In light of the FTX collapse, cryptocurrency exchanges are implementing proof-of-reserves (PoR) as a form of on-chain accounting that shows their entire holdings and customers’ assets. As centralized entities, this is a big step towards a more transparent crypto ecosystem, but some argue it might not be enough to regain investor trust. In this article, we will explain how PoR works and why it matters.
Proof-of-reserves (PoR) is a cryptographic method to verify that an exchange has enough assets to cover all customers’ deposits. In doing so, the exchange ensures customers they have sufficient liquidity on hand to process all withdrawals, should a bank run occur.
This has left the crypto community wondering what other crypto exchanges might be doing with customer assets. As a result, Binance CEO Chengpeng Zhao (CZ) urged all crypto exchanges to do PoR, albeit Kraken was one of the first exchanges to prove their reserves in February 2022.
All crypto exchanges should do merkle-tree proof-of-reserves.
Banks run on fractional reserves. Crypto exchanges should not.@Binance will start to do proof-of-reserves soon. Full transparency.
Proof-of-reserves essentially involves taking a snapshot of all balances held on the exchange which are aggregated into a Merkle tree — a data structure designed to encapsulate and encrypt data. These Merkle trees, also known as hash trees, function as a map of the exchanges’ assets and liabilities (customers’ tokens).
From there, a Merkle root is obtained, which is a cryptographic fingerprint that uniquely identifies the combination of these balances at the time when the snapshot was taken. Afterwards, digital signatures produced by the exchange are collected, which prove ownership over the on-chain addresses with publicly verifiable balances. To put it simply, the exchange discloses these addresses and provides proof that they have access to the associated private key.
Because Merkle trees are part of blockchain technology, anyone can compare and verify if these balances exceed or match the customers’ balances represented in the Merkle tree. In the case of crypto exchanges, this process is either self-attested by the exchange or carried out by an independent third-party audit. As of now, most crypto exchanges have been working with Nansen, a blockchain analytics platform, for their PoR audit.
1/ We are working with exchanges to display proof-of-reserves on @nansenportfolio for everyone to track their token holdings and transactions.
Here's the current list of exchange portfolios and we will live update this thread with more, so make sure you are following! 🧵
Although proof-of-reserves is certainly a step in the right direction, there are still several improvements that could be made to enhance transparency and trust.
Proof-of-Reserves are Pointless without Proof of Liabilities
A proof-of-reserve audit without disclosure of total liabilities, not just customers’ tokens, does not paint a full picture of an exchange’s solvency. This would include anything the exchange owes such as debts and taxes. Kraken CEO Jesse Powell expressed that Binance’s PoR is pointless without liabilities. This is also in reference to other platforms publishing their PoR without mentioning any liabilities. He also added that accounts with negative balances must also be included in the sum of total liabilities.
However, the problem is that these liabilities are NOT on-chain, which means an independent auditor has to step in. At that point, crypto exchanges will have to provide the same proof as all public and regulated companies provide — audited financial statements. (Clonazepam) Coinbase is one of the few exchanges to do this. Since they are a public company subject to U.S. regulations, they have already been proving their reserves using balance sheets audited by the SEC.
Therefore, the most reliable way to prove an exchange’s assets are more than its liabilities is via third-party auditors. In fact, CZ responded to Powell’s comments that Binance would involve third-party auditors to audit their PoR results.
Proof-of-Reserves Audits Can be Falsified
Although the cryptographic proof do not lie, it can be manipulated and framed to look healthy. There is the issue of crypto exchanges moving their funds right after the snapshot for the audit was taken. Recently, Crypto.com mistakenly transferred 280,000 ETH to a Gate.io address after it released its proof-of-reserves audit. Many speculated that exchanges were borrowing assets to show a healthy balance sheet, only to return them after the snapshot.
Moreover, a PoR audit is only as good as its verifier. There is also the issue of exchanges colluding with third-party audits to produce false results. Unless the exchange is audited by a reputable source such as the Big Four accounting firms, we will just have to take their word for it.
Proof-of-Reserves Do Not Prevent Customer Fund Misappropriation
Even then, audits and attestations may not suffice. At its core, crypto exchanges are not the same as banks — crypto is not insured by government depositary schemes. Even if all the steps are done correctly, customers can still lose their crypto if mishandled.
Merkle tree-based PoR would not prevent the misappropriation of customer funds completely. It only tracks the money, providing information. It does not provide customers with greater control over their funds. If the exchange is caught in the act, you would not be able to get your crypto back as it is likely to be tied up in litigation.
At the end of the day, proof-of-reserves is the first step towards a more transparent crypto ecosystem. In effect, it functions as a verification tool to filter out fraudulent crypto exchanges, albeit not completely.
By leveraging blockchain technology, PoR brings crypto exchanges closer to the treasuries of DeFi protocols, allowing anyone to trace funds on-chain at any time. However, there is much to improve in this aspect. But with on-demand, real-time tracking of exchange reserves, the industry is working towards a decentralized and trustless system, where customers do not need to trust the institution, only the math.
Technical analysis made easy with bullish chart patterns packed into a cheat sheet, so that you can make better trades at Bitcoin or other cryptos!
Is Technical Analysis Useful?
Crypto, as a new asset class, is volatile in nature. Its price fluctuates because it is heavily influenced by supply and demand, and it reflects how the public feels about the asset. This is known as market sentiment — bullish when prices are rising, bearish when prices are falling.
The market is constantly changing. In many cases, it does not matter how you feel about it, it only matters how the market is going to feel about it.
Market sentiment is a critical indicator to predict price movements and make investment decisions. An easy way to gauge market sentiment is by looking at chart patterns. They tend to repeat themselves, and once you are able to recognize them, it becomes easier to strategize your entries and exits.
However, it is important to note that they are NOT a guarantee that the market will move in that predicted direction. It should only serve as a frame of reference for you to feel how the market moves.
Bullish Chart Patterns
These are some of the most common bullish chart patterns you will see in the market. This cheat sheet will help you identify real-time candlestick patterns whenever you’re on Binance, or other crypto exchanges, so that you can time your entries better.
Ascending Triangle (Bullish)
Ascending Triangle (Bullish)
An ascending triangle is a bullish pattern which signifies the continuation of an uptrend, hence “ascending” triangle. It can be drawn onto the chart by (1) placing a horizontal line along the swing highs, which is the resistance, and then (2) drawing an ascending trend line along the swing lows, which is the support.
Ascending triangles often have more than two identical peak highs which allow for the resistance line to be horizontal.
The pattern completes itself when the trend breaks through the resistance, continuing the uptrend. This signifies that the asset has a high buying pressure, and buyers are most likely opting for a long position.
Falling Wedges (Bullish)
Falling Wedges (Bullish)
A falling wedge occurs when the trend line is sandwiched between two downwardly sloping lines, getting narrower as the resistance line gets closer to the support line. In this case, the line of resistance is steeper than the support.
It may seem like a downward trend but it isn’t. In fact, it is a reversal pattern. A falling wedge is usually indicative that an asset’s price will drop before it rises and breaks through the level of resistance, as shown in the second picture above.
A falling wedge usually signals the end of the consolidation phase that facilitated a pull back lower. The consolidation phase happens when buyers regroup and attract new buying interest. It can be explained as the “calm before the storm.”
Double Bottom (Bullish)
Double Bottom (Bullish)
A double bottom indicates a period of selling in which the price drops below the level of support. It will then rise to the level of resistance, before dropping again. It resembles a W shape, hence “double bottom.” Jokingly, the W stands for “win”!
