August 5, 2022
Access our research on the Bloomberg Terminal with ERH GXY <GO>
or visit www.gdr.report
gm,

this week, christine kim provides another of her great overviews from the latest ethereum all-core developer call, which happened yesterday. developers discussed timing of the merge upgrade and development of MEV-boost software.

we also cover 1) a feeding frenzy hack of the nomad cross-chain bridge, 2) how a poorly designed solana wallet was exploited and around $5m in funds was stolen from more than 9,000 wallets, and 3) some momentum building for a continuation of proof-of-work ethereum after the merge to proof of stake.

on this week's episode of the galaxy brains podcast, we spoke with alex gladstein, chief strategy officer of the human rights foundation, about HRF's work, its support of bitcoin development, and how HRF and the activists it supports around the world use bitcoin as they struggle against authoritarianism. this was a great discussion that illuminates a major use of bitcoin that often goes overlooked by investors in the united states.

that's all for now - have a great weekend!

best,
alex
Market Update
The total implied network value (market cap) of the digital assets market stands at $1.08tn, up 0.93% from last week (when it stood at $1.07tn). Bitcoin’s network value is 3.76% of gold’s market cap. Over the last 7 days, BTC is down 1.66%, ETH is down 0.61%, and BNB is up 8.14%. Bitcoin dominance is 38.39%, down three percentage points from last week.
Data current as of 8:55 AM ET on Aug 5, 2022. Prices and data via Messari.
Three Big Stories
🌞 Campaign for Ethereum Chain Split Post-Merge Gains Steam
Justin Sun, the founder of Tron and the permanent representative of Grenada to the World Trade Organization, announced his support this week for a contentious chain split after Ethereum’s Merge upgrade. Sun tweeted on Thursday, “We currently have more than 1 million #ETH. If #Ethereum hard fork succeeds, we will donate some forked #ETHW to #ETHW community and developers to build #ethereum ecosystem.” ETHW is the proposed ticker symbol for the competing version of Ethereum that stays on proof-of-work led primarily by a Chinese miner known as Chandler Guo (Editors Note: our head of research Alex Thorn prefers “Ethereum Cash” and ECH as the ticker, but he appears to be the only such proponent). Not much is known about Guo’s prominence in the Ethereum mining community or how much hashrate he operates as a self-proclaimed ETH miner. However, his initiative to support an Ethereum chain-split at the Merge has caught the attention and support of Sun. Consequently, the cryptocurrency exchange acquired by Sun, Poloniex, has announced they will be supporting ETHW as a tradable asset assuming Ethereum miners do dedicate hashpower to progressing the PoW version of Ethereum post-Merge. In addition, the dollar-pegged stablecoin created on Tron, USDD, will reportedly also be issued on the Guo’s ETHW chain. 
OUR TAKE: This week, we’re seeing the early beginnings of lobbying and social coordination in support of an Ethereum chain split post-Merge. As discussed in last week’s newsletter, the amount of support that can be garnered from exchanges, miners, and users for a competing version of the Ethereum blockchain after the Merge will be an important indicator of how long-lived and valuable such a network could become. Without much support, Ethereum PoW is unlikely to last any meaningful amount of time. For background, when a public blockchain forks into two different chains, holders of assets on the original chain pre-split receive the equivalent number of tokens on the new fork, essentially “doubling” their holdings. Concretely, if we see an ETHW chain live on post-Merge, all the accounts (and the private keys that control them), and all the tokens (both ETH and any other tokens) will exist simultaneously on both chains based on the ledger’s state at the point of chain split. This allows holders of coins to spin up ETHW wallets and access those versions of their coins. Though their holdings will double in native terms, the market value of tokens on each version will not be the same. Regardless of whether the ETHW chain exists, exists for a short period of time, or actually survives over the longer term, there is a high likelihood that all tokens on ETHW being immediately dumped by ETH holders shortly after the birth of the Ethereum PoW chain. Should a strong and persistent social coordination campaign in favor of ETHW take place between now and the expected date of the Merge, there is the possibility that miners considering redirecting their hashrate to Ethereum Classic may reconsider their strategy and perhaps support ETHW. Ultimately, the decision will come down to how profitable miners expect ETHW to become in comparison to ETC.

