The CryptoBowl
This is Shashank’s Newsletter, a newsletter with bite sized content on everything that happened in web3 over the past week.
In today’s email,
🏈 Crypto ads raining during Superbowl
🥷 Most sophisticated social engineering hack
🐞 Coinbase's largest-ever bug bounty
🔒 Canada freezes bank accounts
🤑 Cryptopunk sells for 23M$
🐇 RabbitHole raises 18M$
Weekly gainers
🏈 Crypto ads raining during Superbowl
Eye catching commercials with top celebrities like LeBron James and Larry David appeared in crypto ads highlighting a push to create more mainstream awareness for crypto. Coinbase tried something a bit different with a celeb-less QR code for their ad eventually crashing their site.
At ~$6.5M for 30sec commercial, a whopping $30M+ was spent putting crypto on the big stage. So, how did this budget translate to traffic? The numbers are out and Similarweb traffic insights suggest that FTX was the clear winner of the pack. Checkout this great thread on the rough math behind these huge marketing spends.
🥷 Most sophisticated social engineering hack
As more money flows into crypto, scammers are flocking to really sophisticated techniques. So what happened here? A team of well funded hackers gained the trust of an early stage crypto founder by joining his discord and offering help for his project. They apparently even outsourced the work to a technical contractor to actually create 3D models for his project. 🤯 Once they gained his trust over several weeks, they started the attack by sending an NFT to his wallet and asking him to stake it on their web3 app. Luckily, the founder was highly technical and inspected the code to find out that they were actually taking the approval of aETH (Aave ETH) instead of the token it claimed to take approval of. It’s important to note here that the founder was able to mitigate this hack by actually inspecting public and open source code unlike traditional black box phishing attacks.
Takeaways: Token approvals can be dangerous and users need to be more conscious of giving approvals to smart contracts. Also, hackers have grown beyond the simple “please share your private key” scams.
Tip: Use Tornado cash to keep your transactions and token holdings private making it harder to be targeted. Stay safe out there!
🐞 Coinbase's largest-ever bug bounty
Speaking about hacks, Coinbase had a white-hat hacker report a major bug in their Advanced trading API that would let users sell arbitrary tokens for BTC or any other token. The white hat hacker tested this by putting a 50 BTC limit sell order using 50 SHIB and saw it go through 😵
The reporter was able to get a direct line with Brian Armstrong and team within minutes and Coinbase stopped all advanced trading which was pretty impressive. This bug could have caused massive market moves if this attack vector was exploited on large market cap coins like BTC/ ETH. It would have had ripple effects across DeFi as several pricing oracles rely on Coinbase. All in all, I think the white hat hacker deserved much more than the 250k$ that he got 🥲
🔒 Canada freezes bank accounts
There is a huge on-going protest by truckers against the Canadian Government’s Covid policies. In response to truckers blocking the roads, the government declared an Emergency Act ordering all financial institutions to FREEZE the bank accounts of any person directly or indirectly involved in the protests without any court orders. This is not happening in Vietnam or North Korea, this is happening in a free democracy in Canada, a G-7 country known for its extremely good nature.
People have always under estimated the risk of financial censorship and have always believed self-custody to be default suspicious. This needs to change and people should embrace and protect self-custody wallets where they can have true financial freedom as part of their constitutional rights. Highly recommend reading the entire thread by @punk6529 which is absolute gold.
🤑 Cryptopunk sells for 23M$
Deepak Thapliyal, CEO of cloud Blockchain firm Chain purchased CryptoPunk #5822 for 23M$ making it the fifth largest NFT sale till date. The seller made a whopping 123k% return 🤑 making it one of the most successful trades in history. CryptoPunk #5822 is one of the 9 punks in the collection of 10,000 to have a rare avatar type: alien.
🐇 RabbitHole raises 18M$
So what is RabbitHole? RabbitHole is a web3 app where users can earn crypto by using the most popular Ethereum applications like Aave, Graph, Uniswap etc. and build reputation while doing it. The idea is that your wallet becomes your resume. For users, it gives them the opportunity to earn tokens and unlock all kinds of access based on their transaction history. For protocols, it is a way to identify and acquire quality contributors based on their capabilities that can be verified on-chain.
This is the future of work and education —a new digital economy built on reputation and merit based behavior. University degrees, resumes, credit scores are basically just reputation which can be represented and derived using on-chain behaviors.
How did you enjoy this week’s edition?