Finally, the trend will reverse and begin an uptrend as the market becomes more bullish. It may seem like a bearish trend, but it is in fact a bullish reversal pattern. This signifies the end of a downtrend and a shift towards an uptrend.
It is important to note that most traders would jump the gun by entering a position before the pattern is activated. A double bottom is active only once the buyers break the neck line and secure a close above it. This is why it is important to wait for a close above the neck line before entering the market.
Rounding Bottom (Bullish)
Rounding Bottom (Bullish)
A rounding bottom is both a bullish continuation and a reversal. During an uptrend, the price will drop slightly before rising once more. This would be a bullish continuation.
Afterwards, the bullish reversal occurs when the price is in a downward trend and a rounding bottom forms before the trend reverses and continue upwards.
Bull Flag and Pennant (Bullish)
Bull Flag and Pennant (Bullish)
A bull flag signals that the overall uptrend is likely to continue, followed by a consolidation. It resembles a flag fluttering upwards in the wind.
Usually, there will be a significant increase during the early stages of the trend, before entering into a series of smaller upward or downward movements. This would be the pennant.
Pennants can be either bullish or bearish, and they can represent a continuation or a reversal. The picture above is an example of a bullish continuation.
While a pennant may seem similar to a wedge pattern, as mentioned in the previous section, wedges are much more narrower than pennants. Moreover, wedges differ from pennants because wedges are always ascending or descending, whereas pennants remain horizontal.
Summary
These are some of the most common bullish patterns you will see in the market. This cheat sheet will help you better time your entries when the market sentiment is bullish. However, it is important to note that crypto is volatile in general.
These chart patterns are NOT a guarantee that the market will move in that predicted direction. It should only serve as a frame of reference for you to feel how the market moves.
Celsius Network was one of the largest gateways to crypto with $864 million worth of venture capital raised. They also had over $3 billion worth of funds held in custody for 1.4 million customers. Offering attractive yields, simple to use UI, and promises of security and transparency, it was truly the perfect crypto on-ramp for less experienced crypto users. They abstracted away the complexities of DeFi (Decentralized Finance), and offered only pure and straightforward DeFi yields.
However, their questionable asset management practices have recently come to light. Celsius Network’s risk management strategy heavily relied on continued bullish crypto narratives pushing prices upwards. Which left them unprepared for significant drawdowns. They also engaged in “degenerate trading” strategies which put them at risk of liquidation and potential bankruptcy.
Some believe Celsius will be another big platform to collapse during this bear market, potentially pushing crypto prices even lower than before. And likely resulting in a further liquidation cascade that could destroy protocols, VCs, investment funds, and others.
For another perspective on the situation on Celsius Network and how events may unfold, check out Michael’s analysis:
https://www.youtube.com/watch?v=xGbCX-AdiY4
Celsius Network – Then And Now
What is Celsius Network?
Celsius Network ($CEL) is a one-stop shop fintech app that offers the ease-of-use benefits of CeFi (Centralized Finance) with the best DeFi offerings. They are a centralized DeFi platform allowing users to deposit funds into custodial wallets on the platform. They also offered a range of DeFi services. These included token swaps, high yields on stablecoins and cryptocurrencies and crypto-backed lending and borrowing.
Celsius had a straightforward dashboard, free inter-account crypto transfers and a variety of DeFi features. Hence, Celsius managed to offer a truly incredible product to over a million customers, attracting industry respect and venture capital. So what went wrong?
The Demise of Celsius Network?
Celsius’ demise can be summed up in three parts. Firstly, its problems really started to surface during the LUNA collapse, then followed by a slow unravelling of Celsius’ overleveraged. Finally, poorly planned out WBTC and ETH/stETH positions led them to a complete lockdown of their platform.
LUNA/UST Giga Yields
Luna, through its Anchor protocol, promised a “risk-free” 20% interest on their USD-pegged stablecoin, UST. This was a highly popular product right up until its collapse. However, Celsius was also taking advantage of these high yields, which allowed them to offer high yields to customers while taking some profit.
Although this was denied by Celsisus’ founder, on-chain investigations by firms such as The Block Research, Hoptrail, and Nansen revealed that Celsius was staking up to $535 million worth of UST on Anchor protocol. Reportedly, prior to the full depeg of UST, Celsius managed to withdraw their funds with minimal damage. This left the Terra ecosystem with half a billion-dollar hole in their pockets. It seems that Celsius managed to get out of that situation mostly unscathed. However, this should’ve served as a red flag that indicated what kind of risk Celsius is willing to take on.
WBTC as DAI collateral
This one’s also pretty straightforward. Celsius used customer’s WBTC (wrapped BTC on Ethereum) as collateral to borrow DAI on the Maker protocol. This is so they could stake the DAI stablecoin for very favorable yields. Everything had been going great until BTC prices rapidly tumbled after the UST collapse. As prices tumbled, it was cheaper to keep adding collateral instead of paying off their DAI debt, losing some capital and the DAI yields. This did this likely in hope for a trend reversal or possibly a short-lived BTC relief rally. However, customers’ funds were subsidising this collateral.
stETH & locked ETH
Celsius offered their customers an attractive <8% yield on ETH while the best ETH staking deal one could get was by staking their ETH on the Ethereum PoS Beacon chain, which offers ~4.2% yield at best. So how could they possibly deliver such an incredible deal for their customers?
The solution was staked ETH (stETH) which is a liquid ETH derivative offered by Lido Finance. stETH is a fully collateralized representation of ETH staked on the Ethereum PoS Beacon chain. After the Merge, when users can withdraw staked ETH, 1 stETH will be redeemable for 1 ETH. This allows anyone to earn a yield on ETH offered by the Beacon chain without running the staking infrastructure. But, stETH’s dollar value is not pegged to ETH’s dollar-value. Also, stETH cannot be redeemed for ETH.
So Celsius was doing three things with their customer’s ETH to generate the exorbitant yields:
Lending out ETH and earning interest on DeFi protocols (27% of their total ETH);
Swapping them for stETH to generate ETH staking yields and at the same time lending out stETH to provide liquidity and earn interest on Curve Finance, a decentralized crypto exchange. (44%); and
Staking ETH on Beacon chain, rendering it illiquid for at least a year or whenever The Merge happens and the ETH gets unlocked. (27%).
The current issue Celsius is facing is the fact that while swapping an equivalent amount of ETH for stETH, stETH currently is not trading for the same dollar value as its ETH equivalent. This is due to several reasons. As a result, they’re currently in possession of roughly $0.94 for every $1 worth of ETH owed to their customers. On paper. In reality, it’s much worse than that. Celsius holds ~445k stETH, currently valued at $540 million and cannot all be swapped for ETH on the Curve Finance pool due to lack of liquidity.
So, Celsius was lending 27% of their ETH on DeFi, and swapped 44% of their ETH for stETH. However this stETH is now worth less than ETH. stETH also cannot even be fully exchanged for ETH. As a result, most of Celsius’ ETH is illiquid.
Celsius Liquidity Crisis
The situation is getting direr by the day for Celsius. Whilst BTC and ETH prices were tumbling, their ETH liquidity was drying up. Hence they had to top up their WBTC collateral several times from 22k all the way down to 14k to avoid margin calls.
To do this, they’ve put all withdrawals, swaps, and transfers between accounts on hold since 12th June 2022. Thereby completely locking users out of their assets. This was to prevent a bank run, which would’ve completely drained Celsius of their holdings.
Celsius files for Chapter 11 bankruptcy
On 13th July 2022, Celsius Network filed for bankruptcy in the Southern District Court of New York. In its announcement that Celsius had filed for Chapter 11 protection. The filing of Chapter 11 bankruptcy protection means that Celsius can continue operating its business and restructure its obligations.
