Welcome to The Node. This is Daniel Kuhn and Prachi Vashisht, here to take you through the latest in crypto news and why it matters. In today’s newsletter:
Coinbase CEO Brian Armstrong said the exchange is considering moving out of the U.S. if regulatory clarity doesn’t come soon. “We actually have contradictory statements from the heads of the CFTC (Commodity Futures Trading Commission) and the SEC (Securities and Exchange Commission) coming out almost every few weeks. How’s a business going to operate in that environment?” Armstrong said during a conversation with U.K. Chancellor George Osbourne at a conference in London. On Monday, cryptocurrency exchange Luno announced a decision to halt its services in Singapore beginning on June 20. The company, which is owned by CoinDesk parent Digital Currency Group, has also notified the Monetary Authority of Singapore it will withdraw its licensing application. The decision is an attempt to reevaluate the firm’s global strategy and won’t affect its operations in other regions, Luno said.
Bubbly?
PepeCoin (MEME), a coin that launched Sunday, has become Twitter’s latest meme obsession, reaching a market capitalization as high as $33 million on Tuesday morning. Of course, this isn’t the first time a meme token has garnered interest on Twitter, though it is a sign of froth, analysts said. Meanwhile, bitcoin’s (BTC) “reserve-risk multiple,” a lesser known but an historically reliable bitcoin price indicator, has turned positive for the first time since October 2021 reportedly indicating BTC selling pressure has abated, analytics firm Glassnode said. This may comport with analysts at Bernstein who have published a report claiming the final tranche of “toxic crypto leverage” is nearly cleared out, meaning crypto prices might soon improve. (Reader, use your judgment before investing.)
Applications Open
On Monday, United Arab Emirates’ federal securities regulator, the Securities and Commodities Authority, began accepting applications from companies looking to provide crypto services in the country. The mandatory licensing regime applies to all companies seeking to provide services in the country, unless they are already licensed in financial free zones in the United Arab Emirates. The move follows the UAE Council of Ministers’ last year decision to regulate the crypto sector.
Heading to Consensus? Connect with the Filecoin community ahead of the big event at the Filecoin Network Base, April 24-26, at the Riley Building in downtown Austin. Programming highlights include sessions on Web3 and gaming, developer workshops, and the latest updates on FVM, as well as partner office hours where you can connect with your peers and start building your big idea on the Filecoin network. And join our happy hours Monday and Tuesday evenings, from 7-9 PM CDT, featuring DJ sets with some vintage deep house vibes.
Spanning three floors packed with programming and networking opportunities, the Network Base, hosted by Filecoin Foundation, is your go-to spot for cross-chain collaboration and connection in Austin.Register today.
At Consensus 2023, Filecoin Foundation presents the Protocol Village, featuring presentations on the Filecoin Roadmap on Friday, April 28, starting at 1:45 PM CDT. See you there!
To reclaim the internet, Web3 presents a unique opportunity to solve the issues that centralized platforms can’t or don’t want to address through decentralization. Despite the potential that Web3 brings, it nonetheless faces its own set of challenges, including difficulty in onboarding, multi-chain functionality and no social networking solutions. That’s why NEAR is transforming into the Blockchain Operating System – creating a fast and easy way for onboarding and discovery in Web3.
The Blockchain Operating System, currently in alpha, removes the current walled gardens that are so pervasive in the Web 3 space and creates a simple, accessible entry point into Web3 for developers and end users. Developers can create their own frontends, fork components and quickly build apps, while end users can easily discover Web3 experiences – all in one place. Continue reading.
*This is sponsored content by NEAR
The Takeaway: Broken Wallet Theory
There’s reportedly been a nasty bug going around OG crypto holders, affecting arguably the most critical part of Web3 infrastructure: the MetaMask wallet. Over 5,000 ether (ETH) worth about $10.5 million have been stolen from crypto veterans since December, crypto-skeptical news site Protos reported, citing an informal investigation done by MyCrypto founder Taylor Monahan.
It appears that developers at ConsenSys, the private blockchain software firm that’s built much of Ethereum’s open-source tooling, including the MetaMask wallet and Infura application toolkit, are investigating the exploit, which appears to be “deliberately” targeting people who should know the ins and outs of crypto self-custody and security.
