Presenting Decentralized Robbery
Nomad bridge on-chain activity visualized during the hack
And, yet another blockchain bridge is hacked. Nomad Bridge was just drained for over $150 million in one of the most chaotic and peculiar hacks web3 has ever seen. It’s a peculiar hack because the bridge wasn’t drained by a single hacker or a flash loan. But was drained by hundreds of separate accounts that figured out the trick and copypasta-ed their way into grabbing stolen funds after the initial attack. And that my friend, is the first ever decentralized robbery.
Talking about blockchain bridges, it seems like Vitalik was right when he questioned the security of bridges since there's hardly a bridge left standing which hasn't been hacked yet. Just this year, almost $2 billion worth of crypto assets were stolen from a range of bridges such as Ronin, Qubit, Wormhole, Meter.io, Poly Network, Harmony, and now Nomad bridge.
If we do look forward to a cross-chain world with composability and seamless movement of liquidity from one chain to another, we need to find a substitute for bridges. A wholesome web3 world is not possible until the weakest link is solved.
This week in web3 Wednesday:
- 🚨Explaining the Nomad bridge hack
- 🍿Eth merge/fork drama
- 👀Native USDC coming soon to Cosmos ecosystem
- 📢Revoke.cash – a tool against allowance scams
- 🤔How to make your own POAP?
🚨Explaining the Nomad bridge hack
Nomad bridge was hacked yesterday with its TVL drained from $190,740,000 to $1,794 just in a couple of hours, that too by hundreds of separate accounts.
So, what exactly happened, and how did hundreds of separate accounts figure out their way into grabbing stolen funds? Check out this thread foobar explaining how we get the first decentralized crowd-looting of a 9-figure bridge in history.
Don’t forget to grab some popcorn on your way.
🍿Eth merge/fork drama
First of all, some good news, Ethereum developers have announced the merge date for the Goerli testnet, which will be Aug 6th-12th. This is the LAST STEP before The Merge.
Now, coming on to the drama, well, it seems like not everyone is happy about the merge and there are some participants which are reluctant to shift to PoS. For example, there is some buzz around Chinese miners being against PoS and claiming to hard fork the Ethereum network when the merge happens. Check it out here.
If (a big if) after the merge, the Ethereum chain does get forked into two branches with one being ETH1 (PoW) and another being ETH2 (PoS), it raises some interesting questions such as:
- Will the DeFi ecosystem and stablecoins move to PoS?
- Which PoW chain will the miner prefer - ETH1 or ETC (Ethereum Classic)
- Can this break Ethereum?
I guess only time will answer the questions.
👀Native USDC coming soon to Cosmos ecosystem
The Cosmos ecosystem has been making some strong buzz these days. Seems like the ecosystem has found its moat enabling the builders to create an application-specific chain and allow cross-chain communication via IBC.
The results can be seen with major DeFi applications moving to Cosmos from other chains. Now to make it even more attractive, native-USDC is coming to the Cosmos ecosystem real soon. It’s worth noting that native tokens are far more secure than bridged tokens since bridged tokens by design often leave room for vulnerabilities, which can be exploited at the expense of users.
With today’s highlights, we couldn’t understand the value of native tokens any better.
📢Revoke.cash – a tool against allowance scams
If you’ve ever used a decentralized exchange such as Uniswap to swap tokens, you must have come across this “allowance notification.” By this allowance permission, you simply allow the Uniswap protocol to withdraw the tokens so that they can be swapped.
Well, it is expected that you approve allowances if you’re making a swap or any other transaction that requires the smart contract to withdraw tokens from your wallet.
However, there are various scams that leverage the “allowance approval” to drain your wallet. Well, not anymore. Revoke.cash browser extension sends a pop-up notification whenever you’re about to approve an allowance. Thus, giving you a chance to make sure it was your intention to give allowance approval and not fall for a scam.
🤔How to make your own POAP?
A POAP is a digital collectible, minted in celebration of life’s remarkable moments. Each POAP is a gift from the issuer to the collector, in celebration of a shared moment in time.
But how can you make your own POAP? Well, it’s not that hard. Check out this Medium article by Anthony explaining how to make your own POAP in simple steps.