A highlight from Crypto 2023: Even Vitalik Is Getting Hacked

The Breakdown


Welcome back to The Breakdown with me, NLW. It's a daily podcast on macro, Bitcoin, and the big picture power shifts remaking our world. What's going on, guys? It is Monday, September 11th, and today we are catching up on everything in the cryptosphere from last weekend, including the founder of Ethereum getting hacked. Before we dive into that, however, if you are enjoying The Breakdown, please go subscribe to it, give it a rating, give it a review, or if you want to dive deeper into the conversation, come join us on the Breakers Discord. You can find a link in the show notes or go to bit .ly slash breakdown pod. Hello friends, hope you had a great weekend. Like I said, today we are doing a grab bag, catching up on just a ton of news, and let's start with the weird one. On Saturday, Ethereum co -founder Vitalik Buterin's Twitter account was compromised. The attacker used the account to tweet about a time -limited NFT promotion. Users that followed the link that tried to mint the NFT instead had their wallet drained. Around 700 ,000 in crypto tokens and NFTs were stolen. Now, the attack followed a similar pattern to many SIM swap attacks which have plagued high -profile crypto figures recently. An attacker fraudulently obtains control over the target's phone number and then uses two -factor authentication to gain access to Twitter or other services. The attacker then posts a link to a poison transaction for victims to sign. According to Unchained Sleuth's ZackXBT, there have been more than 53 SIM swap attacks over the past four months which have led to the theft of over 13 .3 million in crypto assets. Now, at this stage, we don't know exactly how the attacker gained access to Vitalik's Twitter account. Some assumed that Vitalik would be using more complicated security design than simple phone number based 2FA. If so, this attack speaks to much more sophisticated attacks targeting crypto figures. What was particularly insidious about this attack was how believable the fake communication was. The attacker's fake message was promoting a Q &A on a forthcoming Ethereum feature known as proto -dank sharding. Numerous high -profile industry figures were taken in by the fake message and signed transactions with their wallets. The highest profile NFT that was drained was the very first crypto punk to be claimed, valued at around $250 ,000. To some, the attack demonstrates a clear change in targets for scammers. DC Investors said, Still, others pointed out that it could have been a lot worse. Coin Bureau tweeted, Putting it more simply, CL207 tweeted, While Mac's short ETH, dude would have made $100 million, not $1 million. Still to others, this was just an example of how difficult it is still for normal people in the cryptosphere. Harrison at PompPunk on Chain wrote, Next up, staying in and around the Ethereum ecosystem, consensus -owned blockchain infrastructure firm Infura have announced plans to release a decentralized version of their service by the end of this year. Infura provides a range of blockchain infrastructure but are most well known for their Ethereum RPC nodes. As much as 50 % of Ethereum transactions are routed through Infura infrastructure, making their centralization an ongoing risk. As regulatory efforts move from enforcement to compliance, it's anticipated that regulators will look for intermediaries within the crypto ecosystem to deputize. And to many, a centralized Infura would be a natural fit for compliance enforcement. Indeed, we've already seen multiple instances of Infura being used as a tool for compliance. Last November, the firm announced that some 20 million Metamask users would have their wallets and IP addresses tracked using Infura. Consensus pushed back on the controversy by noting that Metamask allowed users to opt out by switching to a different RPC provider. In March, consensus blocked IPs from certain regions in an effort to comply with sanctions requirements. Also, in March, consensus blocked IPs from certain regions in an effort to comply with sanctions requirements. Users from Venezuela and Iran were among those who complained they could no longer use Metamask through Infura. At the time, consensus were criticized for restricting access more broadly than the sanctions called for, including blocking some U .S. residents who had emigrated from sanctioned nations. Still, it appears that consensus and the Ethereum ecosystem at large have grown increasingly uncomfortable with the censorship risk of RPC nodes. And Infura have been working on this decentralization project for over a year now. Now, the project will be rolled out in a number of phases. Infura refers to the first stage as the quote federated phase, where trusted partners will be brought on to run redundant versions of key infrastructure. Tom Hay, decentralized infrastructure product lead at Infura, said in a statement, We're looking to launch something later this year, and that is going to be a