The Company also states it has US$167m cash on hand to support operations during the restructuring processes. It hopes that through the process, it would stabilize its business to maximize value for all its stakeholders.
Will Celsius users get their cryptocurrencies back?
Celsius’ Directors justified its earlier decision to pause trading and withdrawals to “… stabilise its business and protect its customers”. This is to prevent customers who did not quickly withdraw their funds from being left waiting for Celsius to come up with the liquidity.
In an interview with Cointelegraph, Danny Talwar, Head of Tax at Koinly expressed concerns that Celsius may be like Mt.Gox. Mt. Gox collapsed in 2014 and users still have not seen any of their funds returned.
Celsius has not made any announcement as to whether or not they will reopen the platform to allow withdrawals. In their blog post on 14th July 2022, Celsius stated that:
“Most account activity will be paused until further notice. Withdrawals, Swap, and transfers between accounts will remain paused, and rewards will stop accruing as of the date of the filing. Celsius is not requesting authority to allow customer withdrawals at this time.”
Looking forward, Celsius “…intend[s] to put forward a plan that restores activity across the platform, returns value to customers, and provides choices.”
Celsius lawyers: Users gave up legal rights to their cryptocurrencies
Celsius Network’s lawyers stated that users with Celsius’ Earn and Borrow accounts gave up the rights to their crypto under its terms of service.
According to a tweet from Kadhim Shubber, a Financial Times reporter, Celsius Network’s lawyers stated the recovery plan would involve HODLing. They believe customers would be interested in hodl-ing throughout this bear market. Then they would realise their recovery when the market recovers.
Celsius to run out of money in October/November 2022?
Celsius was initially expected to run out of money in October 2022 according to their Weekly Cash Flow Forecast filed with the Court. However, an updated Forecast filed on 6th September 2022 shows that the Company will still have US$42 million in cash left by the end of November 2022.
Celsius weekly cash flow forecast
Profiting off the Celsius collapse? What is #CelShortSqueeze?
Twitter hashtag #CelShortSqueeze has been trending even before Celsius Network filed for Chapter 11 bankruptcy protection. #CelShortSqueeze appears to have been set up as a grassroots movement by $CEL token supporters or traders liquidated by $CEL backed loans.
The #CelShortSqueeze movement is an attempt by Celsius supporters to make it harder to short the $CEL token. This is by encouraging others to buy $CEL on exchanges such as FTX or Uniswap, and send the tokens to private wallets. The purpose of this is to take the $CEL tokens out of circulation of centralized exchanges. Hence spot short traders intending to borrow $CEL from exchanges are forced to use decentralized exchanges. This is because on decentralized exchanges, users can set the sell prices.
The #CelShortSqueeze movement seems to be effective in propping up $CEL token prices at or over 80 cents. This is despite the news of Celsius filing for bankruptcy protection. Whilst prices initially dipped to 48 cents right after news of the bankruptcy came out, #CelShortSqueeze supporters helped bring back prices to 80 cents and over.
In a win for #CelShortSqueeze supporters, prices of $CEL pumped to $1.42 on 29th July 2022, the highest in almost 1 month.
The #CelShortSqueeze movement shows what retail investors can be capable of when they band together through the power of social media. There is a lot of uncertainty right now as to what will happen to the $CEL token as Celsius Network is figuring out how to restructure and rescue the company. The restructuring process can take years and it is unknown when Celsius will re-open withdrawals to customers. So Celsius holders are certainly hoping that the #CelShortSqueeze movement does not lose steam until then.
Celsius seeks to open withdrawals for some customers
On 1st September 2022, Celsius filed a Court motion to open certain accounts for customers to withdraw their funds. However, Celsius’ motion only applies to Custody and Withold Accounts and for assets with a value of US$7,575 or less. Celsius’ Custody and Withold Accounts are basically storage wallets and users still retain legal ownership of their cryptocurrencies. In contrast, Celsius’ Earn and Borrow Accounts offer borrowing and annual crypto earnings services. If the Court grants this motion, around US$50 million (out of the US$225 million held in the accounts) will be released to customers.
Whilst some have reacted positively to this news, there are others who point out that this is hardly fair to affected Celsius users. Commentators have pointed out that in any event, under US law, Celsius is unable to avoid transferring sums under this amount if creditors so request.
Celsius co-founder declares shares “worthless“
Daniel Leon, one of the co-founders of Celsius is seeking a Court declaration that his equity in the Company is “worthless”. Leon is a substantial shareholder of the Company and holds 32,600 common shares. Shareholders make these declarations during bankruptcy proceedings when they do not think they will receive any further distribution for their holdings. The result of this declaration is that the shares can be used as a tax write-off.
Celsius will be revived as Kelvin- a crypto custody service?
According to an announcement at a Celsius employee meeting on 8th September 2022, CEO Alex Mashinsky and Head of Innovation and Chief Compliance Officer Oren Blonstein plan to revive Celsius. The plan is to launch a project called Kelvin, which will store users’ cryptocurrencies and charge fees for specific transactions.
This is a departure from Celsius’ existing business model, where Celsius does not charge any fees for transactions, withdrawals, origination, or early termination.
Latest: Celsius leaks customers’ personal data-where is the info now?
On 5th October 2022, Celsius filed publicly available court documents revealing personal data on thousands of its customers. The court documents filed by Celsius revealed, among others, customers’ names, and transaction information such as transaction amounts, times, types, and descriptions. According to Henry de Valence, Founder of Penumbra Labs, the information leaked by Celsius is sufficient to “dox all the on-chain activity” of any Celsius user by matching the dates and amounts to the blockchain transaction data.
However, this saga is far from over, as the customers’ data has recently been made publicly available on a website called Celsiusnetworth.com. The website lets people search the names of Celsius users, along with their cryptocurrency holdings on Celsius. It also included a leaderboard that listed which customers suffered the greatest losses.
Celsius executives and founders withdrew nearly US$35 million before withdrawals were frozen
As a result of Celsius’ court filings, it has been revealed that its executives had already withdrawn funds totaling nearly US$35 million in the weeks before withdrawals on the platform were frozen. Filings revealed that ex-CEO and co-founder Alex Mashinsky withdrew around US$10 million from the Celsius platform in May 2022. Meanwhile, co-founder and former chief strategy officer Daniel Leon withdrew around US$7 million, and current chief technology officer Nuke Goldstein around US$550,000.
Celsius paused its withdrawals weeks later in June 2022 before filing for Chapter 11 bankruptcy in July.
A spokesperson for Alex Mashinsky states that the US$10 million withdrawal was planned even before Celsius intended to pause withdrawals, as the funds were used to pay taxes. Also, Mashinsky’s family still had US$44 million worth of cryptocurrencies frozen on the Celsius platform.
Conclusion
What becomes of Celsius going forward is unclear. However, what is clear is that time and time again we get to witness the extreme importance of the age-old rules of crypto – be wary if something seems too good to be true, and never put in more than what you can afford to lose.
It is easy to become swept up in the hype, so doing your own research is incredibly important. Thinking critically and understanding the fundamentals can help you avoid a lot of heartache in the future.
Out of all blockchain attacks, cross-chain bridges are one of the most targetted ones. Just last week, Binance lost $570 million as a result of an exploit on Binance Smart Chain’s Token Hub Bridge. Even Binance, one of the world’s secure and reputable cryptocurrency platforms, fell victim to a cross-chain bridge hack. This brings us to an important question: why do cross-chain bridges keep getting hacked, and why do people still use them despite its security risk?
