blockchains, which are known to be vulnerable to hacking.
- The Axie attack also underlined how crypto scams are becoming a national security issue. The FBI said the attack was carried out by Lazarus Group and APT38, which are associated with North Korea. Experts believe that money is going to fund North Korea’s weapons programs.
- Hackers ran off with more than $180 million in stablecoins from Beanstalk Farms by manipulating the network’s governance processes, according to William Callahan, director of Government and Strategic Affairs at Blockchain Intelligence Group. The thieves used “flash loans,” which let users borrow tokens without collateral, and used that to gain the voting power that let them drain away funds, Callahan told Protocol.
- MetaMask also warned users on Apple devices that their wallet seed phrases could be exposed through automatic iCloud backups. Phishing scams are looking for users’ iCloud credentials.
Crypto hacks can be devastating for a DeFi project like Beanstalk. “There are no funds left,” one developer wrote on the project’s Discord chat server.
- Breaches aren’t necessarily fatal for DeFi projects. Shortly after the hack, Axie Infinity owner Sky Mavis announced a $150 million funding round led by Binance.
- “We know trust needs to be earned,” Axie Infinity said. The VC money would surely come in handy as far as beefing up its anti-hacking defenses.
- Investors’ pocketbooks aren’t unlimited, however, and VCs answer to their limited partners. Can Sand Hill Road face off with hackers backed by nation states?
This is good news for anyone who wants to fight bad guys for a living. Hiring is through the roof.
- Cybersecurity and blockchain are two big growth areas for tech jobs. Put them together and it’s a recruiting frenzy.
- Ripple is hiring security engineers. So is Kraken. Circle wants someone who can assess third-party vendor risks. Even a16z Crypto is hiring a security specialist to “harden” the firm, including setting up “automated security detection and response capabilities across our entire infrastructure.”
- But the biggest gap may be in decentralized networks, where responsibility for security is spread out. If it’s everybody’s problem, it’s nobody’s problem.
- The challenge is staying ahead of hackers, who have plenty of resources and motivation to attack blockchain networks that move ever-increasing amounts of digital assets.
It’s a security arms race. Protocols are typically open source, which means everyone can spot vulnerabilities. The community aspect of crypto projects leaves them open to social engineering. The challenge is getting these vulnerabilities fixed faster than they’re exploited. The bad actors “have learned how to take advantage of bugs in the code,” Callahan said. Sutton actually said he robbed banks because he enjoyed it. It’s time for crypto to spoil the hackers’ fun.— Benjamin Pimentel (email | twitter)
A MESSAGE FROM PwC
M&A and workforce reorganization can create a wealth of opportunities for companies seeking rapid growth, transformation and market expansion. In fact, 47% of executives say pursuing corporate M&As, joint ventures and alliances is their top growth driver in 2022. Unfortunately, nearly half of executives say talent acquisition and retention challenges are the biggest obstacle.
On the money
On Protocol: Sen. Elizabeth Warren, along with Reps. Katie Porter and Brad Sherman, charged TurboTax with scamming consumers in a letter to the company, arguing that more tax-filing services should be free.
Manchester City club tokens, like many others, prove to be disappointing. Critics argue that fan tokens have few tangible benefits for the fans, leading to people growing tired of them quite quickly.
DiDi is moving forward with its U.S. delisting plans. The Chinese ride-hailing giant has set a shareholder meeting for May 23 to vote to delist from the New York Stock Exchange. The company, which has been under fire from Chinese regulators, said it would not apply to list on any other stock exchange before delisting.
Bank of America is going increasingly digital. The bank’s first-quarter earnings call showed that about 53% of its consumer sales came from digital channels, amounting to $1.7 billion, a 4% increase from a year ago.
Andreessen Horowitz is making its Start program official. Startup founders across six categories can now apply for the program, with partners across several verticals including fintech helping out.
Kraken managing director for Europe, the Middle East and Africa Curtis Ting has a bone to pick with scammers. "I'm a former law enforcement official myself, I also have two living grandparents. Frankly there's a special place in hell reserved for scammers and fraudsters who try to rob the vulnerable and the elderly,” he said in an interview with the BBC.
The SEC is “going beyond its authority under the Exchange Act in redefining [the word] exchange,” saidCoinbase’s Paul Grewal. A proposed rule change could sweep in DeFi systems, he noted, but doesn’t address the impact on those markets.
Yearn Finance creator Andre Cronje disappeared off the internet about a month ago. Now he’s back, and lamenting the state of crypto. “Crypto culture is concepts like wealth, entitlement, enrichment, and ego. Crypto culture has strangled crypto ethos,” he said in a blog post.
Blockchain Association policy chief Jake Chervinsky thinks the government might be crypto-friendler after counting its tax receipts. “Crypto is about to be the government's favorite thing in the world after all these taxes get paid,” he tweeted.
Ava Labs is raising $350 million at a valuation of $5.3 billion. While investors in the round have not been disclosed, previous investors in the developer of the Avalanche blockchain include a16z and Polychain Capital.
Genies raised $150 million, raising its valuation to $1 billion. The NFT avatar company’s latest funding round was led by Silver Lake, a move by the investment firm to forge its way into the Web3 sphere.
BloXroute raised $70 million. The crypto firm’s series B round was led by SoftBank Vision Fund 2, with participation from Dragonfly Capital, ParaFi Capital, Lightspeed Venture Partners and others.
Stark Bank raised $45 million. The challenger bank’s series B round was led by Ribbit Capital, with participation from Bezos Expeditions; SEA Capital; executives from Airbnb, Coinbase and Visa; and others.
PolySign acquired digital asset fund administrator MG Stover. Polysign will also complete a series C round along with the acquisition, with participation from new investors Soros Fund Management, Brevan Howard and GSR.
Bread Financial launched the Bread Cashback American Express credit card. The card joins the financial services company’s other payment solutions, Bread Pay and Bread Savings.
FIS partnered with Fireblocks for accelerated crypto adoption. The partnership will allow firms to access crypto trading venues, liquidity providers, lending desks and decentralized finance applications.
A MESSAGE FROM PwC
ProEdge can help you conduct a skill gap analysis across your organization and gain insights you can leverage to develop forward-looking plans while taking into account the needs of the entire enterprise, including individuals, teams and functions. In an M&A scenario, an upskilling program like ProEdge can also be used to uncover employees’ skills that weren’t utilized before