federated phase. The federated phase will last at least six months and will provide the network with the insight on how to build a sustainable model before introducing further decentralization. Now, according to the team at ConsenSys, aside from censorship resistance, adding more diversity and redundancy in RPC infrastructure could also improve the robustness of Ethereum in general. ConsenSys head of strategy Simon Morris said, If you have different people setting up their infrastructure in different ways on different cloud providers using different node software, then you can start to build antifragility into the system. Next up on this breakdown, a regulatory roundup. On Friday, the SEC filed their response in the Ripple lawsuit, arguing that the case should be allowed to proceed to appeal. Ripple had previously objected to the appeal, stating that the regulator had not made a sufficient argument to ground an appeal. The SEC is filing hitback, stating that, quote, The defendants themselves say that the issues have industry -wide significance and are of special consequence. They claimed that this pivotal decision should be subjected to the scrutiny of an appellate court to ensure a clear precedent is made. The SEC is filing hitback, stating that, quote, The defendants themselves say that the issues have industry -wide significance and are of special consequence. End quote. They claimed that this pivotal decision should be subjected to the scrutiny of an appellate court to ensure a clear precedent is made. The SEC noted that one judge has already rejected the Ripple decision as a persuasive precedent, opening the door to contradictory rulings. The regulator further argued that halting the rest of the Ripple case to deal with the appeal immediately would, quote, preserve the resources of the court. They even went so far as to take a swipe at Ripple, claiming that the firm was deliberately dragging out court proceedings. Speaking of the SEC, Republican House Whip Tom Emmer has introduced an appropriations amendment to rein in the SEC's crypto enforcement agenda. In a tweet, Emmer wrote, "...Gary Gensler has abused his authority to grow the administrative state to the detriment of the American people. Congress must use all our tools, including the appropriations process, to restrict Chair Gensler from further weaponizing taxpayer dollars." The appropriations amendment would limit the SEC from utilizing funds to pursue digital asset enforcement until comprehensive rules and regulations are put in place. Now, of course, Emmer has long been critical of the SEC's approach to crypto regulation. In June, he supported fellow Congressman Warren Davidson's SEC Stabilization Act proposal which would limit the authority of the SEC chair by introducing a sixth commissioner to require bipartisan support for regulatory actions. Gensler is scheduled to appear at an oversight hearing before the Senate Banking Committee on Tuesday. The House Financial Services Committee, meanwhile, will hold their SEC oversight hearing on September 27th. So we should get a chance to hear more about whether there has been any shifts in the Gensler -SEC attitude since some of these court proceedings have gone through. Now, moving over to the Fed. In a speech given at a fintech event on Friday, Fed Vice Chairman of Supervision Michael Barr made a number of comments about CBDCs and stablecoins. When it comes to CBDCs, Barr emphasized that the Fed is still firmly in the quote basic research phase and is far from making any decisions. Barr said that quote, Investigation and research are very different from decision -making about next steps in terms of payment system development and we are a long way from that. By way of detail, he explained that the research is currently focused on system architecture and tokenization models. Barr continued to reinforce the idea that the Fed won't make any decision on CBDC issuance without quote, clear support from the executive branch and the authorizing legislation from Congress. On stablecoins, Barr said quote, I remain deeply concerned about stablecoin issuance without strong federal oversight. If non -federally regulated stablecoins were to become a widespread means of payment and store of value, they could pose significant risks to financial stability, monetary policy, and the U .S. payment system. It is important to get the legislative and regulatory framework right before significant risks emerge. Now, Barr has recently spearheaded the Fed's Novel Activities Supervision Program, which requires banks to obtain a written non -objection before they can interact with stablecoins. He claimed that the safeguard was in line with previous guidance issued by the Office of the Comptroller of the Currency. Barr argued that strong federal oversight of dollar -backed stablecoins was in the Fed's interest, arguing that the tokens quote, borrow the trust of the central bank. Now, of course, federal oversight of stablecoin issuers has become a line in the sand for establishment Democrats