One of the biggest limitations of blockchains has been their inability to work together. Each blockchain has its own protocols or smart contracts that are not compatible with other blockchains on a programmable level. As a result, you cannot spend Bitcoin in the Ethereum network, for example. This is where cross-chain bridges come in to provide interoperability.
A cross-chain bridge connects two blockchains, enabling users to transfer data and liquidity from one chain to the other. It also allows users to access new protocols on other chains, making it so that developers from different blockchain communities can collaborate together. Moreover, with Lego-like composability of decentralized finance (DeFi) applications, cross-chain bridges can potentially open up a whole new world of efficient and creative financial services and products for users.
Without cross-chain bridges, the crypto industry would be bottlenecked by network congestions, since there is no bridge to off-load data and transaction executions.
Why are Cross-Chain Bridges Vulnerable?
When you bridge an asset to another blockchain, it is not exactly “sent.” Instead, through smart contract execution, the assets are first deposited, locked, or burned on one blockchain. Afterwards, they are then credited, unlocked, or minted on the other blockchain in the form of a wrapped token.
However, this asset conversion is not guaranteed. This is because cross-chain bridges are independent entities that do not belong to any blockchain. This means that no blockchain can verify that any asset is bridged, since they cannot access off-chain information. The bridging process mainly relies on two parties to ensure successful transfer:
Third-party oracles who interpret off-chain data for on-chain use.
Validators or custodians (DAO or smart contract) who safekeep the original asset and release the wrapped asset.
As you can see, there are several layers of trust, not just during the token swap but throughout the entire bridging process. Users must additionally continue to trust that they will be able to bridge the wrapped token back in the future on a 1:1 basis. Herein lies the vulnerability of cross-chain bridges: with multiple processes and third-party involvements, there is a brief window of time where hackers can target any one of these actions in isolation, not to mention possible bugs or flaws in the smart contract coding in which hackers can exploit.
How are Cross-Chain Bridges Hacked?
A successful cross-chain bridge hack typically ends up with tokens being minted on one blockchain without a corresponding deposit on the other. There are three types of exploits to achieve this:
Fake Deposits
During the bridging process, each deposit has to be validated before allowing a transfer to go through. If a hacker can create a fake deposit that validates as a real one, they can trick the system into minting free tokens without putting in any money.
This mostly happens due to a flaw in the logic of the smart contract coding, where both tokens share the same proof of event. This would allow the attacker to call the function to deposit one token with fake data that can generate proof to withdraw the other token on the other blockchain.
This is what happened to Binance when the attacker managed to forge proof messages of non-existent tokens that were then accepted by the BSC Token Hub bridge.
Signature Verification Bypass
A digital signature is a process to verify transactions, using the private key to sign the transaction and its corresponding public key to authorize the sender. However, if the smart contract uses an outdated function, it may not be able to verify the correctness of certain instructions. As a result, an attacker could create an input account with malicious data to spoof previously valid digital signatures. This would allow them to bypass the verification step and generate proof messages to mint free tokens.
The Wormhole hack is an example of this attack, where the hacker bypassed the verification step by injecting a spoofed SYSVAR account, enabling them to freely mint 120,000 wETH (worth $326 million at the time).
Validator Majority Attack
Some cross-chain bridges have validators that vote whether or not to approve certain transfers. Similar to a 51% attack, if an attacker controls a majority of the validators, they can approve any transaction, allowing them to withdraw free money. An infamous case of this is the Ronin Network hack, where the attacker took control five of the nine validator nodes and stole $620 million.
Based on principles of cryptography, decentralization and consensus, blockchain technology offers one of the strongest securities against traditional cyber attacks. However, it is not foolproof, even the strongest blockchains like Bitcoin and Ethereum have inherent vulnerabilities due to their infrastructure. In this article, we will look at the different types of attacks possible on a blockchain.
51% Attack
What is a 51% Attack?
A 51% attack, also known as a majority attack, is when a single person or a coordinated group controls over 50% of the hashing power on proof-of-work blockchains OR more than half of the validating power (staked cryptocurrencies) on proof-of-stake blockchains.
How does a 51% Attack work?
Since transactions on a blockchain are validated via consensus, owning 51% of the blockchain’s hashing power or staked crypto gives the attacker majority rule, effectively allowing them to take control of the network. In such a scenario, the attacker has the final say in the validation process, even if the other 49% are against it. This potentially causes network disruption in a number of ways:
The attacker could reverse their own transactions, leading to a double-spending problem.
They could rewrite parts of the blockchain protocol, deliberately modifying the ordering of certain transactions.
They can even prevent some or all transactions from being confirmed, denying other miners or validators from earning rewards, which results in a monopoly.
Limitations of a 51% Attack
On the other hand, a 51% attack does have its limits in the amount of disruption it can cause. While the attacker could reverse their own transaction, they cannot reverse other users’ transactions on the network. Moreover, given the immutable nature of the blockchain, the attacker cannot alter the functionality of block rewards nor create coins out of thin air (unless there is a bug in the smart-contract coding).
How likely will a 51% Attack happen?
While possible, a 51% attack is unlikely as it is extremely expensive to execute. Owning more than half of the network’s computing power or staked crypto could potentially cost millions or billions of dollars depending on the user population of the blockchain. This is why the bigger the network, the stronger the protection. A majority attack is virtually impossible to occur in leading blockchains such as Bitcoin, Ethereum and Binance Smart Chain.
But it is worth noting that the blockchain should be truly decentralized, on top of having a large userbase. This is because organizing a 51% attack would most likely be a coordinated effort. If several malicious actors collude and pool their resources together, then the network would be more centralized, which could potentially lead to a majority attack. This is more prevalent amongst smaller altcoin blockchains. Ethereum Classic (ETC), Bitcoin Gold (BTG), and Verge (XVG) were notable victims of the 51% attack.
Sybil Attack
What is a Sybil Attack?
A Sybil attack is when an attacker uses a single node to create and operate multiple fake accounts in order to gain disproportionate influence over decisions made in the network. It is a smaller variation of a 51% attack. The main difference is that a Sybil attack largely focuses on manipulating the number of accounts or nodes rather than already owning them. It also targets smaller areas in the blockchain, whereas a 51% attack is capable of taking over the entire network. However, in some cases, a successful large-scale Sybil attack can transition to a 51% attack.
The word “Sybil” derives from a case study about a woman named Sybil Dorsett, who was diagnosed with a Dissociative Identity Disorder, also known as Multiple Personality Disorder.
How does a Sybil Attack work?
A Sybil attack is quite difficult to detect and prevent, because most public blockchains do not have trusted nodes due to its decentralized nature. This means that the system perceives all nodes and accounts as real, even the fake ones. There are two scenarios of a Sybil attack:
By creating numerous fake identities (or Sybil identities), the attacker will have enough capacity to out-vote the honest nodes on the network, allowing them to perform unauthorized actions in the system.
The attacker can also control the flow of information in a network. If the attacker manages to obtain information about your IP address, they can create many fake nodes to surround you. They can then prevent you from receiving or transmitting blocks, effectively blocking you from using the network.
How to prevent Sybil Attacks?
Although a lot of time and research went into figuring out a way to detect and prevent Sybil attacks, there is still no guaranteed defense as of today. But there are some ways to help mitigate Sybil attacks:
Identity validation techniques such as phone number, credit card or IP address verification can help reveal the true identity of hostile entities. This is a secure way to suss out fake accounts or bots for most types of peer-to-peer networks. However, this relies on a central authority to perform these identity validations which sacrifices anonymity for accountability. Moreover, this means that the validation authority could become a target for attack.