Ethereum core developers discussed timing for the Merge this week during another fortnightly ACD call. Full notes on the call here. Developers confirmed that they will pencil in a tentative date for activating the upgrade on mainnet shortly following the activation of the Merge on the Goerli testnet. Specifically, developers are indicating that after Goerli successfully merges to PoS, at that point they will set firmer date for mainnet activation. As background, Goerli is the third and final major testnet on which the Merge upgrade will be activated. Assuming the Goerli activation goes smoothly, there is a high likelihood that developers will plan for releasing the upgrade on mainnet Ethereum in mid-September. By September, it is expected that the impacts of Ethereum’s difficulty bomb will start to rear its head and steadily increase block times. For background on Ethereum’s difficulty bomb click here. As such, another important step in building legitimacy around Sun and Guo’s ETHW chain will be concrete planning around how to disable the difficulty bomb mechanism shortly following the chain’s launch. -CK
🕵️ Slope Wallet Compromises Thousands of Solana Users' Private Keys
Earlier this week, a vulnerability in a Solana self-custody wallet allowed the theft of millions of dollars of tokens from thousands of users. The attack began on Tuesday, rendering the crypto community in a state of constant angst as people rushed to uncover what was causing the exploit and who might be in danger. The fact that coins were stolen from wallets self-custodied by users is extremely rare and caused significant fear across the community as analysts attempted to learn the cause. This angst prompted many to rush to transfer all of their assets to the safety of a hardware wallet (which keeps private keys offline during transaction signing) as well as to centralized exchanges.

The attacker was able to drain funds from user wallets because they somehow obtained compromised private keys originally generated by Slope Wallet. With these private keys, the hacker was able to sign transactions transferring assets from the users’ wallets to their own wallets. Although a complete postmortem on the attack is still underway, the crypto community has come to some initial conclusions about how the exploit went down. In short, Slope Wallet (a browser-based, non-custodial crypto wallet) is the main culprit (not Phantom as initially guessed by some in the community). Specifically, any user who generated a wallet in the Slope app was vulnerable to the attack (including Phantom users who had imported a Slope-generated seed phrase instead of generating a new seed phrase).

The official Solana Status Twitter account said of the attack, "After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications."

This view is consistent with that of 0xFoobar’s, who indicated that the attack was made possible by Slope passing plaintext seed phrases over POST requests to their servers. Slope’s official statement on the matter stopped short of admitting guilt, but they did acknowledge that existing Slope users were in fact impacted by the attack. Slope implied that existing users are now vulnerable and they recommended that users transfer their assets to a brand-new wallet with a new seed phrase. Slope also underscored that hardware wallet users were not exposed to the attack. In all, Slope’s statement seems consistent with what other stakeholders have uncovered about this attack.

Ultimately, somewhere between $4mn and $6mn across 9k+ wallets was stolen in this exploit. While the hack was not nearly as big as prior hacks in the crypto space in absolute USD terms, the nature of the attack sent shockwaves across the community. Following the attack, there is a heightened focus on best practices related to self-custody.
OUR TAKE: If the reason for the vulnerability was because Slope, a non-custodial wallet which is supposed to generate private keys securely on users’ devices, was actually also storing the backup seed phrases for those keys on their own server and in plaintext (unencrypted), that is an absolute failure by the Slope team. If that’s what Slope was doing, they were essentially custodying their users private keys (and doing so remarkably poorly). This directly undermines the point of a non-custodial wallet. And to be clear, storing seed phrases on centralized company servers is not something that non-custodial wallets typically do (or need to do).

