\nThere\u2019s always another nightmarish crypto hack around the corner<\/br>
\n2023-01-20 22:22:39<\/br><\/p>\n
Welcome back to Chain Reaction.<\/strong><\/p>\n Last week, we looked at the near-term future for crypto gaming as VCs zero in on where to place consumer bets. This week, we\u2019re looking at hardware wallets and the endless journey toward feeling safe in the crypto world.<\/p>\n To get this in your inbox every Thursday, you can subscribe on TechCrunch\u2019s newsletter page.<\/a><\/p>\n A weekly dispatch from the desk of TechCrunch crypto editor Lucas Matney<\/a>:<\/em><\/p>\n The world of crypto can be a cruel and unforgiving place, and while VCs and crypto hedge funds have been happy to bail out institutions, sometimes consumers dabbling in the space find themselves left out in the cold. This week, a couple of pretty high-profile hacks cost crypto investors millions, but it was the smaller, more mysterious one that likely left newbie buyers clutching their private keys and praying for the best.<\/p>\n Putting money anywhere is an exercise of trust, which sometimes makes it funny that the word \u201ctrustless\u201d has been a leading phrase in crypto religious creeds that investors use to gain converts. All a user must do is hold their private key near and dear and they can trust that their money will always be there without having to place any trust in a traditional financial institution. But consumers are discovering some of the long-known fine print to that promise.<\/p>\n This week, thousands of Solana users logged into their crypto wallet apps<\/a> to discover that all of their funds had disappeared. Many of these users claimed they hadn\u2019t used the wallets in weeks or months, ruling out some sort of mass signature of a malicious contract. While this ended up<\/a> being a lowly seven-figure hack, the mystery was notable. Early on, users weren\u2019t sure whether this was an attack on the underlying Solana network or an underlying service provider that multiple wallets relied on. Amid all the confusion, wallets continued to be drained, eventually emptying the contents of upwards of 8,000 individual accounts.<\/p>\n Investors in the Solana ecosystem (the network\u2019s founder dropped some choice Twitter retweets<\/a>) complained that the media was focusing more heavily on the single-digit millions exploit when the Nomad bridge had been hacked for $190 million just a day prior. But it was the nature of the attack that was scarier than the dollar amount.<\/p>\n Apparently a crypto wallet provider was inadvertently logging seed phrases to their event logging server, which lead to someone being able to hack and drain over 8,000 wallets \ud83d\ude2c https:\/\/t.co\/Mah695gQY5<\/a><\/p>\n \u2014 Marcus Hutchins (@MalwareTechBlog) August 3, 2022<\/a><\/p>\n<\/blockquote>\n<\/div>\n While users across wallets reported the problem, the issue came down to a vulnerability in the Slope wallet which had \u2014 unbeknownst to users \u2014 been logging their private keys in the back end, leaving them vulnerable to bad actors if they had ever imported keys to the mobile app. This saga probably served as another severing point of trust in the system for new users who might have thought their funds were safer in a wallet than a centralized exchange\u2019s coffers. But long-time crypto users shrugged and signified that this was yet another reason for users to hold their funds<\/a> in so-called hardware wallets \u2014 physical devices that store a user\u2019s private keys and dramatically cut down on the number of attack vectors for hackers outside of human error.<\/p>\n Now, pushing every new user to buy a ~$100 hardware wallet in order to truly secure their assets clearly isn\u2019t the ticket to widespread near-term adoption, and yet it seems to be a rule that those deepest in the space still cling to. While plenty of crypto\u2019s richest are holding to strategies that promote security above most anything else, it also seems that plenty of them are investing and promoting projects which emphasize speed and seamless onboarding at the expense of security. Users finding their way onto the rails of flashy consumer apps may find themselves realizing that crypto\u2019s early onboarding hurdles have been steep for a reason and that wealthy users buying air-gapped computers and keeping their keys on pieces of papers have plenty of history framing their paranoia.<\/p>\n Chain Reaction is back again this week and better than ever! We announced two big changes to the pod this week. First and foremost, we have a new co-host, <\/span>Jacquie Melinek<\/span><\/a>, joining us weekly to talk about the biggest headlines in web3. Jacquie is a great friend of ours and as a <\/span>reporter for TechCrunch+<\/span><\/a>, she\u2019s eager to get in the weeds to us help demystify all things crypto.\u00a0<\/span><\/p>\n Second, we\u2019re splitting our weekly show into two separate episodes: a weekly news segment featuring Jacquie, the first of which came out today, and an interview segment hosted by Anita and Lucas. Stay tuned for the latest interview episode to drop next week, in which we talked to Uniswap COO MC Lader.