The Poly Network drama continues as Mr White Hat is refusing to return US$141 million left on a multi-sig wallet.
Poly Network Waits for Hacker to Return Private Keys
The hacker has returned most assets, approximately US$427 million worth. But according to a recent update, Mr White Hat is holding hostage $141 million in ETH and WBTC (28,9523 and 1,032 respectively), and about 33 million USDT is frozen.
Poly says it is in constant communication with Mr White Hat on how to deal with the situation.
Aug-19 12:55:49 AM +UTC#mrwhitehat returned 96,942,063 DAI on Ethereum. 28,953 ETH and 1,032 WBTC still remain in multi-sig wallet. As we promised, 160 ETH Bounty(worth $500K) has been donated. Please check it here https://t.co/uoKB8vjyQX
This back and forth between the protocol and the hacker has outraged the community, some of whom are even accusing the Poly Network team of being behind the hack or otherwise complicit. The Poly Network addressed the community concerns in its communications, claiming it is working as fast as possible can to return the assets.
We understand there are many users and projects using Poly Network’s services, and there are users who are panicking that they might lose control of their assets, and we want to minimise the impact on them, so restoring our network and our users’ assets in a secure manner as quickly as possible is our top priority.
Ethereum whales are still increasing their holdings. Over 43 percent of all Ether (ETH) in circulation is held by whale addresses, according to recent data from crypto analytics platform Santiment.
Additionally, ETH balance on exchanges has been dropping significantly, which suggests most investors are HODLing.
Whales Are Still Buying ETH
There has been renewed interest in Ether since the Beacon chain went live last year. This is evident as the ETH accumulation rate has been on an upward trajectory, especially for the whale investors.
As of August 2, Santiment reported that 39.2 percent of ETH supply was accumulated by Ethereum’s millionaire addresses that hold at least 1,000 to 100,000 ETH. As recently as August 13, the addresses holding 100,000 ETH accounted for 43.7 percent of all ETH in circulation. According to Santiment, this represents a 7.9 percent increase from the previous record of 35.8 percent in 2018.
🐳 #Ethereum whale addresses aren't stopping their accumulation as prices hover above $3,100. 3 years ago to the day, addresses with 10k+ $ETH owned 35.8%. Today, they own 7.9% of the #2 market cap asset's total supply. There are 1,338 of such addresses. https://t.co/wVVPHCDmI9pic.twitter.com/SGTaXXYhjI
Ethereum whale simply refers to an address holding a large amount of ETH – at least 1,000 ETH, equating to US$3.149 million on today’s price. Whale addresses can be owned either by individuals or an organisation. Whale accumulation is usually seen as a bullish indication for continuous price growth.
Besides the increase in ETH supply held by whales, data also shows that retail investors are buying, which confirms the presence of demand for ETH. Glassnode tweeted on August 19 that addresses holding 0.1+ ETH had reached an ATH of 5,471,300.
Additionally, there’s a spike in the number of new addresses created on the Ethereum network, which Santiment has termed to be bullish.
📈 #Ethereum is hovering at the $3,000 level right now, and behind the curtains, we're seeing that network growth has been steadily rising this month. New addresses being created on the $ETH network is a nice leading indication of where prices move next. https://t.co/u78GKHGbe9pic.twitter.com/oBgy9zxBCw
Decentralised Finance (DeFi) is a blockchain-based form of finance that does not rely on central financial intermediaries (such as brokerages, exchanges, or banks) to offer traditional financial instruments: instead, DeFi utilises smart contracts on blockchains, Ethereum being the most commonly used.
Recently, new chains have emerged to offer users an alternative to Ethereum, which has become notoriously expensive to use, especially in times when the network becomes heavily congested, resulting in gas wars and extraordinarily high transaction fees.
These new decentralised applications (known as ” DApps”) run on a distributed computing system. DApps have been popularised by distributed ledger technologies to allow easy transfer and swapping of crypto assets.