But this attack is not a big deal only because of the specific failure of Slope, but also because of the uncertainty it created in the crypto space in a rapid amount of time. While bridge hacks have exceeded $100mn in the past, they are well understood at this point with a clear upper limit to the extent of their impact. In this instance, an unknown attacker was able to sign transactions on behalf of unsuspecting users with affected users not seeing any particular vulnerability on their end. There is no upper limit to the extent of damages in this scenario. Depending on the specific nature of the vulnerability and what aspect of non-custodial technology was compromised, this could have affected users across many wallets, including even those operated by exchanges. Luckily, it appears now that the impact was relatively contained. Nonetheless, the community’s panic could have led users to start questioning the fundamentals of cryptography, the robustness of layer 1 protocols, and/or anything else they can think of. This death spiral of emotion can also have knock-on effects with the broader crypto market. Successfully attacking non-custodial wallets also undermines the widely repeated mantra of many crypto advocates: not your keys, not your coins. If this attack dissuades more users from self-custodying their coins, that will be a major setback. Suffice to say, it is extremely important to understand the exact nature of how this attack happened even though it seems like only a small amount of money lost in total.

Another factor is that Slope (and Phantom, the most popular Solana wallet, for that matter) are closed source applications (meaning their source code is not widely available for review or contribution by third parties), which inhibited the ability of independent researchers to audit their code. It is true that open-source software, subject to the scrutinizing eyes of the public, could have precluded this type of exploit from happening in the first place. That’s not to say, however, that open source is the only way that software should be developed. Sollet, an open source Solana wallet, says on its own website advises novice users to download Phantom or Solflare for a better UI, positioning their Sollet product as useful for advanced users or developers. Open source software is generally much more poorly funded than closed source applications developed by for-profit businesses, leading to worse UX. While open-sourcing software works incredibly well at the infrastructural level (think Linux and Bitcoin), this success does not always translate to the application level due to often worse UX.

While this entire debacle sets back the self-custody narrative, it’s worth emphasizing the continued importance of self-custody both for security and the ability to interact with on-chain applications, of which offline hardware wallets are still the best practice. The fundamental challenge with hardware wallets is that users want to interact with on-chain apps, and hardware wallets create a sub-optimal user experience by introducing additional steps for use. There is a perverse incentive right now for users to leave crypto assets in their browser wallets, in spite of the reduced security, because there is less friction for transacting (especially on mobile). While leading hardware wallet manufacturers Ledger and Trezor have made impressive strides with integrating with most browser-based wallets to improve their UX, this event will likely renew the sense of urgency around further improving the hardware wallet experience for users. For Solana users, Solana’s announced Saga phone could offer a nice mix of enhanced security (because it will use a secure element to store and generate keys) and nimble UX with a user experience that could mirror that of any other browser-based or mobile crypto wallet. It will be interesting to watch the development of this phone, along with other crypto-enabled smartphones, going forward. -SQ
🌉 More Cross-Chain Pain as Nomad Bridge Drained 
Nomad Bridge exploited for $190m in 5th largest DeFi hack. Nomad is a cross-chain messaging protocol that uses optimistic verification to enable users to bridge tokens between chains including Ethereum, Avalanche, Evmos, Milkomeda, and Moonbeam (including serving as the canonical bridge for the latter 3 to Ethereum). (To read more about optimistic verification, read our report on Layer 2 networks). The optimistic verification relies upon fraud proofs to determine if message relayers are dishonest, requiring message latency of 35-60 minutes. Nomad is closely partnered with Connext, an interoperability routing protocol that can provide users with shorter latency on bridge transactions.

Monday evening, the Nomad Bridge was exploited which saw its $190m TVL slowly drained across several hundred transactions in ~$100k-1m increments over the course of an hour. Impacted tokens included wBTC, wETH, USDC, DAI, FRAX, CQT, and others. According to security researcher @samczsun, the exploit was due to a smart contract loophole that was introduced following an upgrade, which changed how cross-chain messages were checked and had the unintended consequence of auto-proving the cross-chain messages. Initially, all the outbound transactions on Ethereum were going towards a single address before some were directed to other wallets as other individuals were able to copy the initial attack. In total, 40 different addresses had received stolen funds from Nomad including several known ENS addresses as well as another address labeled Rari (Arbitrum) exploiter.

