Technology and Industry

• In a recent message to zcash (ZEC) co-creator Zooko Wilcox, Edward Snowden, who played a secret role in the creation of the privacy-enhancing cryptocurrency zcash, agreed to make his participation public knowledge. [more]

  • “As long as it is clear that I was never paid and had no stake, it was just a public interest thing, I think you can tell people,” wrote Snowden, who is scheduled to speak at Consensus 2022 in June.

  • Zcash has two kinds of transactions: transparent and shielded. The transparent ones are visible on the public blockchain, just as regular BTC transactions are visible on the Bitcoin blockchain. The shielded transactions, however, go into “privacy pools,” which you can think of as black holes where they all get swished together. These pools ensure that there’s no way for blockchain observers to know where the coins came from or where they go.

• Solana got hit by “insane amount of data” flooding, knocking validators out of consensus and grinding still block production. [more]

  • Bots had swarmed the popular NFT minting tool known as Candy Machine earlier Saturday with an unprecedented tsunami of inbound traffic: four million transaction requests and 100 gigabits of data every second – a record for the network, one source at the Solana Foundation said.

• The Juno blockchain community officially voted to confiscate millions of dollars worth of tokens from a single user’s wallet. The JUNO holder in question – dubbed a “whale” due to his massive quantity of tokens – stood accused of gaming a JUNO airdrop to claim more tokens than his rightful allotment. [more]

  • As a result of its passage, the proposal will automatically upgrade Juno’s blockchain to move the revoked funds into a community-controlled smart contract. From here, the Juno community will be able to vote on what to do with the tokens next.

  • Asano indicated that he might consider pursuing legal action, depending on what the community decides to do next.

• Graphics processing units (GPUs), which are used for mining ethereum, are getting cheaper as the network prepares to switch to a proof-of-stake (PoS) model from proof-of-work (PoW) [more]

• Telegram enables its users to send crypto token Toncoin via Telegram Chat. [more]

• Financial Market:

  • BlackRock launches blockchain ETF [more].

  • Goldman Sachs has granted its first ever Bitcoin-backed loan [more].

  • Fidelity Investments will offer investors the option to put bitcoin in their 401(k)s by the middle of this year. Regulators have urged caution against involving cryptocurrencies in 401(k)s, citing speculation, volatility and high valuations for their concern. [more]

Regulatory

• Africa - Central African Republic has become the second nation in the world to adopt bitcoin as legal tender. [more]

• Europe - A European Central Bank (ECB) board member has taken a tough stance against digital assets, dubbing the business of blockchain a “lawless frenzy.” Fabio Panetta, who has served on the ECB board since 2020, called for greater regulation of the emerging asset class to protect investors from the “Ponzi scheme” of cryptocurrencies. [more]

• Bahamas - The Prime Minister of The Bahamas, Phillip Davis, remarked in the course of his parliamentary contribution laying the white paper before Parliament that the Government has “a vision to transform The Bahamas into the leading digital asset hub in the Caribbean and a global leader in the progressive regulation of businesses in this profoundly innovative space.” [more] [more-whitepaper]

  • Crypto exchange FTX has cemented its relationship with the Bahamas, having broken ground Monday on its new headquarters in the country’s capital. It cited friendlier regulations and looser Covid-19 restrictions as reasons for its move from Hong Kong to the Bahamas [more].

  • Crypto exchange OKX wants its OKX Bahamas arm to be the hub of its global operations [more]

• United States - The New York State Department of Financial Services, or NYDFS, recommended that all digital currency companies operating under New York banking law adopt blockchain analytics to trace transactions [more].

• Panama - Panama’s National Assembly passed a bill that will allow for private and public use of digital assets. If the proposal is signed into law by Panamanian President Laurentino Cortizo, citizens will also be able to pay taxes using cryptocurrencies, the National Assembly said.  

Security and Risk

• 25 Apr - Bored Ape Yacht Club’s official Instagram account was hacked. The attacker stole 91 NFTs from users who connected their wallet to receive the fake airdrop. [more]

  • Rough estimated by BAYC losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as assorted other NFTs estimated at a total value of ~$3M. However, a report that more $13M worth of NFTs were stolen. [more]

  • When the Instagram account was accessed by the attacker, it was used to post a fake update claiming there was a LAND airdrop and users had to connect their wallets to claim the airdrop.

  • This was taking advantage of the Bored Ape roadmap, which includes a metaverse game that will contain virtual land. When users connected to their wallets — and likely approved a transaction — the website stole their NFTs.

• 28 Apr - DeFi application Deus Finance was exploited for the second time this year, with the attacker gaining more than $13.4 million of cryptocurrency through flash loan attack. [more] [more-security-analysis]

  • The attacker used a flash loan to trick the way Deus's smart contracts read data on the platform’s liquidity pools. This allowed the attacker to artificially inflate the value of some assets, borrow funds and make a profit after repaying the loan.

  • The attacker took out a flash loan of over 143 million USDC, and used that to swap 9.5 million DEI. This caused the price of DEI to suddenly become more expensive than the usual exchange rate of $1.

  • The attacker then used some 71,000 DEI to borrow over 17.2 million DEI using the manipulated prices. After which, the attacker repaid the flash loan and managed to pocket $13.4 million.

    

• 30 Apr - DeFi platform Fei Protocol offered a $10 million bounty to attacker in an attempt to negotiate and retrieve the stolen funds from various Rari Fuse pools worth nearly $80 million. [more][more-security-analysis][more-security-analysis2]

  • While the exact losses from the exploit were not officially released, external security analysis pointed the root cause as a typical reentrancy vulnerability. While reentrancy bugs have been the main culprit in many exploits within the DeFi ecosystem, the $80 million loot makes the Fei Protocol exploit one of the largest reentrancy hacks ever.

• Ronin exploitation postmortem - Sky Mavis security roadmap [more]

  • Engage security companies to provide continuous security defense.

  • Increasing the amount of validating nodes on Ronin Network.

    • Sky Mavis increased this to 11 from nine validator nodes, and are onboarding three more validator nodes soon. In the next three months, their target is 21 validator nodes, with the long-term goal of having over 100.

  • Implement stricter internal procedure

    • Including more robust training courses to combat external threats and the use of work-only devices to further mitigate risks.

  • Conduct audits, with all code fully reviewed and optimized.

  • Create a Zero-Trust Organization to verify and authorise every connection to ensure the interaction meets the conditional requirements of our security policies.

  • Launch Bug Bounty. Sky Mavis is offering bounties of up to $1 million to encourage responsible disclosure of security vulnerabilities.

  • ISO27001 and other security related certifications. Sky Mavis will go through various certification processes.

Coffee-chat

Singapore’s Cryptoscape:

• Crypto trading and venture capital firm Three Arrows Capital is moving its headquarters from Singapore to Dubai, United Arab Emirates. The planned move comes as Three Arrows Capital organizes its first-ever fund that would take capital from external investors. [more]

  • Three Arrows Capital is the latest crypto giant to eye the Middle East as the regulatory climate in Singapore appears to have soured.

• The CEO of Singapore's DBS Bank said in a recent earnings call that his bank’s focus is on expanding its crypto offerings to accredited and institutional investors and will consider opening up a retail line when regulators and the technology are ready. [more]

• Independent Reserve’s survey — conducted across all age groups and genders of the Singapore population — revealed a strong affinity for various financial opportunities brought forward by decentralized finance (DeFi) and other investment opportunities. [more]