Here is a list of the Top 10 DeFi Swap Token Apps:
UniSwap
Pink unicorn-branded UniSwap is perhaps the most popular DeFi protocol used to exchange cryptocurrencies. The protocol facilitates automated transactions between ERC-20 tokens on the Ethereum blockchain through the use of smart contracts. Uniswap empowers developers, liquidity providers and traders to participate in a financial marketplace that is open and accessible to all. UniSwap V3 was released in May and boasts the most flexible and efficient automated market maker (AMM) ever designed. $UNI is the native token of the Uniswap protocol. Holders of UNI are entitled to governance rights and voting privileges on changes to the protocol, while liquidity providers can receive UNI tokens for their contributions. With its user-friendly interface, UniSwap makes it easy to swap DeFi tokens.
SushiSwap
SushiSwap (SUSHI) is a fork of UniSwap. Unlike Uniswap, which follows Automated Market Makers (AMM), SushiSwap is a user-oriented platform where users provide liquidity in lieu of rewards. It is an auditedDecentralised Exchange (DEX) and DeFi protocol described as “Uniswap meets Yield Farming” with SUSHI tokenomics. The protocol’s native token SUSHI is used to govern the platform. SUSHI holders also receive a portion of SushiSwap’s trading fees. SushiSwap is funded by an anonymous group that goes by the name Chef Nomi.
QuickSwap
QuickSwap is a fork of Uniswap that runs on the Polygon network (formerly Matic Network), a Layer-2 scaling solution for Ethereum. Polygon has lower transaction fees compared to the Ethereum mainnet, enabling QuickSwap to facilitate token swaps at a lower cost relative to exchanges like Uniswap.
1inchNetwork
1inch is an Aggregation Protocol Network that unites decentralised protocols whose synergy enables the fastest, most lucrative and protected operations in the DeFi space. The platform has 540K+ users and a total volume of $70 billion+. It facilitates cost-efficient and secure atomic transactions by utilising a wide range of protocols and performing argument validation and execution verification. The governance and utility token for the platform is self-titled 1INCH. The 1inch Liquidity Protocol is a next-generation automated market maker that protects users from front-running attacks and offers capital efficiency to liquidity providers. The 1inch Limit Order Protocol is perhaps the best feature of this DApp, allowing users to enjoy the most innovative and flexible limit order functionality in DeFi. Its implementation of the Chi gastoken makes transactions on 1inch up to 42% cheaper than swapping tokens on Ethereum. Chi tokenised gas that is pegged to the Ethereum network’s gas price, but the difference is that Chi is used on 1inch and Curve while GasToken is used across the entire Ethereum network.
AirSwap
AirSwap is a peer-to-peer network. A simple combination of web protocols and smart contracts powers its RFQ (request-for-quote) style protocol. There are two kinds of liquidity providers on AirSwap: those running their own HTTP servers to provide liquidity, and those managing on-chain delegates that swap on their behalf. Each swap is between two parties, a signer and a sender. The signer is the party that creates and cryptographically signs an order, and the sender is the party that sends the order to the Ethereum blockchain for settlement.
HoneySwap
HoneySwap is a permissionless decentralised exchange (DEX) based on Ethereum, built on xDai Layer 2 scalability infrastructure. The xDai Chain enables users to experience fast and secure transactions with incredibly low fees. By utilising xDai chain for transactions, Honeyswap allows users to trade any ERC20 token and experience fast and secure transactions with incredibly low fees.
BakerySwap
BakerySwap is an automated market maker and non-fungible token (NFT) marketplace that runs on the Binance Smart Chain. It is powered by BakeryToken (BAKE). BakerySwap is the all-in-one DeFi platform that provides both AMM and NFT Marketplace solutions in one place. Users can exchange tokens, provide liquidity, participate in liquidity farming, and also mint NFTs and trade them.