Following the attack, Moonbeam Network entered into "Maintenance Mode" to prevent further damage, while the Nomad team requested recipient wallets to return stolen funds as white hat hackers to the Official Nomad Funds Recovery Address, safeguarded by Anchorage Digital. As of writing Thursday evening, ~$19m has been sent to that address (~10% of stolen funds), which Nomad eventually intends to return to affected depositors. According to the Rekt leaderboard, the $190m Nomad exploit ranks #5 among all DeFi hacks.
OUR TAKE: Nomad adds to the growing list of exploited bridges. It's a bad look for interoperability protocols, and users will likely exert more caution when using bridges or supply liquidity to bridges. However, it is important to specify that the Nomad vulnerability was a smart contract bug introduced during an upgrade and that the economic security of the bridge was not compromised, unlike several other bridge hacks. In addition, there was some speculation that a prior audit had identified the vulnerability that Nomad had ignored, but those rumors had later been disproven. Still, the incident highlights the need for continuous auditing of contracts whenever implementing upgrades to live protocols and the failure of the Nomad team to stop the attack as it was occurring over the course of an hour.

What's particularly interesting about the exploit is how other users were able to replicate the attack used by the initial actor. As the Nomad team was unable to stop the attack as it was occurring, some of these copycats (i.e., the white hats) served as the protocol's primary line of defense, securing funds and preventing them from being siphoned by malicious actors. To assist in the recovery of funds, Nomad had initially communicated that it was working with law enforcement to identify and flag recipient wallets, which netted an impressive return in the official recovery address. Additional funds are likely to be recovered as on Thursday evening, the Nomad team offered a sweetener to recipients that stated any party that returns at least 90% of total funds would (i) receive up to a 10% bounty, and (ii) labeled white hats that would be protected from the team's legal pursuits.

Evmos, Milkomeda, and Moonbeam were significantly impacted by the exploit since they relied upon Nomad as their canonical bridge from Ethereum. Moonbeam's TVL dropped 68% from pre-exploit levels of $190m, Evmos TVL fell 65% from $7m, and Milkomeda's TVL dropped 40% from $32m. Wrapped versions of assets on these networks backed by locked assets on Ethereum became effectively worthless. As a safety precaution, users that bridge to other networks are encouraged to quickly swap any "wrapped" assets to native "unwrapped" tokens on those networks, freeing themselves of liability to the bridge. In addition, emerging L1s relying upon Ethereum for bridged liquidity should look to add multiple bridging options to prevent concentrated risk with a single provider. The incident is certainly a setback for these ecosystems, but it should not detract from optimistic verification technology, even that built by Nomad, and should reinforce best security practices for both protocol teams and users. -CY
Other News
  • Michael Saylor steps down as MicroStrategy CEO and assumes role as Executive Chairman.
  • BlackRock partners with Coinbase to make it easier for institutional investors to trade BTC.
  • Crypto developer admits to faking nearly 75% of Solana’s DeFi TVL.
  • Starbucks teases the incorporation of digital collectibles in their rewards program.
  • Solana unicorn Magic Eden expands their NFT marketplace to Ethereum.
  • Bipartisan leaders of the U.S. Senate Agriculture Committee introduce a new bill that would make the Commodity Futures Trading Commission (CFTC) the direct regulator of BTC and ETH
  • Bitcoin wallet Galoy announces stablecoin backed by bitcoin collateral using inverse perpetual
  • In partnership with Paxos, Binance introduces monthly attestation holdings reports for BUSD
  • Chiliz takes $100m stake in FC Barcelona’s digital studio
  • Solana’s NFT marketplace Magic Eden expands to Ethereum
From the Desk
Access our research on the Bloomberg Terminal with ERH GXY <GO>
or visit www.gdr.report
Ethereum All Core Developers Call #144
Christine Kim summarizes the main discussion topics and decisions from the latest call between Ethereum core developers.

Crypto & Blockchain Venture Capital - Q2 2022
Despite drawdown in crypto markets, venture funding for the crypto and blockchain industry has continued to pour in. Leulaye Maskal breaks down the key trends in crypto & blockchain venture capital in Q2 2022.

Galaxy Digital Research Podcast
Listen to our podcast on Apple, Spotify, Amazon, or wherever you listen to podcasts.