Social trust graphs, on the other hand, can limit the extent of damage by a specific Sybil attacker, while maintaining anonymity. You can analyze connectivity data in social graphs like SybilGuard or SybilLimit to identify suspected Sybil clusters in distributed systems. But this technique is not perfect either, as small-scale Sybil attacks are more difficult to detect.
Blockchain Denial of Service Attack (BDoS)
Denial of Service Attack (DoS)
Before we go into Blockchain Denial of Service attacks (BDoS), let’s take a look at its predecessors.
Traditionally, a Denial of Service attack (DoS) or a Distributed Denial of Service attack (DDoS) when multiple computers are involved, is a malicious attempt to disrupt real users’ access to a website or network service by overloading its servers with a massive amount of traffic, causing the website or application to slow down its functionality or even crash entirely.
But for blockchains, a DoS or DDoS attack is difficult to execute, especially if the network’s userbase is large and decentralized. This is because a decentralized network distributes computing power worldwide, eliminating single points of failure such as servers or apps. Even if several nodes are down, the blockchain is able to continue operating and validating transactions, unless…
What is a Blockchain Denial of Service Attack (BDoS)?
With the rise of blockchain technology, a new type of DoS attack emerged — a Blockchain Denial of Service attack (BDoS). These attacks focus on the protocol layer of a blockchain, usually PoW blockchains, with the biggest threat being transaction flooding.
Since most blockchains have a fixed block size, there is a limit to how many transactions can fit into a block. Attackers can exploit this by spamming transactions to the blockchain, filling the blocks to prevent legitimate transactions from being added to the chain. The legitimate transactions remain in the public mempool waiting for the next block.
How to prevent a Blockchain Denial of Service Attack (BDoS)?
Penetration testing is a core security auditing process that helps identify potential vulnerabilities before the mainnet is deployed. By simulating in-dept attacks, penetration testing offers traffic analytics tools that can help blockchain developers spot some of the telltale signs of a DoS attack such as unusual traffic patterns from a single IP address or IP range.
In the crypto industry, discovering early-stage moonshot projects can be difficult. Investors who manage to enter early usually secure massive returns, and some of these projects end up becoming successful in the long run. However, there are many low-quality projects and scams looking to take advantage of early investors, resulting in pump-and-dump schemes. Therefore, the market needed a more secure mechanism to raise funds for crypto startups. This is where launchpads come in.
Before we take a look at what crypto launchpads are, it is important to learn about its predecessor — Initial Coin Offering (ICO) and why they are no longer practiced.
What is ICO and Why does it Matter?
Similar to all business ventures, crypto projects require capital to build their product and meet their objectives. They typically achieve this via crowdfunding, and the first fundraising model in the crypto industry is an ICO, where crypto projects would raise funds by selling a part of their total token supply to the community. This allowed investors to purchase tokens at the cheapest price possible before they are listed on a crypto exchange.
In 2017, ICOs began to take off thanks to Ethereum’s open-ended smart contract protocol. Developers can easily create new applications and tokens (ERC-20 tokens). Moreover, smart contracts can be executed to calculate raised funds and distribute tokens once crowdsale is complete. As a result, the majority of ICOs took place via the Ethereum network.
Numerous projects saw substantial gains of their token as high as 10,000x, making a lot of early investors very rich. By the end of 2017, an estimated $4.9 billion was raised through ICOs reported by the Wall Street Journal. However, ICOs quickly became a way for investors to gamble in hopes of making easy profit. As a result, project fundamentals became less important to would-be investors.
This led to many security issues. For example, since cryptocurrencies were unregulated at the time, anyone can launch an ICO anonymously. Many malicious actors took advantage of the hype and created false projects and ICOs. They would rug pull investors’ funds, or even just run away with the money, abandoning the project before it ever got listed on an exchange. It became so severe that the U.S. Securities and Exchange Commission (SEC) intervened, imposing strict securities laws on ICOs which subsequently led to ICO bans worldwide such as South Korea and China.
Crypto Launchpads – The Beginning of IEO and IDO
Because of the ICO bubble, faith in the crypto industry was lost. This made it very difficult for legitimate blockchain projects to raise funds and build products with real value. Fortunately, not long after, crypto launchpads came to the rescue. Launchpads are essentially platforms that help crypto projects raise capital while giving access to early-stage token sales for their group of investors.
There are two main types of crypto launchpads — Initial Exchange Offering (IEO) and Initial DEX Offering (IDO). The difference between the two is where the fundraising is being held. Let’s look at the first one, IEO.
What is IEO?
An IEO is a fundraising model where the project receives the backing of a crypto exchange like Binance or FTX. The fundraising event is administered by the exchange, in contrast to an ICO where the project team themselves conducts the fundraising on their website. With IEOs, users can buy tokens on the exchange’s launchpad directly from their exchange wallet.
IEOs generally have high security as most crypto exchanges are regulated to an extent. They actively follow stringent protocols to prevent fraud including know-your-customer (KYC) and anti-money laundering (AML) verifications. The projects are carefully scrutinized, vetted, and selected by the exchange team for their IEO. Project teams must at least have a white paper and minimum viable product (MVP) ready for the exchange to review. Thus, would-be investors are assured that the startups under IEO listings are legitimate. After all, the exchange is staking its reputation behind the projects on its platform, offering a higher degree of trust behind the project.
For crypto projects looking to raise funds, an IEO offers the promise of an immediate userbase that can see their product. In other words, IEOs help create exposure to the project. This also means that the project can reduce their outside marketing funnels for fundraising, enabling them to focus only on the development of their product.
Top IEO Launchpads
Some of the top IEO launchpads include Binance Launchpad, Huobi Prime, KuCoin Spotlight, Gate.io Startup, and many others. In fact, the first IEO in history was launched by Binance Launchpad in the first quarter of 2019. Moreover, these top IEO launchpads are more than a platform for offering tokens. They also provide full advisory service for projects, leveraging their insights and experience to help build better products.
Disadvantages of IEO
Though IEOs are generally secure, not all crypto exchanges are equal. Some may not be as strict in doing due diligence or implementing regulations. This means that there is still a risk of a pump-and-dump scam, as advanced scammers could pull a meticulous long con.
Moreover, listing fees may be quite high, especially on reputable exchange platforms. Startups may also be asked to pay commission from token sales. They can be considered as centralized gatekeepers about the types of projects that proliferate, meaning that only somewhat established projects can earn a spot.
What is IDO?
On the other hand, IDOs are approved by the community of a decentralized exchange (DEX) instead of a crypto exchange. Given the decentralized nature of these exchanges, anyone can become an approver. The community can vote on projects that they are interested in. This alleviates the gatekeeping bottleneck that IEO exchanges have, giving smaller legitimate projects a chance to shine.
Similar to ICOs, some DEX teams also provide advisory service to listed startups, offering them a tool for engaging their communities in an economy that enhances their products while allowing them to make smart business decisions regarding their assets. However, unlike centralized exchanges, most IDO launchpads have their own native tokens, which in some cases serve as an entry requirement for users to participate in crowdfunding.
Though IDOs are more transparent and accessible to everyone, there are also drawbacks. Since DEXes tend to be a lot smaller than centralized exchanges, new projects might receive substantially smaller traffic than IEOs. Moreover, because every one gets a say in the approval process, long-con projects can also sneak their way in with eye-catching proposals and marketing.
Key Takeaway
Investing in potential crypto startups can generate massive returns if successful. IEO and IDO launchpads are a great place for you to research upcoming innovations and learn more about what they offer. Though not completely risk-free, they offer far more security advantages than ICOs.
