My notes on 2022’s major crypto happenings 🤷🏼‍♀️ UNEDITED.

For blockchain programming and economic commentary follow me on 🐦 @0xfmoi. Support my work at 0xfmoi.eth.

*Defo pieces here and there are copy/pasted. These are an assembly of my notes for personal use only but thought I’d share them in case anyone was interested. Only critical sources have been cited.

2022 Crypto Major Happenings

1. Jan - Fireblocks raises $550m at $8bn valuation

2. Feb - Polygon raises $450m at a market cap of $13bn

3. Feb - Wormhole Bridge Hack $325m: Hackers targeted Solana (where users must first lock Ethereum into a smart contract to get an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. The attacker was able to mint new tokens on the Solana side of the bridge and drain the balance from Ethereum side of the bridge contract. They used a deprecated insecure function (load_instruction_at) to bypass signature verification so that Secp256k1 was called previous to verify_signatures. The role of signature verification is delegated several times from post_vaa to verify_signatures to Secp256k1. WETH is token pegged to the price of Ethereum on a 1:1 basis. 120,000 in WETH tokens were stolen which were worth $326m. Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem replaced what was stolen.

   1. The attacker creates a validator action approval (VAA) with a call to post_vaa. This VAA was used in a call to complete_wrapped to mint the 120,000 ETH extracted in the attack. The attacker “legitimately” extracted the minted tokens from the bridge. There was a failure to perform proper signature verification in the VAA creation process. This command doesn’t check the value of the system address, the Instructions sysvar. They created a fake version of the Instructions sysvar that was an account created previously that called the Secp256k1 contract.  The attacker passed in this account rather than the Instructions sysvar.  The check that Secp256k1 was called previously passed (even though it was in a completely different context), so the signatures were believed to have been properly verified.

   2. Source: https://halborn.com/explained-the-wormhole-hack-february-2022/

4. Mar - Haun Ventures launches $1.5bn cryptofund

5. Mar - Yuga Labs raises $450m at a $4bn valuation

6. Mar - Axie Infinity Hack: North Korean group Lazarus hacked Axie Infinity developer Sky Mavis via the Ronin network on Mar 23 2022 of 173,600 ETH and 25.5m USDC ($625m+ in total) is the biggest hack of all time. It was discovered on Mar 29 2022 when a user reported being unable to withdraw 5k of ETH from a Ronin bridge ATM. Separately the hackers used the stolen funds to short $AXS and $RON but were liquidated before the news broke. Through a series of social engineering attacks, Lazarus used LinkedIn creating a fake company, fake interviews, and an “extremely generous” fake job offer to get engineers to click a compromised PDF. Through hacking the personal computer the hackers were able the private keys to take control of four of the validator nodes. The hackers used a backdoor through Axie’s gas-free RPC node to get the fifth signature for the Axie DAO validator. In November 2021 when Axie’s user base became untenably big and Axie had to lax its security by allowing Sky Mavis to sign transactions. Two transactions were made after obtaining 5/9 signatures required for a multisig withdrawal to drain the Sky Mavis treasury. Real life legal action was taken and Axie Infinity launched “Origins” to pivot away from its reputation as a game focused on making money.

   1. FBI discovered it was Lazarus.

   2. A fresh address was used for depositing the stolen funds.

   3. Hackers laundered the funds through three centralised exchanges and through Tornado Cash and apparently only laundered about 7.5% or $42m of the funds.

   4. Axie reimbursed $150m (mostly due to the dwindling price of Ether) back to users in a raise led by crypto exchange Binance and other investors. Around $400m belonged to users. Reimbursements expected to start on June 28.

   5. Axie was opened for new transactions on Ronin.

   6. Axie originally claimed these were advanced spear-phishing attacks targeted at an employee who no longer worked at Sky Mavis.

   7. Ronin bridge was halted for several weeks and began running again on June 28 after a hard fork.

   8. The hacker address was on the watchlist before the exploit

   9. Ronin is a side chain.

   10. “This was a social engineering attack combined with human error from December 2021. Sky Mavis tech is solid and we will be adding several new validators to the Ronin Network shortly to further decentralize the network,” said Axie Infinity co-founder and chief operating officer Aleksander Leonard Larsen.

