⛔ Solana goes down again

This is Shashank’s Newsletter, a newsletter with bite sized content on everything that happened in web3 over the past week.

Jun 06, 2022

Gm all! I was out for memorial weekend and ramping up for my new job. Apologies for the delayed delivery.

I had a fun packed and energetic offsite with my new company, Bitski. It is one of THE BEST ways to start a new job in a remote world. Highly recommend!

Finally back to crunching the latest and greatest of web3 for you.

In today’s email,

⛔ Solana goes down again

👮 FBI charged Opensea exec with 40 years jail time

🏴‍☠️ Bored ape discord gets hacked

🌯 Some cool beans

⛔ Solana goes down again

This is the 3rd outage for Solana in the recent months. We talked about the last outage from May in here.

It was a pretty complicated nonce related bug.

Some context: Ethereum processes transactions serially and uses an incrementing nonce to ensure transactions are not processed twice. Solana achieves higher throughput through parallel processing of transactions. To achieve this, each node maintains a single status cache of recent block hashes and uses the cache to ensure its not processing the transaction twice . Over 99% of the transactions just use this cache and worked fine. However, a small percentage of them (specifically exchanges) have been using an alternative called the durable nonces which don’t expire. It’s essentially a type of back door for getting around the typical short lifetime of a transaction's recent blockhash cache.

What was the bug? A specific set of circumstances caused the network’s validators to double-count transactions from durable nonces and the status cache. This impossible situation effectively broke Solana’s consensus mechanism and stopped it from advancing further.

What was the fix? Solana blockchain has disabled the processing of durable nonce transactions temporarily until a fix is released.

On the bright side, the network state remained secure along with the funds. Validator operators coordinated a restart from the highest confirmed block similar to the last outage.

As much trashing as there is on Solana at the moment, this was a software bug that was just not caught till now. It has really very little to do with their fundamental design of the blockchain. Solana remains to be one of the only blockchains thats serving really high QPS and they only come out stronger and more resilient after every outage.

👮 FBI charged Opensea exec with 40 years jail time

In some really shocking news, former Head of Product at OpenSea Nathaniel Chastain is being indicted on wire fraud and money laundering charges and could face up to 40 years in jail time 🤯

What the hell happened? Nate was responsible for selecting upcoming NFTs which would be featured on the OpenSea’s homepage. So, he would buy those NFTs before featuring them in homepage (using anonymous wallets and accounts), feature them on homepage, and then sell them for a quick 2-5x profit. All this happened from June 2021 till September 2021 and he made ~67k. Eventually, lhe got caught and was fired.

He is now charged with one count of wire fraud and one count of money laundering, each of which carries a maximum sentence of 20 years in prison. Harsh!!!

This will go down as a landmark case. As regulators are cracking down on digital assets, it’s probably a good thing. We should see fewer “ponzis” break out and leave scars in the ecosystem. It should add a lot more discipline and balance to the wild ecosystem.

🏴‍☠️ Bored ape discord gets hacked

OKHotshot @NFTherder

🚨BAYC & OtherSide discords got compromised‼️ Seems because Community Manager @BorisVagner got his account breached, which let the scammers execute their phishing attack. Over 145E in was stolen Proper permissions could prevent this

One of the largest blue chip NFT projects, Bored Ape had their discord hacked. The hacker got access to their community manager’s account and sent an announcement for a “surprise NFT mint” with a phishing link. Over a quarter million vanished into the pockets of the hacker as people fell for the phishing link.

Few months ago, scammers also gained access to the official Bored Ape Instagram account. They posted a fake giveaway link and stole $3 million in NFTs.

It is a really sad state to see people losing their money to scams so often.

How can we improve this?

Better digital hygiene: Setup 2FA, regular password changes, don’t click on fishy links. You wouldn't simply buy a gucci bag from goochy.com would you? Always do your own research, make sure you only follow official links, and question everything!
Better security tech: Cryptography really solves this problem with public and private keys. Imagine if official announcements could be signed by a private key, there would be a lot fewer hacks. We need products to embrace better security protocols.