As Ethereum is steadily approaching the transition to a Proof-of-Stake mechanism, one notable thing that has changed, aside from further protocol development, has been the change in terminology.
We have already covered Ethereum 2.0 extensively in one of our ongoing blogs where we go in-depth on everything you need to know about Ethereum’s transition to PoS:
Let’s take a closer look at the rebranding from Ethereum 2.0 to the Ethereum Merge, as well as go over the most recent developments in Ethereum’s roadmap as of May 2022.
Check out our latest video- Ethereum Merge: ALL you need to know (including ETHPOW)
Ethereum Merge: ALL you need to know (including ETHPOW)
The move away from using the former term “Eth2.0” that signified the final transition from PoW to PoS was a result of several different developments and considerations, both technical and cultural.
On the technical side, the use of Eth2.0 started to become an inaccurate representation of the PoS transition. Originally, the Ethereum 2.0 roadmap envisioned that both the Phase 0 (Beacon Chain) and Phase 1 (Sharding) would be completed before the final transition. (Clonazepam) But the Beacon Chain was developed faster than expected, making researchers realize that the final migration to a PoS mechanism would be delayed by years due to the focus on sharding. In addition, the ever-growing pressure from the masses about the environmental impact of PoW chains made the migration to PoS that much more pressing.
As the Beacon Chain was deployed, Ethereum L2 rollups started gaining popularity, demonstrating significant scalability potential even for a non-sharded Ethereum blockchain. This released some pressure on solving the scalability challenges that Ethereum’s L1 has faced for years, allowing the R&D team to focus on the remaining Ethereum’s upgrade plans both for the PoW chain, as well the Beacon Chain.
From a cultural perspective, the use of the old terminology would’ve further perpetuated confusion about the nature of Eth1.0 and Eth2.0, making it seem like once Eth2.0 is launched, Eth1.0 will be gone, which is not the case. In addition, scam prevention was another consideration that favoured the rebrand, as the distinction between Eth1.0 and Eth2.0 would’ve likely resulted in scammers trying to convince users to swap their ETH tokens for fictitious ETH2 tokens.
The result of all of this was a decision to move away from the confusing Eth1.0 and Eth2.0 terminology, and rather call the transition to the PoS mechanism on the mainnet The Merge. By choosing to name the process instead of the final outcome (which in reality remains, in essence, the same), a lot of headache and confusion has been avoided.
Progress Towards The Ethereum Merge: Current status
Public testnets being battle-tested
Deployed in late December 2021, the Kintsugi testnet was a public testnet meant to allow execution and consensus client developers and application developers to become familiar with the post-Merge environment. The testnet was bombarded with transactions, bad blocks, and chaotic inputs to battle test it and find bugs.
A new specification for the proceeding public testnet, called Kiln, was published after edge cases from Kintsugi had been discovered. It’s expected to be the last new public testnet to be created before the existing ones are upgraded. Continued extensive testing of the Kiln has been taking place since The Merge took place on it on March 15th 2022. The Ethereum community practised running their nodes, deployed contracts, tested infrastructure, and threw everything they had at it to see if it breaks.
Mainnet shadow forks
Although a lot had been learned since deploying and testing Kintsugi and Kiln testnets, they were still very young testnets with little activity, which prevented proper stress testing of assumptions regarding syncing and state growth. And this is where shadow forking came in. Shadow forking makes it possible to fork an existing testnet, such as Goerli, and the mainnet (with a lot more activity), and add merge related properties to its config, thus allowing the fork to inherit the state of the original testnet.
These shadow forks are short-lived, allowing for testing on them only for a few weeks until a new beacon chain has to be spun up.
Three Goerli testnet shadow forks took place in January and March, and the first mainnet shadow fork happened on April 11th 2022, with the second one following on 23rd April.
The results of the latest mainnet shadow fork have been described by Adrian Sutton from ConsenSys in his twitter thread. The team will continue stress testing main forks, and collaborate with client developers to make them even more robust against edge cases. From now on the main theme as we approach The Merge has been and will be – testing, testing, and even more testing.
Wen Merge? The Triple Halvening, And Price Predictions
As to when The Merge will happen is still somewhat up in the air. No one has, understandably, given any specific dates, but the general consensus is that late Q3 is the time when we are likely to see it finally happen. The dev team’s sole focus is on The Merge, with very little else discussed, as can be seen in the latest AllCoreDevs session update by Tim Beiko.
Price predictions are also under hot debate, as, once The Merge is complete, two factors will influence ETH’s price, one emotional, the other baked into the protocol. Realistic estimates of the fair price of ETH fluctuate around $5000.
The emotional aspect, as experienced by the market, will result from The Merge successfully completing, which will mark the end of the most significant change in the protocol in Ethereum’s history, and solidify the incredible technical competence of Ethereum core devs and researchers, further giving the market confidence in ETH as an asset and the ecosystem as a whole, driving up the price further.
The technical reason for why price is likely to pump is due to the Triple Halvening, which will reduce Ethereum’s annual inflation rate from 4.3% to 0.43%. Following last year’s EIP-1559 upgrade, Ethereum now burns about 70-80% of the fees, with the rest going to PoW miners. Post Merge, these fees will go to the PoS validators. This means that ETH stakers will see their rewards rise to about 8-10%. Staking will lock in significant amounts of ETH, as staked ETH cannot be moved or used in the markets, making enormous amounts of ETH illiquid, further driving up the price. EIP-1559 and The Merge combined are predicted to cause the equivalent of 3 bitcoin halvenings, reducing ETH sell pressure by up to 90%.
In addition, the move to an environmentally friendly PoS mechanism, which will reduce energy consumption by up to 99.95%, will make the asset much more appealing to institutional investors who might’ve been kept away from investing due to public’s pushback on Ethereum’s current energy consumption.
Great progress is being made by the Ethereum team, and the continued successful merges of mainnet forks clearly demonstrate the culmination of 6 years of back-breaking work, and give hope that The Merge truly is just around the corner. For those interested in the nitty-gritty of The Merge preparations, it’s worth checking out The Merge Mainnet Readiness Checklist which lists in detail all of the various tasks that need to be worked through to make The Merge ready for Mainnet release.
Why is the Ethereum Merge so important to crypto traders?
Many cryptocurrency and particularly Ethereum ($ETH) traders are eagerly anticipating the Ethereum Merge because afterward, the issuance of ETH is expected to be reduced by about 90%. This means there will be less ETH in circulation, and in turn, the lower the supply, the higher the demand- potentially resulting in Ethereum prices going up.
ETH Merge is a huge success!
On 15th September 2022 at 06:42:42 UTC at block 15537393, the Merge was completed.
And we finalized!
Happy merge all. This is a big moment for the Ethereum ecosystem. Everyone who helped make the merge happen should feel very proud today.
Missed our historical LIVE Merge party? Check it out here!
Ethereum Merge Party – Watch the Merge live!
How have Ethereum ($ETH) prices reacted to the Merge?
Ethereum ($ETH) prices showed a slight pump in the hours following the Merge. Prices hit a peak of over US$1,640 before coming back down to just under US$1,600. The next crucial point in terms of where ETH prices would go would depend on whether there is any hard fork.
For the past decade, we have seen the rapid growth of the cryptocurrency industry, with new innovations emerging every now and then. But with thousands of crypto brands out there, standing out among the rest becomes more difficult by the day. Having a unique concept and building it out is one half of the battle, the other half is marketing and presenting it to the world.
Crypto projects, like any other businesses, require strategic marketing and exposure to attract potential investors and partnerships. Crypto marketing agencies can fill this vital role while crypto ventures can focus on their business and development.
