Ethereum Neoclassic

Solana Wallet Hack | Nomad Bridge Hack | Ethereum PoW Chain
Donovan Choy Donovan Choy Aug 6, 20225 min read
Ethereum Neoclassic

Dear Bankless nation,

Here’s a recap of the biggest crypto news in the first week of August.

Ethereum Neoclassic (aka ETH PoW) chain

As the Merge nears, one related point of discussion is emerging around a potential hard fork for an “ETH PoW” (Ethereum Proof-of-work) chain which some miners are voicing their support for.

I’m calling this the Ethereum Neoclassic (ETN) chain, because “ETH PoW” puts readers to sleep and there already exists a PoW-based Ethereum Classic from 2016.

So why is the Ethereum Neoclassic hard fork potentially a thing? For the simple reason that the Merge is about to render an estimated $5B worth of mining rigs obsolete. That presents Ethereum miners with two choices:

  1. Redeploy their rigs toward mining Bitcoin, Dogecoin, Ethereum Classic, or some other PoW chain
  2. Protest the Merge by forking into the new ETH Neoclassic chain that retains PoW validation

Should enough miners support the second option, it would likely be Ethereum’s second high-profile hard fork. The first one of course was in 2016 after the infamous DAO hack that saw a minority group of miners protest the Ethereum foundation’s decision to negate the theft of 3.6M ETH, thereby giving birth to Ethereum Classic (ETC).

There were die-hards then, and there are die-hards now. People like the status quo, especially if they have a stake in seeing it preserved.

But today’s die-hards that threaten to hard fork face an even larger challenge for a few reasons.

First, for the new Ethereum Neoclassic chain to thrive requires that the existing state of DeFi is successfully “ported” over to the new chain. That would require hundreds of asset providers and bridging protocols to honor claims on current users’ assets — stablecoins, Lido’s staked ETH, all forms of wrapped tokens — on the Neoclassic chain.

Tether is likely going to enable redemptions for USDT on the new PoS Ethereum chain rather than a Neoclassic chain, given the strong social support for the Merge. If so, then decentralized exchanges and lending platforms on Neoclassic will collapse in the absence of liquidity.

Of course, there is a chance that something maybe goes catastrophically wrong with the Merge, then a new schelling point might gravitate around the Neoclassic chain. Then a minority of users maybe wants to redeem their USDT on the Neoclassic chain, and Tether maybe honors them. But that is a lot of maybes. It’s a classic collective action problem and no protocol wants to be stranded alone in a highly fractured DeFi landscape where trading infrastructure is broken all over and all other assets are dead.

Second, a Neoclassic chain would come with the difficulty bomb, a built-in mechanism by Ethereum developers to disincentivize the original chain from functioning post-Merge by making mining increasingly difficult. Ethereum Neoclassic miners would have an insurmountable task of gathering consensus twice: Once to hard fork the Merge, then hard fork the previous hard fork again to remove the bomb.

Third, an Ethereum Neoclassic chain doesn’t only face competition for developer talent and users from the new PoS chain, but also the old Ethereum Classic (ETC) chain. Mining pools like ANTPOOL have reportedly invested $10M into the ETC mainnet.

Incidentally, ETC’s price has been rallying 32% in the past two weeks as speculators anticipate that is where the hash rate may be redirected to.

For all of these reasons and more, most analysts and researchers don’t foresee an Ethereum Neoclassic chain taking off.

Will it happen? Likely.

Will it succeed? That’s another question.

Nomad bridge hack

There are two major hacks rippling across DeFi this week. The first is the Nomad bridge racking up 5th place on the Rekt leaderboards with a ~$190M loss.

Nomad is a decentralized cross-chain bridge protocol supporting asset transfers across five chains: Avalanche, Ethereum, Cosmos’ Evmos, Cardano’s Milkomeda, and the Polkadot Moonbeam network. On the eve of its hack, Nomad was the 6th largest Ethereum bridge holding ~$169M of value.

Source: Dune Analytics

What happened? A flaw in a Nomad smart contract allowed users to spoof transactions and withdraw money from an open vault (it was open for 43 days 🤯) on the bridge.

That opened the door to hundreds of hackers for a cash grab by copy-pasting the transaction call data used by the original hacker, and replacing the wallet address with one of their own to siphon funds.

Unlike the centralized Axie Infinity Ronin bridge $650M hack in March where private validator keys were stolen, the Nomad hack stems not from a flaw in design architecture i.e., the degree of trust required, but from a smart contract flaw. In short, Nomad’s design focused on trust-minimization and was more in line with the decentralized nature of Web3, but still came up short.

The silver lining here is that because the exploit was a free-for-all, some ethical hackers accumulated at least $9M of the spoils, which have been returned to Nomad.

It’s probably worth reiterating for the hundredth time on Bankless that cross-chain bridges come with their own risks (different from multi-chain bridges like Cosmos).

If the crypto that you own sits only on its native network, then its security relies exclusively on that network’s validator security. But there’s a new exciting dapp on another chain running liquidity-mining-fuelled 100% APYs, so the smart investor thing to do is wrap and transfer your crypto around different chains to stake for greater returns, while at the same time watch number go up on your original collateral— win-win right?

Cross-chain bridges enable that kind of capital efficiency but it also introduces new attack vectors and smart contract risks as your crypto traverses different chains.

Lesson: If you use a bridge, use it with your eyes wide open.

Solana wallet hack

The second hack this week is taking place within the Solana ecosystem, affecting at least 8,000 Solana wallets with total losses of up to $6M, particularly popularly used wallets like Phantom, as well as Slope and Trust.

In the early stages of the hack, it wasn’t clear what the security issue was. Both the Solana Foundation and Phantom alleged that the problem may be related to Slope Finance, a Solana Web3 aggregator platform that offers iOS and Android mobile wallets. The uncertainty led Solana users rushing to push funds to a hardware wallet or even centralized exchanges.

Well, it turned out that the root cause of the problem simply stemmed from… Slope Wallet is a terrible service provider. Slope stored wallet seed phrases on a centralized event logging service and then that service was exposed.

Slope’s official statement doesn’t tell us much, safe for “we dun goofed”, “we know it hurts”, and “wait for pending investigation”.

Bonus: Web3 News Roundup

Optimism Bedrock

Optimism announces new rollup architecture “Bedrock” coming in Q4 2022.

Three Arrows Capital fallout

You thought the fallout was over but it isn’t. Celsius sees a data breach that leaks its customers emails.

The Block reports that Babel Finance, a crypto bank that halted withdrawals last month lost at least $280M in trading during the June market downtown.

Other news:

Aave moves to freeze Fantom markets due to recent bridge exploits; Rainbow Wallet supports NFTs on Ethereum, Polygon, Arbitrum and Optimism; Starknet launches NFTs; Robinhood gets fined $30M by the New York State Department of Financial Services

Here’s what we have lined up next week.

  1. David is looking at Ethereum power structures
  2. Ben is showing us how to gain exposure to the Merge
  3. Balaji Srinivasan is joining us on the pod to talk about the Network State

See you next week.

- Donovan

No Responses