7. Apr - Framework Ventures launches $400m cryptofund

8. Apr - Ava Labs (Avalanche) raises $350m at $5.25bn valuation

9. Apr - Near Protocol launches $350m ecosystem fund

10. Apr - Binance.US raises $200m at a pre-money valuation of $4.5bn

11. May - Terra Classic De-PEG: $2b worth of TerraUSD (USTC) was removed from the Anchor protocol on May 7 dropping USTC from from $1 to $0.91 which catalysed trading of $0.90 in USTC for $1 in LUNA (now LUNC or Luna Classic). By May 9 USTC was worth $0.35. Between May 7 and 10, in total, the top 20 addresses withdrew a total of 2B UST from Anchor through a total of 5,051 transactions. Seven “initiating” wallets swapped significant amounts of UST vs other stablecoins on Curve as early as the night of May 7 (UTC). These seven wallets had withdrawn sizable amounts of UST from the Anchor protocol on May 7 and before (as early as April) and bridged UST to the Ethereum blockchain via Wormhole. Thse players exploited inherent vulnerabilities - specifically in relation to the shallow liquidity of the Curve pools securing the UST’s peg to the other stablecoins. $40bn in market cap was wiped out.

    1. The Terra network formed by Terraform Labs was made up of multiple types of currencies.

    2. TerraUSD (USDT) is linked to sister token LUNA (or Terra, which is also the protocol’s governance token), whose price is set by the market.1 UST = $1 LUNA so you’d always get $1 value back. UST is an ERC20 algorithm stablecoin that sought to maintain its $1 value through a network of arbitrageurs who buy and sell in order to maintain the price and a system of minting and burning. In addition to mining fees validators were incentivised through stability fees (Tobin Tax, which refers to a percentage fee added to any swap between Terra stablecoins; and spread fees, which is a percentage fee added to any swap between Terra and Luna, the minimum spread fee being 0.5%). If UST > $1, the equivalent in LUNA would be burned thus minting the equivalent in UST creating more UST and lowering its value. If UST < $1 UST would be swapped with LUNA. The tokens live on Cosmos.

    3. LUNA’s popularity rose due to lending protocol Anchor offering 20% APY.

    4. In 2018 Do Kwon and Daniel Shin propose the formation of the Terra network. Terra is incorporated in Singapore. Jan 30 2019 LUNA ICOs via a private round - Terraform Labs charged $0.18 per token during Seed and $0.80 in the private round.

    5. In Jan 2022 Do Kwon sets up the Luna Foundation Guard (LFG) which is “mandated to build reserves supporting the $UST peg amid volatile market conditions”. Jump Crypto and 3AC are its lead investors in the purchase of $1 billion through the sale of LUNA tokens to buy bitcoin for UST’s reserve system.

12. May - Huobi Global launches $1bn cryptofund

13. May - Dapper Labs launches $725m ecosystem fund

14. Jun - Binance Labs launches $500m cryptofund

15. July - Contagion - Three Arrows Capital (3AC) Collapse and the beginning of the 2022 crypto crash and institutional liquidity crisis: digital assets plunged 70%+ erasing more than a trillion dollars in value. FTX bailed out some of the bankrupt crypto lenders. One of the fund’s biggest positions was in Grayscale Bitcoin Trust (GBTC) at about $2bn. GBTC’s premium had been a result of the initial uniqueness of the product — it was a way to own bitcoin in your eTrade account without having to deal with crypto exchanges and esoteric wallets. As more people piled into the trade and new alternatives emerged, that premium disappeared — then went negative. In February 3AC longed $200m in LUNA. 3AC’s LUNA holdings of $500m reduced to $604. blockchain.com wrote to 3AC and Davies regarding its LUNA holdings and wanted to call back a significant portion of its $270m loan. Davies said they would boycott the company if they called back the loan, sending a unsettling signal out. The founders internally stopped scheduling and showing up to meetings. In late May Zhu and Davies began calling investors to borrow more quantities in BTC at the usual hefty interest rates they’d built a reputation for. A scrambling of selling positions and margin/collateral calls sent prices spiralling to multi-year lows. The crypto market lost $2tr in the downfall going from $3tr to 1.