Balancer
Balancer is an automated portfolio manager and trading platform offering investors portfolios that generate yield and rebalance automatically. Balancer turns the concept of an index fund on its head: instead of paying fees to portfolio managers to rebalance your portfolio, you collect fees from traders who rebalance your portfolio by following arbitrage opportunities.
Aave
Aave is an open-source, non-custodial decentralised lending protocol that allows users to earn interest on deposits and borrow digital assets. Users can participate as depositors or borrowers. Depositors provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an over collateralised (perpetually) or under collateralised (one-block liquidity) fashion. Aave offers simplified and decentralised access to a wide range of digital assets and interoperability with multiple DeFi platforms. The protocol features Flash Loans to users enabling them to borrow instantly and easily, no collateral needed, provided that the liquidity is returned to the pool within one transaction block. Stakeholders can actively contribute as part of the community to the Aave Protocol and its governance.
ShibaSwap
ShibaSwap was recently launched by the Shiba Inu team – SHIB, LEASH, and BONE – to create a decentralised cryptocurrency exchange platform, the next evolution in DeFi platforms. ShibaSwap gives users the ability to DIG (provide liquidity), BURY (stake), and SWAP tokens to gain WOOFReturns through a sophisticated and innovative passive income reward system. The ShibaSwap platform allows the ShibArmy to access upcoming NFTs and additional tools, such as portfolio trackers, to make navigating the crypto world simple and intuitive.
Pancake Swap
PancakeSwap is one of the leading decentralized exchanges on Binance Smart Chain, with some of the highest trading volumes in the market. Unlike centralized exchanges like Binance or Coinbase, PancakeSwap doesn’t hold your funds when you trade. The pancake DAPP can run on mobile applications with integrations crypto wallets such as Trust Wallet allowing you to swap your tokens seamlessly.
The hacker who stole US$611 million from the Poly Network last week turned out to be a white hat hacker who returned the funds while exposing the protocol’s network security flaws. And what’s even weirder, the Poly Network team offered the hacker a US$500k reward, and a role as chief security officer.
A Strange Turn of Events
As per an August 17 blog post, the Poly Network completed the second phase of the Mainnet Upgrade while keeping the hacker updated daily on its progress. Poly Network and the hacker had been interchanging encrypted messages in which the latter shared his concerns about the protocol’s network security and overall projects in the DeFi space.
We are also counting on more experts like Mr White Hat to be involved in the future development of Poly Network since we believe that we share the vision to build a secure and robust distributed system. Also, to extend our thanks and encourage Mr White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr White Hat to be the Chief Security Adviser of Poly Network.
Poly Network blog post
The protocol hopes that the hacker returns the private keys to restore full assets control to the community.
‘Mr White Hat’ Exploits Bug on Smart Contracts
As Crypto News Australiareported on August 12, the hacker – dubbed “Mr White Hat” – found a bug on the protocol’s smart contracts that allowed him to move assets between different blockchains, as per an analysis from blockchain forensic firm Chainalysis.
The hacker stole a total of US$611 million in Ethereum, BNB and Poly, making it the biggest theft in DeFi history. Yet things changed when the hacker started returning the funds progressively to the protocol through a multisig wallet.
$342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned: Ethereum: $4.6M BSC: $252M Polygon: $85M
He also tried to communicate with the Poly Network team through private messages embedded in an ETH transaction the hacker sent to himself. “It’s already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more DAO,” reads one of the messages.
Hacker Refuses Bounty, Offered Further Reward
After several messages and a dialogue made public, the hacker clarified his intentions and his vision of the DeFi space. While the hacker refused to accept the $500k bounty, the protocol still plans to reward him for his “contributions to blockchain security”.
We are grateful for Mr White Hat’s outstanding contribution to Poly Network’s security enhancements. While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr White Hat’s vision for DeFi and the crypto world, which is in line with Poly Network’s ambitions from the very beginning – to provide interoperability for ledgers in Web 3.0.
