- Layer3
- Posts
- This Week in Web3 | 8.8.22
This Week in Web3 | 8.8.22
This is why the hack was so chaotic - you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it.
GM! It's been another exciting week in web3. Welcome to your Monday digest, and here's what we'll be covering in today's issue.
Nomad Bridge drained of nearly $200m in exploit
Liron Shapira: How web3 VCs stumbled into funding a Ponzi
U.S. Treasury Department bans citizens from using Tornado Cash
A big update to our Bounties page
Your Web3 Briefing 📝
An analysis of what you missed in web3 over the past week
Nomad Bridge drained of 200m+ in major exploit
After raising $22m back in April to build a cross-chain bridging protocol, Nomad Bridge has lost over $200m in a major exploit, with multiple exploiters draining the protocol of nearly all its funds.
Bridges typically work by locking up tokens in a smart contract on one chain and then reissuing those tokens in “wrapped” form on another chain. They are vulnerable to hacks because bridging is extremely complex and often involve a large amount of reserve funds, making it particularly attractive for hackers as a one-time target.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇
— samczsun (@samczsun)
11:45 PM • Aug 1, 2022
This instance was also especially chaotic, since a software bug in the protocol's smart contract enabled any ordinary user to exploit the protocol quite easily. As Sam of Paradigm Research states, "All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it."
As of today, a few white hat exploiters have returned their funds to Nomad, which is still undergoing the arduous process of recovering the full funds lost.
Sarah's Recommended Reads: Liron Shapira on the Ponzinomics of Axie Infinity
Welcome to Week 2 of Sarah's Recommended Reads! Here, I'll be summarizing well-written articles or threads by web3 thinkers (or dabblers) that you should know about.
Up today is Liron Shapira's thread on the Ponzinomics of Axie Infinity, a topic which definitely deserves its own newsletter summary; for today, we'll discuss it briefly with Liron's excellent recap.
Liron traces the history of the Axie Infinity hype cycle by beginning with Packy McCormick's viral newsletter last July, which, according to Liron, was "representative of last year’s peak VC hype around Axie."
In VC-land, Axie's revenue growth was off-the-charts, which is often taken as a sign that a startup has discovered a lucrative new business model. In crypto-land, however, Liron warns us to be careful—after Axie's "inevitable collapse" this year, we can all come away with the lesson that crypto "throws a wrench into the usual analysis of a startup’s growth."
In hindsight, Axie's unsustainable tokenomics model should have been obvious. This was diluted by both market conditions and VC hype, with Liron's thread serving as both a warning, and a call for accountability.
What else you should know
Feds blacklist Tornado Cash, ban US citizens from using the app
Over 8,000 Solana wallets compromised in widespread hack
Singapore-based crypto lender Hodlnaut freezes withdrawals to "stabilize liquidity"
Variant Fund on Sufficient Decentralization: A Playbook for web3 Builders and Lawyers
What we've been BUIDLing 🏗️
Noticed any changes to our Bounties page?
We've updated it so that our Daily and Weekly Bounties show at the top, making organizing and completing your Bounties easier than ever before.
Why not give our newest NFT Bounty a whirl?
🛣️ Stay up to speed on what we're building: Take a look at our roadmap to see what we've been cooking at Layer3, and a preview of what’s to come.
🚢 And if you want to help decide what we ship next: You can submit a feature request here and vote on your favorites! Some top community requests have already made it onto our roadmap.
Web3 101: Yield Farming💡
Each week we’ll cover an essential web3 concept in simple terms. This week we’re looking at yield farming (in DeFi) ✨
What does it mean to yield farm?
Yield farming is a method to earn interest on your cryptocurrency. Often, it involves locking up or staking your crypto in a liquidity pool/farm for period of time in exchange for interest or other rewards.
How does yield farming work?
When you lock up or stake your crypto in a DeFi protocol, it essentially means you are lending money to the protocol for it to carry out certain transactions. As a result, you earn a percentage of those transactions. Because DeFi protocols often have no middleman or market maker, you can earn much more significant yield than you would by depositing your money in a bank.
How can I become a yield farmer?
While yield farming is widely available on various DeFi protocols, we highly recommend you do your own research before proceeding, as it can be a highly risky and volatile venture. Always look for protocols with higher TVL, a good audit history, and reasonable security measures in place.
Layer3 has several yield farming Bounties for you to get started as a DeFi beginner. Remember: This is not financial advice! Please explore at your own discretion.
Thanks for reading!
Join our Discord and follow us on Twitter to stay up-to-date on the latest Bounties, communities, and more!
That's all for this week! Until next time, frens!
Cheers,
Sarah at Layer3
Let us know how we did👇
What did you think of this week's newsletter? |