<\/span><\/p>\n For this week\u2019s news, we unpacked two <\/span>high-profile hacks<\/span><\/a> that happened in the first two days of the month (phew). We also discussed <\/span>Robinhood\u2019s latest round of layoffs<\/span><\/a> and a $30 million fine the company paid to New York regulators.<\/span><\/p>\n Subscribe to Chain Reaction on <\/span>Apple<\/span><\/a>, <\/span>Spotify<\/span><\/a> or your alternative podcast platform of choice to keep up with us every week.<\/span><\/p>\n Where startup money is moving in the crypto world:<\/span><\/i><\/p>\n A weekly window into the thoughts of web3 reporter <\/span><\/i>Anita Ramaswamy<\/span><\/i><\/a>:<\/span><\/i><\/p>\n It seems like a good time to talk about security in crypto in light of the recent hacks affecting both the Nomad crypto bridge and the Solana ecosystem. It\u2019s becoming increasingly clear that no matter how many assurances a crypto company makes about how airtight its security standards are, investors should be watching their backs at all times. The pain can be even more acute for NFT holders, who are at risk of losing millions of dollars of value in one fell swoop if one of their pricey JPEGs gets stolen \u2014 just think back to what happened to actor Seth Green and his kidnapped Bored Ape.<\/span><\/p>\n There are a few different options for how people can store their crypto securely today, and they all have their tradeoffs. A \u201chot wallet\u201d is connected to the internet, which leaves it vulnerable to outages or connectivity troubles. Furthermore, plenty of hot wallets are operated by centralized entities such as exchanges that hold users\u2019 keys on their behalf \u2014 a transfer of power many crypto users are loathe to grant. A \u201ccold wallet,\u201d meanwhile, is considered far more secure, but involves clunky, hard-to-use hardware that could be misplaced just as easily as a \u201cseed phrase,\u201d which is a password used to unlock a crypto wallet.\u00a0<\/span><\/p>\n Upstream founder and CEO Alex Taub, <\/span>who we had on last week\u2019s pod<\/span><\/a>, says his startup has a user-friendly solution that allows people to keep control of their own keys digitally without having to compromise on security. It\u2019s a unique solution coming at a particularly opportune moment. For details on how it works and why it\u2019s different from what\u2019s already on the market, check out my article <\/span>here<\/span><\/a>.\u00a0<\/span><\/p>\n Here\u2019s some of this week\u2019s crypto analysis available on our subscription service TC+ from senior reporter Jacquelyn Melinek<\/a>:\u00a0<\/em><\/p>\n Solana\u2019s speedy approach to crypto is attracting developers, despite hiccups <\/a><\/strong> Why education is key to halting hacks like the $190M Nomad exploit <\/a><\/strong> Tiffany and Gucci\u2019s dip into crypto is a balance of reputation and revenue <\/a><\/strong> Thanks for reading! And \u2014 again \u2014 to get this in your inbox every Thursday, you can subscribe on TechCrunch\u2019s newsletter page.<\/a><\/p>\n<\/p><\/div>\n <\/br><\/br><\/br><\/p>\n![\"\"](\"https:\/\/i0.wp.com\/techcrunch.com\/wp-content\/uploads\/2022\/04\/chain-reaction-newsletter.jpg?resize=680%2C191&ssl=1\")
<\/p>\n
\nnowhere to hide<\/h2>\n
\n
\nthe latest pod<\/h2>\n
\nfollow the money<\/h2>\n
\n
\nthe week in web3<\/h2>\n
\nTC+ analysis<\/h2>\n
Although the crypto market isn\u2019t always sunshine and flowers, some prominent industry players, including Solana co-founder Raj Gokal, still have an optimistic outlook for growth \u2014 at least about their own projects. Despite Solana\u2019s recent issues with 8,000 wallets hacked on Tuesday, the layer-1 blockchain has about 15 million to 20 million monthly active addresses, some of the highest in the crypto industry, Gokal said. \u201cA question we get a lot is how is the market affecting the pace of development and the pace of building?\u201d His answer? It\u2019s not, really.<\/span><\/p>\n
Following the loss of almost $200 million in a security exploit on crypto protocol Nomad, security experts insisted that more education and security protocols are necessary for protecting web3 communities from hackers. As the crypto ecosystem becomes larger over time, interchain operability will continue to grow, too, \u201cat profound levels with a focus on security and decentralization,\u201d Daniel Keller, co-founder at Flux, said to TechCrunch. \u201cHowever, attention needs to be given to security and not only speed of development as we push DeFi products to the masses.\u201d<\/span><\/p>\n
Are crypto integrations by household name brands and sports teams evidence of increasing use cases for digital assets and cryptocurrencies \u2014 or more of a marketing ploy? This week, Tiffany & Co., Gucci and FC Barcelona all dove deeper into the crypto sphere with partnerships in the digital asset world. But do these partnerships truly mean anything for the crypto ecosystem? A number of market players shared their thoughts on the financial upside, risk and business play behind these new integrations.\u00a0<\/span><\/p>\n
\n