There’s always another nightmarish crypto hack around the corner – TechCrunch

Welcome back to Chain reaction.

Last week we looked at the near future of cryptogaming as VCs don’t know where to place consumer gaming. This week we look at hardware wallets and the endless journey towards feeling safe in the crypto world.

To get this in your inbox every Thursday, subscribe to TechCrunch’s newsletter page.

nowhere to hide

A weekly dispatch from the desk of TechCrunch’s crypto editor Lucas Matney:

The crypto world can be a cruel and unforgiving place, and while VCs and crypto hedge funds have been happy to bail out institutions, sometimes consumers who dabble in the space find themselves out in the cold. This week, a pair of fairly high-profile hacks cost crypto investors millions, but it was the smaller, more mysterious one that likely had newbies clutching their private keys and praying for the best.

Putting money anywhere is an exercise in trust, which sometimes makes it funny that the word “trustless” has been a leading phrase in crypto-religious creeds that investors use to gain converts. All a user has to do is keep their private key near and dear, and they can trust that their money will always be there without having to rely on a traditional financial institution. But consumers are discovering some of the long-familiar fine print of that promise.

This week, thousands of Solana users logged into their crypto wallet apps to find that all their money had disappeared. Many of these users claimed they hadn’t used their wallets for weeks or months, ruling out some kind of mass signature of a malicious contract. While this ended up being a low seven-figure hack, the mystery was remarkable. Early on, users weren’t sure if this was an attack on the underlying Solana network or an underlying service provider that several wallets relied on. Amid all the confusion, wallets continued to be emptied, eventually emptying the contents of over 8,000 individual accounts.

Investors in the Solana ecosystem (the network’s founder dropped some options Twitter retweets) complained that the media focused more heavily on the single-digit million exploit when the Nomad bridge was hacked for $190 million just the day before. But it was the nature of the attack that was scarier than the dollar amount.

While users across wallets reported the issue, the problem came down to a vulnerability in the Slope wallet that – unbeknownst to users – had logged their private keys in the backend, leaving them vulnerable to bad actors if they ever imported keys to the mobile phone. app This saga probably served as another point of trust in the system for new users who may have thought their money was safer in a wallet than a centralized exchange. But longtime crypto users shrugged and suggested that this was yet another reason for users to do so keep their money in so-called hardware wallets — physical devices that store a user’s private keys and dramatically reduce the number of attack vectors for hackers other than human error.

Now, pushing every new user to buy a ~$100 hardware wallet to truly secure their assets is clearly not the ticket to widespread adoption in the short term, and yet it seems to be a rule that the deepest in the space still cling to to. While many of crypto’s wealthiest stick to strategies that promote security above all else, many of them also seem to be investing in and promoting projects that emphasize speed and seamless onboarding at the expense of security. Users who find their way onto the rails of flashy consumer apps may find themselves realizing that crypto’s early barriers to entry have been steep for a reason, and that wealthy users who buy air-gapped computers and keep their keys on paper have plenty of history to undercut the paranoia their. .

the last pod

Chain Reaction is back again this week and better than ever! We announced two big changes to the pod this week. First of all, we have a new co-host, Jacquie Melinek, joins us weekly to talk about the biggest headlines in web3. Jacquie is a good friend of ours and as one reporter for TechCrunch+she is eager to get into the weeds to help us demystify all things crypto.

Second, we split our weekly show into two separate episodes: a weekly news segment performance. Jacquie, the first of which came out today, and an interview segment hosted by Anita and Lucas. Stay tuned for the final interview episode coming next week, where we spoke with Uniswap COO MC Lader.

For this week’s news, we unpacked two high profile hacks which happened in the first two days of the month (phew). We also discussed Robinhood’s latest round of layoffs and a $30 million fine the company paid to New York authorities.