Cinchblock is one of the leading crypto and blockchain marketing firms based in Hong Kong. They specialize in growth hacking and influencer marketing, and are extremely efficient in expanding the brand of web3 startups. They achieve this by leveraging their vast network of influencer power worldwide. As such, they have worked with over 2,500 influencers who cover promotional content that would support the long-term growth of their clients.
Since their launch in 2017, Cinchblock has around 160 clients, holding more than 3,800 marketing campaigns so far. Compared to other crypto marketing agencies, Cinchblock performed exceedingly well in promoting play-to-earn and NFT projects during the GameFi boom in 2021. The agency contributed to the success of several notable GameFi and NFT projects such as MetaWars (9,582% ATH) and Refinable (25,233% ATH). This is largely attributed to the experienced development team that Cinchblock has who understands every aspect of smart contract programming, game development, tokenomics ecosystem design and more.
Founded in 2015, Wachsman is a New York-based strategic communications consultancy firm that has worked alongside some of the largest corporations across the Americas, EMEA, and the APAC regions. Their clients span those operating in heavily-regulated environments, such as institutional banking, insurtech and fintech giants, financial service providers, and even national governments.
Apart from experience and expertise in the traditional financial and policy circles, Wachsman is also highly competent in the blockchain landscape, providing services and solutions for web3 businesses and innovators. They are trusted advisors to numerous leading blockchain networks, payment gateways, cryptocurrency exchanges, DAOs, DeFi protocols, innovation labs and more.
Established in 2018, Coinbound has worked with some of the biggest names in web3 such as MetaMask, TRON, and Cosmos. The company specializes in thought leadership marketing and influencer marketing, managing one of the largest network of crypto influencers in the world across Twitter, YouTube, TikTok, Instagram, and more. Its clients saw a 60% increase in organic traffic following successful social media campaigns.
Coinbound also delivers public relations expertise with contacts at some of the largest crypto publishers such as CoinTelegraph, Decrypt, and Forbes. This helps their clients secure organic coverage from the biggest names in the blockchain industry, reaching a wider audience worldwide.
Founded in 2017, Crypto PR is a global Web3 marketing and PR agency. The strength of this agency comes from the former experience of its founder as a PR consultant for Fortune 500 companies, along with long term experience in Web3. They are well known for their solid narrative building, creative strategy, and trend creation within the Web3 ecosystem.
On the creative front, Crypto PR established a production house to create entertaining video commercials, known to be the only crypto agency with such service, it has launched its first crypto video commercial earlier in August 2021, The Crypto Fortune Teller. Shortly after launching the campaign, many other crypto projects followed this video commercial trend, such as FTX, Crypto.com and Coinbase.
Solutions and Services Provided:
Digital Transformation Advisory Public Relations Investor Relations Influencer Marketing Social & Community Management Creative Advertising
When it comes to tailored crypto marketing services, NinjaPromo is perhaps the best agency in engaging with clients by establishing personal connections. Their team understands all industry principles and practices very well, specializing in helping B2B firms, blockchain infrastructures, FinTech companies, software vendors, and various start-ups with global promotion.
NinjaPromo is characterized by flexibility and innovation, hence their name as ninjas are quick and deadly. They have demonstrated the ability to keep up with the times, adopting the latest developments, technologies and methods of crypto marketing. As such, the agency is highly proficient in helping clients reach their target audience.
Founded in 2021, Coinpresso is a very young crypto marketing agency within its startup phase. But what they lack in age, they make up for with outstanding data-driven results. Within a year, Coinpresso is regarded as the best agency in terms of search engine optimization, search engine marketing, and content marketing.
Their marketing model is based on a click funnel approach and ROI-based hypotheses. In other words, they have a team of talented copywriters and technicians that provide engaging content for users, optimizing click-through rates to drive traffic across a variety of platforms and search engines. This is a very cost-effective way to support the growth of their clients. According to their website, increasing the click-through rate of websites “by as little as 2% can increase revenue by millions of dollars.”
Blockwiz was established in 2019 by Dev Sharma who has previously held executive leadership roles with some of the biggest crypto companies, such as OKX and Paxful. The company was founded upon Sharma struggling to find a crypto marketing agency he could trust.
Because of Sharma’s connections, Blockwiz specializes in developing big, active communities with a number of marketing services and solutions, from influencer marketing campaigns to search engine optimization. As of now, the agency holds one of the largest marketing portfolios with 250 high-profile names including KuCoin and Bybit.
Since 2017, Crowdcreate has been one of the pioneers in blockchain marketing and strategy. The agency is also a global leader in NFT and GameFi marketing, amassing one of the largest communities of crypto influencers and thought leaders. Solana, Axie Infinity, and The Sandbox are some of the world famous names that Crowdcreate has worked with.
Crowdcreate is one of the few marketing agencies who has the resources to host global conferences and events to gain international exposure for their clients. As of today, they have raised $250 million in total across 500+ successful projects.
Blockchain App Factory offers more than just marketing services. With multi-chain support, they create blockchain-based solutions for their clients, helping them streamline development, production, and research. According to their website, they can work with various blockchain networks, including Ethereum, TRON, and EOS. Moreover, all of their services are compliant with existing regulations, and they even provide legal consultations for their clients.
Decentralized finance (DeFi) has revolutionized financial services, creating new possibilities unlike anything that exists in traditional banking. DeFi protocols allow you to transfer value, exchange tokens, take out loans, provide liquidity, earn yields and so much more. As the market expands, it is likely that even more innovations will surface.
This is because of how smart contracts work. The open-source and permissionless nature of blockchains allows anyone to code their own contracts or even integrate a component of another protocol in their own application. As a result, the applications built on a smart-contract network can run interchangeably.
This is known as “composability” — the interoperability of DeFi protocols resulting in efficient and creative financial services and products for users. It is the core basis of DeFi and is what helped the ecosystem grow so quickly.
What are “Money Legos” in DeFi?
To understand how composability works in DeFi, we can view components of DeFi protocols as Lego blocks, giving rise to the term “money legos.” Each building block has its own functionality such as borrowing, lending or staking assets, just to name a few. Developers can stack multiple protocols together like Aave, Compound, Yearn, Curve or Synthetix to create a new DeFi protocol, just as you would a Lego set.
For developers, money legos save a lot of time and complications around building a new decentralized application (DApp). They do not need to start from scratch as they can simply integrate existing money legos into their own. What money blocks provide are solutions to more complex processes which require more steps than usual.
Moreover, developers can build smart contracts that can operate the legos in any order, be it one before or after the other, or in parallel. For example, by joining the money legos together and then specifying the order of events through a smart contract, users could
Put up collateral for a loan on Aave
Stake half of the loaned amount on Curve
Trade half of the loaned amount on Uniswap
Pull out both amounts simultaneously and take profit
Pay off the loan on Aave
This is just one type of scenario. As you can see, there are infinite possibilities with money legos. It is up to your creativity how much use you can make of the combination of their functions to optimize your crypto. Furucombo is a great platform to experiment different possibilities of DeFi money legos.
Why “Money Legos” Matter?
“DeFi” is a buzzword that gets thrown around a lot. People often associate DeFi with low fees and yield farming, but do not exactly know how the underlying infrastructure works. Therefore, it is important to learn about money legos as they are the building blocks for programmable money, hence its name. While developers can compare and choose specific DeFi protocols to cut down on fees when building new applications, investors can better optimize and manage their crypto by having a better understanding of money legos.