A collective effort from the crypto community has saved SushiSwap’s token fundraising platform from a potential US$350 million heist. A vulnerability was found in the code by a partner of Paradigm, which could have led to an auction being hacked if discovered by a malicious actor.
SushiSwap’s token fundraising platform, MISO, had one of its smart contracts used in a “Dutch auction”. The vulnerability created a ticking time bomb situation for the platform to potentially lose 109,000 ETH (US$350 million) before the auction ended.
According to a post published by SushiSwap on Monday, Paradigm security researcher Sam Sun (aka samczsun) and colleagues Georgios Konstantopoulos and Daniel Robinson worked together to solve the problem with the “Dutch auction” contract on the Miso platform. Sun was scanning through the code when he came upon the vulnerability:
Auditor's logs, 16th of August. I found a critical vulnerability in SushiSwap's MISO platformhttps://t.co/untzdxay7q
In Sun’s words: “Unfortunately, while composing two components might be safe most of the time, it only takes one vulnerability to cause serious financial damage to hundreds if not thousands of innocent users.”
This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behaviour. There’s no catch-all advice to apply here, like ‘check-effect-interaction’, so you need to be cognisant of what additional interactions new components are introducing.
Samczsun
According to SushiSwap, the issue created a “two-pronged issue where a user can both put up a commitment higher than ‘msg.value’, thereby draining any unsold tokens, and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment”.
“Users could over-bid and get a refund of the difference between the current bid and the amount they submitted, but the refund could be repeated to drain the auction contract,” adds Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.
I had gone from encounter to discovery in a little over half an hour, disclosure in 20 minutes, war room in another 30, and a fix in three hours. All in all, it took only five hours to protect 350 million USD from falling into the wrong hands.
Samszsun
Preventing Attacks with Secure DeFi Contracts
In the case of the SushiSwap vulnerability, many in the crypto community have taken to social media to praise and show support for the collective rescue efforts led by the research arm at Paradigm.
> found and helped patch a vulnerability that put over 109k ETH at risk
everyone knows Paradigm has big UNI / Uniswap bags, but Sam from their team just helped save SushiSwap (an ostensible competitor) from a critical bug
The DeFi space is one of blockchain’s newest innovations with lots of potential for growth and wealth creation. However, the industry is in its infancy with much to be learned, and since there’s so much money on the table there will usually be vultures circling around.
Researchers from Microsoft, Alibaba group and Carnegie Mellon University have released a white paper outlining a new blockchain-based solution for piracy, said to be running on the Ethereum (ETH) public blockchain.
Built on Ethereum’s public blockchain, Argus is described as superior to existing solutions and is also thought to be the first public anti-piracy system which:
does not hinge on any “trusted” role;
treats every participant fairly (in particular, it is resilient to greed and abuse, and resolves conclusively every foreseeable conflict); and
is efficient and economically practical to run on a public blockchain.
The system achieves an impressive off-chain throughput, and incurs only a negligible on-chain cost equivalent to sending “14 ETH-transfer transactions per report on the public Ethereum network”.
Protecting Intellectual Property
Intellectual property (IP) is one of the most valuable assets for modern tech companies, especially in the software, film, gaming and digital publishing industries. Companies worldwide have become increasingly concerned with IP protection and the fight against digital piracy.
According to the team of researchers, “Anti-piracy is fundamentally a procedure that relies on collecting data from the open anonymous population, so how to incentivise credible reports is a question at the centre of the problem.”
Relying on the transparency of Ethereum, Argus aims to provide a trustless incentive mechanism while protecting data collected from the open anonymous population of piracy reporters. The system enables back-tracing of pirated content to the source with a corresponding watermark algorithm, which is detailed in the paper.
Dubbed “proof of leakage”, each report of leaked content involves an information-hiding procedure. This way, no one but the informer can report the same watermarked copy without actually owning it, and it also prevents an informer from reporting the same leaked content under different names.