Subscribe to chain reaction at apple, Spotify or your alternative podcast platform to keep up with us every week.

follow the money

Where startup money moves in the crypto world:

1. AO Labs raised $4.5 million from investors including Balaji Srinivasan and Sandeep Nailwal for its Spacebar web3 gaming platform.
2. “Green” web3 platform One of closed an $8 million-plus strategic round from investors including Amex Ventures.
3. Company for digital asset derivatives OrBit raised $4.6 million from Matrixport, Brevan Howard and others.
4. Crypto credit protocol Debt DAO raised $3.5 million for its seed round led by Dragonfly Capital.
5. Centera crypto infrastructure startup, raised $11 million in a seed round from investors including Thrive Capital, Founders Fund and Volt Capital.
6. Gary Vaynerchuk’s NFT project, VeeFriendsscored $50 million in a16z-led funding.
7. Quasara Cosmos-based DeFi protocol, raised $6 million in seed capital from Polychain, Blockchain Capital and others.
8. Stadium Livea fantasy sports metaverse startup, raised $10 million for its Series A from KB Partners, Union Square Ventures, Dapper Labs and others.
9. Decentralized data warehouse provider Space and time raised $10 million for its seed round from investors including Framework Ventures and Digital Currency Group.
10. Play to earn fitness app Sweatcoin completed a $13 million fundraising, including a private token sale, from investors including Electric Capital and Jump Crypto.

the week in web3

A weekly window into the web3 reporter’s thoughts Anita Ramaswamy:

It seems like a good time to talk about security in crypto in light of the recent hacks affecting both the Nomad cryptobridge and the Solana ecosystem. It’s becoming increasingly clear that no matter how many assurances a crypto company makes about how airtight its security standards are, investors should watch their backs at all times. The pain can be even more acute for NFT holders, who are at risk of losing millions of dollars worth of value at once if one of their expensive JPEGs is stolen – just think back to what happened to actor Seth Green and his kidnapped Bored Ape.

There are a few different options for how people can securely store their crypto today, and they all have their trade-offs. A “hot wallet” is connected to the internet, making it vulnerable to power outages or connection problems. Also, many hot wallets are run by centralized entities, such as exchanges, that hold users’ keys on their behalf—a transfer of power many crypto users are loathe to give. A “cold wallet,” meanwhile, is considered far more secure, but involves bulky, hard-to-use hardware that can be misplaced just as easily as a “seed phrase,” which is a password used to unlock a crypto wallet.

Upstream founder and CEO Alex Taub, which we had on last week’s pod, says his startup has a user-friendly solution that allows people to keep control of their own keys digitally without having to compromise on security. It is a unique solution that comes at a particularly favorable time. For details on how it works and why it’s different from what’s already on the market, check out my article here.

TC+ analysis

Here is some of the week’s crypto analysis available on our subscription service TC+ from senior reporter Jacquelyn Melinek:

Solana’s fast-paced approach to crypto is attracting developers, despite hiccups
While the crypto market isn’t always sunshine and flowers, some prominent industry players, including Solana founder Raj Gokal, remain optimistic about the outlook for growth – at least when it comes to their own projects. Despite Solana’s recent problems with 8,000 wallets hacked on Tuesday, the layer-1 blockchain has about 15 million to 20 million monthly active addresses, some of the highest in the crypto industry, Gokal said. “One question we get a lot is how does the market affect the pace of development and the pace of construction?” His answer? It’s not, really.

Why education is key to stopping hacks like the $190M Nomad exploit
After the loss of nearly $200 million in a security exploit on the crypto protocol Nomad, security experts insisted that more education and security protocols are needed to protect web3 communities from hackers. As the crypto ecosystem grows larger over time, interchain interoperability will also continue to grow, “at deep levels with a focus on security and decentralization,” Flux co-founder Daniel Keller told TechCrunch. “But attention needs to be paid to security and not just speed of development as we push DeFi products to the masses.”

Tiffany and Gucci’s dip into crypto is a balance between reputation and revenue
Are crypto integrations of well-known brands and sports teams evidence of growing use cases for digital assets and cryptocurrencies – or more of a marketing ploy? This week, Tiffany & Co., Gucci and FC Barcelona are diving deeper into the cryptosphere with partnerships in the digital asset world. But do these partnerships really matter to the crypto ecosystem? A number of market players shared their thoughts on the financial upside, risk and business game behind these new integrations.

Thanks for reading! And – again – to get this in your inbox every Thursday, subscribe to TechCrunch’s newsletter page.