E15 - Wintermute's 160 Million Dollar Key Generation Lesson

Content provided by Zak Wolff. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Zak Wolff or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

I, Degen « »
E15 - Wintermute's 160 Million Dollar Key Generation Lesson - 9/20/2022

1+ y ago 57:03

MP3•Episode home

Listen at: idegen.fm

Intro

Welcome to I, Degen - A podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we dig into a weekly look at crypto, cutting through the misinformation and hype in search of signal in the noise.

Episode Summary

In this episode, we hunt for Do Kwon and look at the White House’s comprehensive framework for the responsible development of digital assets. Then we look into Wintermute’s 160M key generation issue. We discuss emerging post-merge Ethereum narratives and the Omni bridge replay attack. We also get into an IRL customs scam for our hack attempt of the week.

I,Degen - Weekly

9/14/22 - South Korean Court Issues Arrest Warrant for Terra Luna founder Do Kwon [2]

The wanted crypto developer Do Kwon, who is accused of fraud by investors following the $45 billion (€45 billion) collapse of his cryptocurrencies Luna and TerraUSD, is reportedly trying to evade South Korean authorities.Prosecutors have accused Kwon of financial fraud, arguing that his terraUSD stablecoin was a kind of investment security under South Korea’s capital markets act [2]Kwon moved from South Korea to Singapore, where the now defunct stablecoin issuer Terraform Labs, which he co-founded, has a base. However, Singapore Police Force said on Saturday he is currently not in the city-state.South Korean prosecutors told Bloomberg in a text message on Monday that there has been “circumstantial evidence of escape” since he left Singapore. The media outlet said prosecutors declined to comment on whether the office knows of Kwon’s whereabouts or if it will contact the international police agency Interpol.Last week, Kwon was charged with violating the Capital Markets Act, and an arrest warrant was issued for him and five allegedly connected to the case who were believed to be in Singapore.
–EuroNews

White House Releases Comprehensive Framework for Responsible Development of Digital Assets

Over the past six months, agencies across the government have worked together to develop frameworks and policy recommendations that advance the six key priorities identified in the EO: consumer and investor protection; promoting financial stability; countering illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation.The nine reports submitted to the President to date, consistent with the EO’s deadlines, reflect the input and expertise of diverse stakeholders across government, industry, academia, and civil society. Together, they articulate a clear framework for responsible digital asset development and pave the way for further action at home and abroad.

Protecting Consumers

Still sellers commonly mislead consumers about digital assets’ features and expected returns, and non-compliance with applicable laws and regulations remains widespread. One study found that almost a quarter of digital coin offerings had disclosure or transparency problems—like plagiarized documents or false promises of guaranteed returns.The reports encourage regulators like the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC), consistent with their mandates, to aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space.The reports encourage Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC), as appropriate, to redouble their efforts to monitor consumer complaints and to enforce against unfair, deceptive, or abusive practices.The reports encourage agencies to issue guidance and rules to address current and emergent risks in the digital asset ecosystem. Regulatory and law enforcement agencies are also urged to collaborate to address acute digital assets risks facing consumers, investors, and businesses. In addition, agencies are encouraged to share data on consumer complaints regarding digital assets—ensuring each agency’s activities are maximally effective.The Financial Literacy Education Commission (FLEC) will lead public-awareness efforts to help consumers understand the risks involved with digital assets, identify common fraudulent practices, and learn how to report misconduct.

Advancing Responsible Innovation

The Office of Science and Technology Policy (OSTP) and NSF will develop a Digital Assets Research and Development Agenda to kickstart fundamental research on topics such as next-generation cryptography, transaction programmability, cybersecurity and privacy protections, and ways to mitigate the environmental impacts of digital assets.

Quite a bit more to the report.

And the Forbes Headline reads…
Joe Biden Just Sent A Stark Warning To Bitcoin And Crypto After $2 Trillion Price Crash

What is your narrative?

What do the machines think?

(June 9th, Wintermute OP issue)[https://rekt.news/wintermute-rekt/] and now this… ()[https://rekt.news/wintermute-rekt-2/]

Let’s start with a story that broken on September 14th. 1Inch, a dex aggrator protocol’s community discovered an issue with Profanity, a Ethereum address generator tool

Even worse, the possibility of this issue was raised on the Profanity Github on January 17th, 2022.

Why didn’t Wintermute act when the Profanity issue was raised with proof six days ago? Well, the did:

Around the time that the disclosure happened, Wintermute removed all ether from an admin address which suggests that they realized it might have been vulnerable. However, they forgot to remove this address as an admin from their vault.The attacker is likely a seasoned hacker/solidity developer. They created a helper contract, deposited stables into curve to avoid blacklisting, and figured out this vulnerability in a closed sourced vault contract in the first place.
–Mudit’s BlogThe stolen funds were mostly various stablecoins, totalling $118.4M. The majority of these were deposited into Curve’s 3pool, presumably in an attempt to avoid any blacklisting.The exploiter is now the 3rd largest holder of 3CRV with over 13% of the supply.

I, Degen - Deep Dive

Reflecting on the merge ETH?

Ethereum itself

Social Attacks - Narrative-based attacks in crypto. We tend to think about FUD...

22 episodes

#Tech #Zak Wolff #Crypto #Bitcoin #Ethereum #Hacking #News #Tech News #DeFi #DAO #NFT