🎭 Good and bad news for security, plus two very ugly charts

Ups and downs in the DeFi security space

An attack on Hyperliquid-based DeFi lender HypurrFi was (mostly) thwarted on Sunday, thanks to a timely alert from Decurity.

The approvals-based attack was caught after a loss of $84,000, but a more patient thief would have likely captured more.

More good news came for the victims of last week’s $5 million Makina hack, of which around 83% of direct exploit losses had already been recovered.

Both Makina and Dialectic have contributed funds to the recovery efforts, and have pledged to set aside 50% of revenues until compensation is complete. Makina is also attempting to convince addresses that made significant post-hack arbitrage profits to return their winnings.

A double-pronged attack on SwapNet and Aperture Finance contracts took a total of $17 million from 16 victims with existing token approvals on Monday.

In the aftermath, Circle faced severe criticism once again, failing to freeze stolen USDC before the hacker finally swapped the tokens almost two days later.

Controversial security firm Certik announced its intentions to go public, eyeing a $2 billion valuation as the “first publicly traded Web3 infrastructure provider.”

However, the firm’s reputation is far from stellar; many Certik-audited projects have been hacked in the past.

In recent years it’s also been accused of running a security reputation racket and bogus bug bounty program. Even Certik’s own X account was hacked to promote a phishing scam based on scare tactics.

Perhaps most glaring was its decision to hack Kraken for $3 million while flaunting responsible disclosure practices, before quibbling over the return of funds.

The DAO returns

Griff Green, contributor to 2016’s The DAO, announced that 75,000 ether (ETH) is to be activated, in order to “strengthen Ethereum’s security, ensuring it is ready to become the backbone of the world’s financial infrastructure.”

The funds are destined to be used according to the Ethereum Foundation’s existing “Trillion Dollar Security” roadmap. This includes improvements to UX issues (such as key management, blind signing, approvals and privacy), smart contract security and infrastructure.

In typical crypto fashion, 69,420 ETH will be staked, to provide ongoing funds via yield, while 4,600 ETH will be used up-front.

A Wintermute researcher going by “Fade” claimed to have identified the overlooked stash and proposed it be put to its originally intended use.

Let’s hope the money doesn’t get blacklisted.

In a separate announcement, Ethereum co-founder Vitalik Buterin pledged 16,384 ETH ($45 million) to be put towards development of “open-source, secure and verifiable full stack of software and hardware” for a range of applications.

Nepo-scamming the US Government

Last week, ZachXBT profiled John (a.k.a. Lick) who had inadvertently exposed his link to a wallet involved in a 2024 theft from the US government. The blunder occurred during a recorded “band for band” with another scammer.

In a weekend update, Zach explained that “John’s dad owns CMDSS, which currently has an active IT government contract… to assist the [US Marshals Service] in managing/disposing of seized/forfeited crypto assets.”

He also took the opportunity to scold MEXC on their lack of response to the high-profile scammer’s movements.

Since the revelation, CMDSS has reportedly scrubbed its web presence and US Marshals have opened an investigation. A total of over $30 million was later deposited into crypto mixer Tornado Cash.

Chart attack

Binance and Changpeng Zhao (CZ) found themselves in the collective crypto-community crosshairs again this week. One chart, created by Chris Jack of Robuxio in October last year, was widely circulated.

It’s easy to see why.

While the trend is clear, a similar pattern is seen across exchanges.

CZ himself appears unfazed, however, reflecting that “FUD doesn’t hurt the target. My followers increased. FUD hurts the market.”

It seems there really is no such thing as bad publicity.

Much of the frustration levelled at Binance and CZ appears to stem from the uncoupling of crypto assets with precious metals and stock market.

The 10/10 crash, which many believe Binance played a role in, looks to have been the turning point.

Nobody seems to be sure what went wrong almost four months ago. And perhaps crypto markets will be doomed to underperform until the truth emerges.

In the meantime, why not while away a few trillion years playing the bitcoin slot machine? It’s free, after all!

— Jake Harrison