    1. Voyager Digital, a publicly traded crypto exchange based in New York that once had a multibillion-dollar valuation, filed for Chapter 11 in July, reporting that Three Arrows owed it more than $650 million. Genesis Global Trading had lent Three Arrows $2.3 billion the most of any lender. Others lent billions more. Blockchain.com, an early crypto company that provided digital wallets and evolved into a major exchange, faces $270 million in unpaid loans from 3AC and has laid off a quarter of its staff. The amount may be even greater but the suspicion is some lenders or investors did not come forward in order to preserve reputation and avoid scrutiny.

    2. 35 year old founders are Su Zhu and Kyle Davies, two Andover graduates who ran the Singapore-based crypto hedge fund. Pompous and condescending in reputation. Investors and exchange executives now estimate that, by the end, 3AC was leveraged around three times its assets, but some suspect it could be magnitudes more. They were also selling assets that belonged to 3AC’s partners and clients.

    3. On June 14, the same day Zhu posted his tweet, 3AC sent nearly $32 million in stablecoins to a crypto wallet belonging to an affiliated shell company in the Cayman Islands. “It was unclear where those funds subsequently went,” the liquidators wrote in their affidavit. But there is a working theory. In Three Arrows’ final days, the partners reached out to every wealthy crypto whale they knew to borrow more bitcoin, and top crypto executives and investors — from the U.S. to the Caribbean to Europe to Singapore — believe 3AC found willing lenders of last resort among organized-crime figures.

16. July - Contd. Contagion - Voyager Digital Collapse: July 16 investment firm Voyager Digital filed for bankruptcy. Shares of Voyager Digital crashed more than 60% (The company’s stock is down 95 per cent since its peak in November 2021) after it announced a loan of $650m+ ($665?) ($350mn worth of the stablecoin USDC along with 15,250 bitcoin) to 3AC. Under the proposed bankruptcy plan customers who had cryptocurrencies in their accounts would receive a combination of crypto, proceeds from the funds recovered from Three Arrows, shares in the newly reorganized company, and Voyager tokens. Voyager has more than 100,000 creditors, and lists assets and liabilities of between $1 billion and $10 billion.

    1. Voyager offers rewards to retail investors who deposit their crypto, as well as a debit card and an app for trading digital assets. In return it promised customers yields of up to 12 per cent. As of the end of March, it held $5.5bn of crypto assets payable to customers.

    2. Three Arrows Capital and Alameda had participated in a private placement of shares by Voyager that raised $58mn. Alameda owns 11 per cent of the company.

    3. New York based.

17. Jul - Contd Contagion - Celsius Collapse: Celsius halted withdrawals from hundreds of thousands of accounts, citing “extreme market conditions.”. In bankruptcy filings statements show that the company held $4.3 billion in assets against $5.5 billion in liabilities, representing a $1.2 billion deficit. User deposits made up the majority of liabilities at $4.72 billion, while Celsius’ assets include CEL tokens as assets valued at $600 million, mining assets worth $720 million and $1.75 billion in crypto assets (entire market cap for CEL is only $321 million, according to CoinGecko data).

    1. Celsius Network raised $400 million in an investment round in fall 2021 and, at its pinnacle, had amassed about $20 billion in assets.

    2. For years, the crypto lender had offered astronomically high yields — as much as 30 percent — to consumers who deposited bitcoin and other digital coins. While it acted much like a bank, billing itself as a democratized interest income and lending platform, accounts were not federally insured. Nor was it required to demonstrate that it had sufficient assets to pay back investors if they demanded their money. State regulators took notice, with officials in Alabama and New Jersey accusing Celsius of selling unregistered securities.