As savvy investors, we know that key performance indicators (KPI) of a healthy market and ecosystem are trading volume and activities. As such, money legos are powerful tools that can expand the potential possibilities of the ecosystem. They add to the utility of each existing protocol, while improving the blockchain’s network effect.
In other words, each time a new protocol is created in the DeFi space, a new money lego is born that can also be used to offer more new services within the sector. These new protocols will offer faster and more efficient services, giving investors more ways to generate profit. For each new money lego, hundreds or thousands of new combinations become possible.
However, as of now, composability mostly favors protocols of the same blockchain. For example, DeFi protocols on Ethereum can only interact with other protocols on Ethereum. Same goes for Solana or Cardano. Perhaps in the future, true multi-chain interoperability will allow protocols on one blockchain interact with a protocol on another blockchain. This means that crypto will become more accessible, further increasing their adoption.
Risks of “Money Legos” Composability
Since DeFi protocols can seamlessly integrate with each other, this means that the entire ecosystem hinges on each of its money legos. If one of the core money legos is compromised, it could lead to a chain reaction, potentially affecting other integrated applications.
This is possible because of the interoperability between the DeFi protocols. For example, you can carry out complex strategies like borrowing Synthetix (SNX) from Aave, depositing SNX into Synthetix to mint sUSD, then swap sUSD for DAI on Curve. Now if any one of these protocols is attacked, then all of their liquidity pools will be severely affected.
Moreover, certain protocols also have wrapped crypto tokens (e.g. WBTC, renBTC, wETH) that are pegged to the value of another crypto. This means that you not only have to trust the protocol you deposit your funds to but all the others it may be reliant upon.
Key Takeaway
It is important to understand money legos as they are the building blocks of the DeFi ecosystem. Money legos help developers create new protocols, offering faster and more efficient financial services for DeFi end-users. It also helps investors get the best trades and the best yields when it comes to earning from DeFi protocols. That is the whole concept behind the idea of composability. Seamless interoperability among components helps to build the best and most creative solutions.
NFTs (non-fungible tokens) have become very popular amongst cryptocurrency traders and are drawing a lot of attention from several industries. The world of art has greatly benefitted from the sector, more than other industries (so far) because it opens creators and potential buyers to an ever-expanding marketplace. Generally, this stems from NFTs’ non-fungible nature, meaning that each one is unique.
Table of Contents
What makes NFTs special?
Anyone can trade one Bitcoin (BTC) or Ether (ETH) for another and end up with the same asset they traded in terms of value and usability. However, non-fungibility means that no two assets are alike. If you trade one NFT for another, the newly-received asset will be fundamentally different. In the art sector, this allows people to buy directly from the creator, with the assurance that there is no duplicate anywhere. NFTs have also created a whole asset class and industry of NFT speculators which buy, sell and trade them for profit. There are estimates that in 2021 alone, there were over US$23 billion worth of trades in NFTs. In fact, the most expensive NFT sold in 2021 was Beeple’s The First 5,000 Days, which sold for US$69.3 million.
Some Common NFT Scams
However, as with most up-and-coming industries, the NFT space is rife with its fair share of scams. Malicious players find ways to take advantage of buyers pumping money into the industry. Scammers are also becoming more sophisticated with their methods and will go to any lengths to swindle NFT holders, especially since some NFTs are worth millions. Here are some common NFT scams.
Fake offers
Scammers frequently entice NFT holders with false offers. Known methods include phishing emails, fake links, and service offers that require people to sign malicious contracts. Sometimes, people willingly give up their signatures for seemingly legitimate reasons, such as a paid offer to help animate your NFT. Tokens and NFTs may get stolen after you sign the transaction. In December 2021, scammers hacked the NFT marketplace Fractal, pushing a link to prospective buyers through the platform’s official Discord. Within 10 minutes, around 370 users lost 862 SOL, worth more than US$150,000 at the time.
False NFT projects
The NFT space has seen several rug pull scams where a known or unknown creator publishes an NFT for sale. For many reasons, including the possibility of high returns, people may skip adequate due diligence and quickly sink money into a new NFT with growing popularity. In many cases, these projects eventually lose their value and can’t be sold for a profit or the initial capital. The unknown creators then take all the money and are almost always unreachable. A popular example is the Frosties rug pull and scam. In January, buyers who purchased pieces of the cartoon ice cream digital collection lost a total of . (https://inboundrem.com) 3 million after the creators and funds disappeared from OpenSea.
Counterfeit NFTs
Scammers can create fake NFTs that resemble originals, especially when the original is not very popular. The forger would then list the fake NFT on a marketplace where an unsuspecting buyer may purchase what they think is the authentic version. Since no one wants a plagiarized or counterfeit NFT, the buyer is left with a worthless asset.
Pump and dump scams
Here, a group of scammers artificially pump a worthless NFT collection which eventually drives price and demand from speculators. Within a short period, the collection garners enough attention that people consider it valuable and start buying. However, the group will pull the plug and disappear as soon as they make enough money from the sale. The price of the NFT eventually tanks, leaving holders unable to resell their worthless NFTs. A relevant example of a pump-and-dump scam is the Squid Game token. Last year, unknown creators launched a token that exploited the popularity of Netflix’s Squid Game series. The SQUID token pumped past $2,800 and eventually crashed to $0. The scammers made away with more than $3 million in total and have still not been found.
Fake Holder Verification Bots
Scammers may create programs that impersonate authentic verification bots used with discord servers. Owners then allow approvals for these fake bots that transfer sensitive information to scammers who steal the NFTs.
How to Avoid NFT Scams
All players in the NFT marketplace should know how to avoid scams. Due diligence often does the trick, as fake projects or assets usually have features that stick out. Generally, avoiding scams requires a lot of caution from NFT holders. Owners looking to sell their NFTs must set approvals. The process requires the seller to set an approval so that the marketplace can transact on the owner’s behalf if, for example, someone else buys the asset. While popular marketplaces like OpenSea are relatively safe, there is still a significant risk with setting approvals.
Approvals give the receiving contract or address the authority needed to transfer tokens. If a malicious bot or contract has the approval, your funds are not safe. To avoid these scams, there are a few things to note.
Setting approvals and verification
The blockchain is a public ledger and does not need permission for people to read stored information. However, executing transactions on the blockchain requires gas. When transacting with a third-party bot, marketplace, or address, any verification requiring gas fees is likely illicit. In the same way, setting approvals should cost some gas. There might be a serious problem if a transaction to set an approval is gasless.
Due diligence
It is important to do intensive research into an NFT collection or project before purchasing it. Trustworthy projects should have verifiable teams compromised of members without fraudulent histories. Depending on the project, a whitepaper might also be necessary. For phishing scams, buyers must double-check email addresses and links to ensure authenticity. Buyers must also do their due diligence to avoid plagiarized or counterfeit NFTs by confirming verification ticks on marketplaces or sticking to links posted on the project’s official Discord.
Discord Notes
Buyers using Collabland for management can attach specific notes to authentic bots in a server. This note will be available anywhere you see the bot, making it easy to avoid corrupt bots.
Personal Safety
All wallet credentials should only be in safe locations that are not easily accessible by third parties. It is inadvisable to keep this information on a mobile phone or with someone else. All owners should also consider unique passwords in addition to two-factor authentication (2FA).
Conclusion: Staying Safe
Avoiding NFT scams requires continuous effort. Buyers who have done their due diligence should consider taking further steps, including actions not listed above. Since the NFT space is still somewhat nascent, buyers should expect that scammers may come up with newer ways to steal NFTs or swindle unsuspecting users. Therefore, traders must take additional protective steps when buying, selling, or setting approvals for NFTs.