who sought to hold up the progress of stablecoin legislation back in July. Barr also reflected on the July launch of FedNow, which is the new instant gross settlement system operated by the Fed. He said that FedNow has been made available to depository institutions of all size, but quote, while current volumes on FedNow are small, I expect that participation will grow over time. Now, next up, one we talked about a bit in the weekly recap, but giving the details just for completeness. On Thursday, the CFTC announced enforcement actions against three D5 firms — Open, 0x, and Derridex — all settled lawsuits for offering unregistered derivatives products to U .S. customers. The fines were relatively small — $250 ,000, $200 ,000, and $100 ,000, respectively — but the message was clear. CFTC Director of Enforcement Ian McGinley said in a statement, Somewhere along the way, DeFi operators got the idea that unlawful transactions become lawful when facilitated by smart contracts. They do not. The DeFi space may be novel, complex and evolving, but the division of enforcement will continue to evolve with it and aggressively pursue those who operate unregistered platforms that allow U .S. persons to trade digital asset derivatives. Now, while both Open and Derridex were offering derivatives trading, the situation around 0x was a little more complex. 0x is an Open DEX platform which allows anyone to list tokens. They attracted the attention of the CFTC by simply having derivative tokens with embedded leverage listed. The CFTC claimed that simply retaining the ability to draw fees from the trading, though not actually profiting from the platform and having access to shut down the platform, was sufficient to be held liable for how other developers use the platform. Now, one CFTC commissioner offered a scathing dissent to the enforcement action. Commissioner Summer Mersinger wrote, Although each case presents different facts, they have been lumped together for commission consideration and vote, presumably for messaging purposes, as quote -unquote DeFi cases. She added that, I am concerned that the Commission in these cases is taking another step down the path of bringing enforcement actions when we should be engaging with the public. It is important to emphasize that Enforcement First has not always been the CFTC's default position. These cases are especially concerning in that they represent a significant shift in position on the merits of engagement with DeFi market participants. Finally today, over in the UK, the United Kingdom Financial Conduct Authority have pushed back the commencement date of some elements of strict new crypto advertising rules. The core rules will come into force on October 8th. They require advertisements to be clear, fair, and not misleading. In addition, risk warnings will now be mandatory in incentivizing platform use with both monetary and non -monetary rewards is prohibited. Other parts of the regulations could be pushed back to as late as January according to the FCA. Individual firms would need to apply for additional time on a case -by -case basis. The regulator explained that firms are running up against technical issues implementing some parts of the new rules. In particular, a 24 -hour cooling -off period which would allow customers to ask for full refunds is proving difficult to comply with. It would require programming changes to platforms at a minimum, if not an overhaul to business models. Lucy Casseldine, Director of Consumer Investment at the FCA said, As a proportionate regulator, we're giving firms that apply a little bit more time to get other reforms requiring technology and business change right. We'll maintain our close eye on firms during this extended implementation period. Now, the FCA's strict new rules have been criticized for their broad scope and draconian punishments. Foreign firms that advertise to UK customers would be covered by the regulations, which capture social media posts, websites, and in -app advertising. Influencers would be held liable for their promotion of crypto products, and the failure to adhere to the new regulations could result in criminal charges. The maximum punishment for breaches includes an unlimited fine or even jail time. The FCA has said that the strict rules are designed to Prevent harm to consumers from investing in crypto assets that do not match their risk appetite. The regulator added that It is up to consumers to decide whether they buy crypto assets, but they should do so based on fair and accurate information that helps them make effective investment decisions. So friends, this is the other side of the prepping for the next bull run. It is going to be a much tighter environment, certainly for any types of promotions. Although whether that will end scams given where we started this episode, I think that remains to be seen. However, that is going to do it for today's episode. I appreciate you guys listening as always. Until tomorrow, be safe and take care of each other.

Coming up next