NFTs Also Used to Protect Against Piracy
Non-fungible tokens (NFTs) can also be used to prevent piracy through cryptography. Zero Contact, a new blockbuster film starring Anthony Hopkins, is set to premiere later this year on the NFT platform Vuele where it will be sold as an NFT.
The idea with Zero Contact is to make the movie an NFT, basically a digital asset that is placed on an encrypted blockchain with unique serial numbers. In doing so, it protects the film from piracy and adds fun extra content for the buyer, which can also be traded on the platform.
— Koala Intelligence Agency (@KoalaAgencyNFT) August 14, 2021
The Koala Intelligence Agency is a cute collection of 10,000 unique Koala NFTs. Launch day is August 23, at 18:30 EST: the countdown has begun, minus six days and counting.
No fewer than 100 koalas on “special force top secret missions” will be gifted or “deployed” through the project’s Discord community. Among these are five “secret agents”. Users can recruit (mint) up to 15 koalas per transaction. Floor price for a koala NFT is 0.05 ETH (about US$150), and full commercial rights and ownership of recruited koalas will belong to the NFT owner.
Recruitment Perks
Each koala has a unique entry code, enabling every central intelligence officer (KIA NFT owner) access to KoalaHQ (a members-only club of crypto-koalas sharing top secret underground crypto information). The Private Koala Network will offer a “regulated undercover Discord channel, available for central intelligence officers to share intel and debrief accordingly“.
To add further intrigue, the project will discharge Geocache Challenges – where “stealthily located crates will be planted in real life, the locator will receive a hidden prize”, including but not limited to ETH and NFTs – and Experimental Projects, involving “future missions” that will come to light including “top secret experimental opportunities for koalas”.
Koalas are fully trained and prepared to deploy. They are masters of disguise, sifting their way through the general public without a shred of evidence left behind.
If you know anything about marketing and NFTs, a creative backstory combined with a well-executed PR campaign and strong online network of social media followers will help get you off the tarmac. Throw in a splash of philanthropy and you’ve got yourself a winner.
Conservation Component
Following the launch of the final phase of KIA’s strategic plan, Koala Academy, a donation of 12 ETH has been promised to the Australian Koala Foundation. At current prices, that’s worth around A$50,000 – not a huge amount compared to other NFT drops that raised over US$1 million on launch.
Any finer details about the KIA project are strictly top secret, lending an element of mystery to what else is to come. Other than the big launch, the roadmap on KIA’s website lacks any actual dates or further information, so stay tuned.
The “NFT Summer” remains hotter than ever. Statistics from OpenSea show Ethereum’s NFT marketplace raking in record amounts of monthly and daily transactional volume. If you want to find and surf the next big NFT wave, start by learning from the best in the game. Two influencers who keep close eyes on all things relating to NFTs are @elliotrades and @ZssBecker.
Leading crypto hardware wallet provider Ledger has announced that customers are now able to stake Ether (ETH) directly from the Ledger Live wallet. This was made possible through a partnership with an Ethereum 2.0 liquid staking platform, Lido.
As per the announcement, Ledger will only provide users the gateway to Lido’s Ethereum 2.0 staking service, and won’t manage users’ staked assets: “We do not manage it but rather provide you with a secure way to access it.”
What Are the Estimated Earnings?
Ether staking is a function of the network’s transition from proof-of-work to proof-of-stake consensus mechanisms. As Ethereum 2.0 launches, staking will become the new approach to securing and validating transactions on the network. Users who stake their coins will be rewarded in return.
At the time of writing, 6,956,617 ETH – equivalent to US$21.7 billion – had been staked on the deposit contract since it went live last December. The estimated annual percentage return (APR) decreases as more coins are staked on the deposit contact.
For instance, the initial APR for validators (node operators with at least 32 ETH staked) was around 21.6 percent. However, the APR has reduced to 5.9 percent. So if you stake US$100,000 worth of ETH, your estimated annual return would be around US$5,900, assuming the price of ETH remained constant.