In this week’s episode, we talk about the use of Bitcoin by political activists living under authoritarian regimes with the Chief Strategy Officer of the Human Rights Foundation, Alex Gladstein
Charts of the Week
The open interest in options linked to Ether (ETH) has risen dramatically since mid-July and is now at the highest levels since the end of last year. We’ve seen significant upside option prints with buyers of the December 2022 2600/3000 call spread, as well as significant open interest now in March 2023 calls, perhaps with investors betting on the Shanghai upgrade (the next upgrade after the Merge occurs this Fall). The two biggest changes sought for the Shanghai upgrade are 1) danksharding, the mechanism that will make it cheaper for rollup L2s to operate on Ethereum, and 2) enabling the unlocking of ether staked on the proof-of-stake chain (currently staked on the Beacon Chain). The latter—the ability to un-stake staked ether—may not actually be bullish in the classic sense, as it could lead sell pressure, but on the other hand, it is essentially the final piece of the Merge upgrade to proof-of-stake. (All ether currently staked on the Beacon Chain (and, after the Merge occurs, on Ethereum’s mainnet), is currently locked and unable to be withdrawn, including the rewards earned by those validators.
On Thursday, Optimism’s liquidity mining program went live on Aave V3, which will distribute 5m $OP tokens to Aave users over 90 days. Since the announcement, TVL on Aave V3 jumped by ~$230m on the day, driving TVL on Optimism up 40% on the day to nearly $800m. $OP token has rallied nearly 300% over the past 3 weeks to new ATHs above $2
Thank you!
Thanks for reading this week. Have a great weekend.

Please feel free to contact us at research@galaxydigital.io with any questions or comments.
Alex Thorn
Head of Firmwide Research, Galaxy Digital
Legal Disclosure:
This document, and the information contained herein, has been provided to you by Galaxy Digital Holdings LP and its affiliates (“Galaxy Digital”) solely for informational purposes. This document may not be reproduced or redistributed in whole or in part, in any format, without the express written approval of Galaxy Digital. Neither the information, nor any opinion contained in this document, constitutes an offer to buy or sell, or a solicitation of an offer to buy or sell, any advisory services, securities, futures, options or other financial instruments or to participate in any advisory services or trading strategy. Nothing contained in this document constitutes investment, legal or tax advice. You should make your own investigations and evaluations of the information herein. Any decisions based on information contained in this document are the sole responsibility of the reader. Certain statements in this document reflect Galaxy Digital’s views, estimates, opinions or predictions (which may be based on proprietary models and assumptions, including, in particular, Galaxy Digital’s views on the current and future market for certain digital assets), and there is no guarantee that these views, estimates, opinions or predictions are currently accurate or that they will be ultimately realized. To the extent these assumptions or models are not correct or circumstances change, the actual performance may vary substantially from, and be less than, the estimates included herein. None of Galaxy Digital nor any of its affiliates, shareholders, partners, members, directors, officers, management, employees or representatives makes any representation or warranty, express or implied, as to the accuracy or completeness of any of the information or any other information (whether communicated in written or oral form) transmitted or made available to you. Each of the aforementioned parties expressly disclaims any and all liability relating to or resulting from the use of this information. Certain information contained herein (including financial information) has been obtained from published and non-published sources. Such information has not been independently verified by Galaxy Digital and, Galaxy Digital, does not assume responsibility for the accuracy of such information. Affiliates of Galaxy Digital may have owned or may own investments in some of the digital assets and protocols discussed in this document. Except where otherwise indicated, the information in this document is based on matters as they exist as of the date of preparation and not as of any future date, and will not be updated or otherwise revised to reflect information that subsequently becomes available, or circumstances existing or changes occurring after the date hereof. The foregoing does not constitute a "research report" as defined by FINRA Rule 2241 or a "debt research report" as defined by FINRA Rule 2242 and was not prepared by Galaxy Digital Partners LLC. For all inquiries, please email contact@galaxydigital.io. ©Copyright Galaxy Digital Holdings LP 2022. All rights reserved.