18. Jul - Multicoin Capital launches $430m cryptofund

19. Aug - Eigenlayer raises $14.4m in options/warrants

20. Aug - Nomad hack $190m: Nomad lost all its funds—held in Ethereum, USDC, DAI, FXS, and CQT—after hackers took advantage of a bug in the upgrade. The protocol offered 10% reward to hackers who returned the tokens which recovered $22m. Nomad has not published how the attack happened but security at Paradigm and auditor Zellic both say that a recent update to one of Nomad’s smart contracts made it easy for users to spoof transactions. This meant that when a user transferred funds from one blockchain to another, Nomad allegedly never checked the amount, enabling the user to withdraw funds that didn’t belong to them. The funds were drained over the course of an hour and the attacker interacted directly with the bridge, calling a single function, process() which is responsible for executing cross-chain messages and ensures that only valid messages are executed and only once. The bridge keeps an internal database of valid messages, its Merkle tree. Accepted messages are included into the tree by an off-chain updater and the tree root at the time of inclusion acts as a receipt (it is “proven"). Messages are marked as "PROCESSED", so that they cannot be replayed. acceptableRoot() has to deal with these cases: * Legacy messages are passed in as just 0, 1, or 2. * New messages are passed in as a bytes32 hash of the message. For the legacy messages, both 1 (PROVEN) and 2 (PROCESSED) are handled. But what about 0 (NONE)? In that case, the control flow falls through into the non-legacy logic. Here, _root is the zero hash. So what's in confirmAt[0]? Since 0 is the default map value, this allows any message to be processed. So you can pass process() any message you want (as long as it doesn't already exist in the system), and it will happily process it! Why is confirmAt[0] set to 1? Well, it was set all the way back when the contract was deployed and initialized. a simple logic mistake (forgetting to handle a case), combined with a conveniently initialized storage slot, created a path to exploitability for a critical vulnerability. Most exploiters were simple copy-cats. They only copied transactions stealing 100 WETH or 1M USDC. A skilled attacker could forge a message to steal ALL liquidity per asset in ONE CALL.

21. Oct - Binance Smart Chain (BSC on BNB) hacked for $566m (2m BNB): The exploit targeted the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens using artificial withdrawal proofs from the address of BSC: Token Hub using two transactions of 1m BNB each. The chain was halted and hackers were only able to move 10-20% of the funds ($137m) to other chains.

    1. On Oct 5, 2022, a day before the attack, a ChangeNOW wallet sent 100 BNB to the Attacker, which was then used to register as a Relayer for BSC Token Hub. BSC Token Hub acts as a vault, facilitating cross-chain transactions between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20). When an Externally Owned Account (EoA) or smart contract calls the BSC: Cross-Chain Bridge, the Relayers are responsible for submitting Cross-Chain Communication Packages between the two blockchains. By registering as a Relayer for BSC Cross-Chain Bridge, the Attacker’s relaying requests could be accepted by BSC, allowing the Attacker to exploit a bug through the way BSC Token Hub verifies proofs. After registering as a Relayer, the Attacker forged arbitrary messages on block height 110217401 (while the legitimate withdrawals’ block heights were much higher). This enabled the creation and subsequent withdrawal of the 2m BNB in two transactions: *At 6:26 PM UTC, the Attacker succeeded in delivering a 1m BNB package to its own address. *Between 8:32 PM and 8:42 PM UTC, the Attacker continued to make 15 failed attempts to deliver similar packages to its own address (the transactions failed with an error log of 'sequence not in order’).* Finally at 8:43 PM UTC, the Attacker succeeded in delivering the last 1m BNB package to its own address.

    2. The attacker utilized Venus, a popular lending protocol on BNB Chain, and put down 900k BNB as collateral to borrow various stablecoins, such as USDT, USDC and BUSD. At 6:30 PM UTC, 4 minutes after the first hack, the first lending transaction of 600k BNB happened, resulting in 27.5m vBNB tokens worth over $250m. Within 2 minutes of supplying the collateral, two borrowing transactions were made, the first amounting to 62.4m BUSD. Second borrowing transaction of 50m USDT. At 6:36 PM UTC, the second lending transaction of 300k BNB occurred, resulting in 13.7m vBNB (~$129m). Following this, the final borrowing of nearly 35m USDC was made. These stablecoins were then routed to multiple EVM-compatible chains using bridges such as Stargate Finance and Multichain, in incremental amounts of $400k-5m USD each. In each chain, the Attacker utilized various liquidity providers and lending protocols such as Curve Finance, Uniswap and Geist. The actions ranged from providing collateral to borrow certain tokens, swapping between stablecoins and conducting cross-asset swaps from stablecoins to Ethereum. After the Attacker managed to bridge, swap, transfer and provide collateral in these chains, the news spread on Twitter. Following this, three hours after the hack, BSC announced that the chain would be halted due to “irregular activity”. This prevented the Attacker from moving more funds onto other chains.