Where To Get a Ledger Live Wallet?
In Australia, you can get the Ledger hardware wallet from Coinstop, one of the reputable hardware wallet stores operated in the country. Founded by Johnathan Ross, Coinstop also ships other wallets, including Trezor and CoolWallet Pro.
You can also order the Ledger wallets directly from the website.
What Are the Risks of Staking It With Lido?
Note that the currently staked ETH are illiquid, meaning they can’t be withdrawn from the network until a transfer function is deployed on the beacon chain. This is also what Lido intends to solve by issuing an equivalent amount of “stETH,” a tokenised ETH, in return for all coins staked with them.
While stETH is liquid, there are only a few platforms that support it, meaning it cannot be used extensively like ETH. Users should also be aware that they don’t own full control of their assets when staked with Lido, unlike running their validator node (32 ETH). Also, you will need an equal number of stETH to unlock your staked ETH.
A bold scam has been foiled with the arrest of two shysters who ran a dodgy website and managed to con millions of dollars from victims around the world before trying to run off with the money in classic rug-pull style.
Thanks to the Economic Crime Unit of the Greater Manchester Police in the UK, a 23-year-old man and a 25-year-old woman were tracked down and arrested for fraud and money laundering. Police also confiscated a USB stick containing US$9.5 million worth of Ethereum. A few days later policed located a cryptograph safety deposit box and the code to access it, confiscating a further $12.7 million. In total, $22.25 million was seized from the scammers.
Some Victims Lost Their Life Savings
The scam fooled investors to believe that they were depositing their money into an online saving and trading service using Binance Smart Chain. The criminals targeted people from the UK, US, Europe, China, Australia and Hong Kong. After collecting a small fortune, which included the life savings of some victims, the scammers swiftly shut down the website and transferred the money to their own accounts. Police are now attempting to contact victims and return the stolen funds.
Scams are ever-present in the crypto landscape and opportunistic criminals are rife. Buyers beware: always do your homework when investing online and make sure to minimise the risk of being scammed by only investing in projects that are safe and reputable. For more, read the Crypto News Australiaguide on how to avoid crypto scams.
The latest edition of Floyd Mayweather’s NFT collection went live on August 13 with the champion boxer talking up cryptocurrency to encourage as many takers as possible to get on board.
“Everybody should have their own mind and choose what cryptocurrency they wanna choose,” Mayweather told Newsweek magazine ahead of the sale. “What I believe in is being independent and doing what you wanna do, and it’s about people winning in life. And I push people to be winners in life. ‘Cause I’m a winner.”
Mayweather has claimed his financial portfolio to be worth “over a billion dollars”, a substantial slice of it invested in cryptocurrency.
Cryptocurrency is the new wave, it’s what everybody’s doing. And if cryptocurrency is the new wave, you know what, be the best. I just want to say thank you to everyone who’s supported me throughout the years.
Floyd Mayweather
In what’s claimed to be the most comprehensive community program ever built, Floyd Mayweather World (FMW) is a collection of 11,111 NFTs underlining the now-retired boxer’s undisputed No 1 status (50 fights, zero losses).
Illustrated by renowned artist Rui Duarte, the FMW NFTs are stored as ERC-721 tokens on the Ethereum blockchain and hosted on IPFS. In the spirit of altruism, for each NFT sold on the primary market, 15 community meals will be donated (a total of 166,665 meals).
Each token sold also entitles the buyer to merchandise including signed gloves and photos, a replica belt, free passes to TMT (The Money Team) events and discounted TMT jewellery.
Mayweather Promoted His Coin EthereumMax at Bitcoin 2021
The Mayweather collection has inspired fellow boxer Tyson Fury to launch his own NFTs celebrating his two world heavyweight titles. Fury has already made over US$1 million after partnering with artist George Rollo and FomoLabs to create his premium boxing NFTs.
The first of six open editions, Lineal by Tyson Fury, sold last month for an eye-watering US$987,000.