“This is NOT a low-brow phishing site or a random scammer. It has NOT rekt a single noob. It ONLY rekts OGs,” Monahan, who goes by “Tay” on Twitter, wrote. The attack is widespread, affecting keys created between 2014 and 2022 and affecting 11 blockchains, according to Tay’s preliminary investigation.
I mention this exploit not to spread fear, uncertainty and doubt. As of now, it appears average or occasional users of MetaMask aren’t being targeted. But it is a moment to remember a few wallet best practices and to take stock of your holdings. Because of the sophisticated nature of the attack and the pedigree of the victims, the fallout could be severe.
The most important thing now is not only making everyday crypto users feel safe and secure, but ensuring they actually are. I’ve reached out to several ConsenSys developers for ideas about asset security, and will update the piece on CoinDesk.com if and when they get back.
The unknown attacker(s)
As mentioned, much about the attack and attacker(s) are still unknown, and it’s not clear whether this is a coordinated effort by several skilled hackers or perpetrated by someone with inside knowledge of the MetaMask operation.
Monahan suggests the perpetrator may have received a cache of data that is helping him or her gain access to users’ private keys or wallet recovery phrases. She added emphatically that the issue is not related to MetaMask’s underlying cryptography and is not a social-engineering scam, as with phishing.
However, there are a few commonalities among the victims: Most of the attacks have occurred on the weekend, and the exploiter swapped assets within a victim’s wallet for ether (often bypassing staked positions, non-fungible tokens and lesser-known coins), consolidating that ETH and then transferring it out. Often the attacker has gone back hours, days or weeks after an initial attack to sweep remaining funds, Monahan said.
The “theft and post-theft on-chain movement is VERY distinct,” Monahan said, hoping to open the doors to identifying the attacker and recovering assets. She added that several “recovery” attempts have been successful so far.
ConsenSys hasn’t confirmed the attack yet, but Monahan could be said to be speaking for the organization in some capacity. ConsenSys acquired Monahan’s startup MyCrypto in February 2022, having implemented MyCrypto’s “scam blocklist” (aka CryptoScamDB), which was used to protect MetaMask users from visiting known scam URLs in 2017, according to an announcement at the time. So she knows what she’s talking about.
Best practices
As for best practices, Monahan wrote in all caps: “PLEASE DON’T KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS.” If that is mostly useful only in retrospect, she also cautions users to split up their assets, use a hardware wallet and migrate their funds off accounts connected to the internet.
As the nature of the exploit is revealed, it’s likely this story will get only bigger. Apparently, many longtime crypto users have been affected over a period of months without much word filtering out into the wider world. As long as crypto continues to have value, wallet users will continue to face such threats. A record $3.8 billion in crypto was stolen last year through scams, hacks and theft, according to Chainalysis’ latest accounting.
CoinDesk recently published a list of “Projects to Watch,” meaning protocols and companies we feel relatively good about recommending to users. I wrote about the increasingly popular Rainbow wallet, which is spreading mostly by word of mouth, in part because of its easy interface and built-in security features.
Rainbow, like many crypto wallets, has rolled out a series of security features to help protect wallets including pop-up messages that warn users about suspicious addresses they may be interacting with, as well as ID tools to prevent people from sending assets to incorrect or dead addresses. Basic security features like this should be the norm across crypto (to be clear, MetaMask is among the wallets with similar protections).
But it also seems like crypto users and malicious actors will constantly be playing a game of cat and mouse. With every technological product used to protect the uninformed, there is likely a workaround. And if Monahan is correct, even years of hands-on experience is no guarantee you will be safe. There are best practices to follow and pitfalls to avoid – but at this point, scamming is clearly endemic to crypto.
Where does that leave Web3? It’s not like banks or fintech apps are immune to hacks or scammers – but users should be able to trust even “trustless” technologies.
NY Authorities To Collect More Fees From Crypto Companies (Blockworks)
There’s still time to save on the most important conversation in crypto and Web3! Register before Friday at 11:59 p.m. ET to save up to $500 on walk-up prices. Plus, take an extra 15% off with code NODE15. Register for Consensus 2023 today!
Strange Fruits
Kudos for making it this far! On occasion, we’ll give our loyal Node readers the opportunity to claim DESK, our social token, which is a mechanism for returning the value of engagement directly to the users who create it.
