[Short #75] Security in Community and Transparency

🔐🤝👨‍👩‍👦‍👦

We’re halfway through the week and the news across Crypto/Web3 keeps pouring in. Instead of your normal “here’s a cool thing happening the space” I want to talk about a recent hack in the space (you may have already heard about it).

Ah shucks, TPan is getting serious. Yes I am, but don’t worry I’ll lighten up as I progress through this piece…I think 😇

PS: I’m not an expert on anything technical in the space nor pretend to be. Also, I will be focusing on a different angle related to this topic (as the title suggests 😉), not just about the hack itself.

Yesterday there was a hack that affected over 8,000 Solana wallets and $7+ million in crypto that was ‘drained’.

Watcher.Guru @WatcherGuru

UPDATE: Over 8,000 #Solana wallets have fallen victim to the on-going hack, with more increasing by the minute.

2:24 AM ∙ Aug 3, 2022


6,785Likes1,790Retweets

News spread quickly through the Crypto ecosystem as some people saw their balances go to 0.

This hack naturally dominated the most recent news cycle and has been the talk of town for the past day.

As unfortunate as the hack is, this particular incident revealed the silver linings of Web3 as it pertains to security, community, and transparency.

Security in Community

WTF does this mean? TBH, I thought it was a nice sounding title lol. BUT I believe this has been a theme throughout my time in Web3. What does it mean and how does this hack relate to it?

I first heard about this hack yesterday evening through an alpha Discord group that I am part of. This wasn’t the earliest notification I received but I pay attention here because this group provides a wealth of information across the Web3 space for me.

Note that this message had a “@everyone”. Similar to many other messaging channels, this indicates an important announcement. These notifications were popping off in other servers as well.

The list goes on, but I’ll spare us. I guess this is a benefit of being in 122 Discord servers lol. Yes, I just spent 5 minutes counting how many Discord servers I’m in.

After receiving the Discord notifications, I was quickly able to find more information on Discord and Twitter. For those that are more technically literate in Web3, @0xfoobar provided a great overview of what was going on.

Twitter avatar for @0xfoobar

foobar @0xfoobar

🚨 Widespread Solana private key compromise 🚨 - attacker is stealing both native tokens (SOL) and SPL tokens (USDC) - affecting wallets that have been inactive for >6 months - both Phantom & Slope wallets reportedly drained

ImageImage

12:38 AM ∙ Aug 3, 2022


5,354Likes2,500Retweets

He has continued to provide updates as to what was status of the hack and potential cause.

Twitter avatar for @0xfoobar

foobar @0xfoobar

Solana hack - looks like the Slope wallet sent plaintext seed phrases to external integration partners. Compromised Phantom wallets came from seed phrase imports used in Slope. Compromised ETH wallets were also from seed phrase reuse. Not a blockchain or randomness issue.

5:26 PM ∙ Aug 3, 2022


3,485Likes1,128Retweets

What are the takeaways here?

  1. Community is a buzzword in Web3. It’s a buzzword to the point where many of us may be rolling our eyes at this point. However, the broader Crypto/Web3 community is a collection of individuals and companies that look out for, help, and protect each other during the bad times.

  2. When bad things happen in the space, Discord and Twitter become the Amber Alerts of Web3. There should and will likely be a better version of this. But for now, when there’s a security related issue, our phones and computers pop up with notifications providing information.

  3. This is also where the concept of decentralization gets interesting. Not sure if I’m butchering the purist definition of decentralization, but bear with me. Depending on the scope/scale of the security issue, the news of it spreads accordingly.

  • If it’s a small single project hack, the impacted project and alpha groups warn accordingly.

  • If it’s affecting a large group or ecosystem (eg: this Solana hack), the broader space warns accordingly (aka I get a announcements in 50 of my 122 Discord servers)

  • In the future, it’d be interesting to have ‘Amber Alerts’ based on a wallet address’ interactions or what tokens it holds 🤔

There is security in community, and we’re seeing it in this recent hack.

"The greatness of a community is most accurately measured by the compassionate actions of its members." – Coretta Scott King

Have you received a notification before? If so, share this newsletter so they get a notification!

Share

Security in Transparency

I imagine those that are unfamiliar with crypto are thinking “Ha! This is why I don’t have crypto. It’s dangerous, hackers are everywhere, and a scam 🙄.” and I get that.

However, isn’t it the same outside of crypto?

These figures are also based on what is reported. I’m sure the real figure is higher than $5.8 billion.

That’s on a consumer level, not hacks related to institutions or businesses. About that…

Source

Source

Ok $6 trillion is a lot. But partially due to inflation, right? 😂

So why does crypto get all the flak when there are hacks outside of crypto that are way bigger from a volume and a $ standpoint?

(I feel like I’m exaggerating with this meme, but my gut tells me I’m not haha)

Transparency.

What is the strength of Crypto from a principles and communal standpoint is a weakness from a marketing and PR standpoint.

In this Bloomberg article written by Joanna and Sidhartha, they had access to information at the same level that almost everyone else had and were able to whip up a solid article in a matter of a hours.

On top of that the media industry runs on an ads and click— Whoops, I’ll stop there before I go on a rant 😉

Would Joanna and Sidhartha write about AT&T and how they inappropriately misled consumers with administrative fees and made hundreds of millions from these unnecessary fees? By the way AT&T denies the claims, but will be paying $14 million to resolve the case. That’s way more than the $7+ million Solana hack.

J & S probably won’t because…

  1. It’s boring as hell 🥱 despite the fact it’s worse than the Solana hack

  2. It’s sort of old news due to the legal process. Can you imagine if headlines were just about developments from several years back? The news industry would be 🪦

Source

Related to transparency, I came across a tweet earlier today that summed up another point well:

Twitter avatar for @NFT_Shooter

McGavin @NFT_Shooter

What I love about blockchain is when exploits happen u hear about it instantly When exploits happen at banks u hear about it months later

5:57 PM ∙ Aug 3, 2022


8Likes1Retweet

I would double down on @NFT_Shooter’s tweet. When exploits happen at pretty much any company, you hear about it months, or even years later. Sometimes, you never hear about them as they’re swept under the rug. That’s probably where that $6 trillion figure mentioned earlier comes from.

The fact that the broader crypto space is not only supportive of each other in the crappy times, but also transparent about it is something traditional institutions and organizations should look upon as model behavior. The nature and incentives of crypto are built in a way where transparency is a pillar of the space.

I know it’s idealistic. However, the tide is turning in wanting transparency. It’s ugly and it hurts sometimes. But it’s real.

See you tomorrow folks.

PS: Ok, I wasn’t as funny as I expected later in this piece, but I hope you still enjoyed it. Thoughts on the more serious tone? Let me know 😉

Loading...
highlight
Collect this post to permanently own it.
Web3 with TPan logo
Subscribe to Web3 with TPan and never miss a post.