22. Nov - FTX Collapse: FTX is a cryptocurrency exchange. The exchange issued its own token, $FTT, and was the fourth-largest crypto exchange by volume as of Nov. 9. Alameda Research was a crypto trading firm. CoinDesk reported on Alameda’s troubled balance sheet on Nov. 2. Its largest assets, according to the report, are billions of dollars worth of FTT. The CEO of rival exchange Binance, Changpeng Zhao, also known as CZ, tweeted on Nov. 6 that he was planning to sell off Binance’s stockpile of FTT because of “recent revelations that have came to light,” (roughly $530m) referring to the Nov. 2 CoinDesk report of FTX and Alameda’s blurred funds. Zhao’s announcement led to a rapid decline in FTT’s value over the next day as suspicion grew that FTX didn’t have the liquidity needed to back transactions and stay afloat. The value of other coins — including BTC and ETH — declined as well, with Bitcoin dropping to a two-year low. Bankman-Fried said in a tweet on Nov. 10 that the platform saw $5 billion in withdrawals on Nov. 6. Zhao and Bankman-Fried struck a deal for Binance to acquire the non-U.S. branch of FTX. The exchange CEOs signed a nonbinding letter of intent on Nov. 8, essentially promising to bail out the failing exchange to prevent a larger market crash. On Nov. 8, FTX halted all non-fiat customer withdrawals. On Twitter, Bankman-Fried posted a string of apologies explaining FTX’s liquidity issues and promising more transparency. Binance withdrew from the deal. On Nov. 9, Zhao posted on Twitter that Binance had completed its “corporate due diligence” and said it would not be acquiring FTX. Zhao tweeted that the news reports of “mishandled customer funds” and “alleged U.S. agency investigations” contributed to his decision. Bankman-Fried appeared to reference Zhao’s influence on FTX’s fall in a cryptic post on Twitter where he said,  “Well played; you won.” On Nov 11 roughly 130 companies in FTX Group — including FTX Trading, FTX US, under West Realm Shires Services, and Alameda Research — had started proceedings to file for bankruptcy in the United States. FTX CEO Sam Bankman-Fried has also resigned from his position and will be succeeded by John Ray (led the infamous energy giant Enron through its bankruptcy and liquidation process). FTX and FTX.US crashed due to a lack of liquidity and mismanagement of funds, followed by a large volume of withdrawals from rattled investors. Chapter 11 bankruptcy allows businesses to restructure their debt and continue operations, unlike Chapter 7 bankruptcy, where assets are liquidated. FTX.US also temporarily froze withdrawals on Nov. 11, following the bankruptcy announcement, despite earlier reassurances that FTX.US was not affected by FTX's liquidity troubles. Withdrawals were later reopened. FTX and FTX.US wallets were emptied on the evening of Nov. 11 in an apparent hack. More than $600 million was drained from the wallets, CoinDesk reported. FTX posted about the hack on its support channel the instant-messaging service Telegram, saying, "FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans." Trojans are malware disguised as legitimate software. A Twitter user reported that hackers were also attempting to access bank accounts linked to FTX.US. Plaid, a service that connects customer bank accounts with financial applications, responded to “concerning public reports” by shutting off FTX’s access to their products, noting they didn’t see an indication their tools had been used fraudulently. FTX general counsel Ryne Miller posted on Twitter the same evening that the company would expedite moving remaining assets to cold storage — meaning offline — because of the "unauthorized transactions," referring to the apparent hack. An emergency motion was added to the FTX bankruptcy filing on Nov. 17 reported that there is “credible evidence” that Bahamian regulators directed Bankman-Fried to gain “unauthorized access” to FTX funds and transfer them to the Bahamian government. It’s unclear whether or when these transfers happened, as they would have occurred during the same time period as the hack. A press release from the Securities Commission of the Bahamas appears to support these reports.

23. Nov - BlockFi Bankruptcy: With assets and liabilities ranging from $1 billion to $10 billion, the firm had over 100,000 creditors. In addition, they had a $275,000,000 debt to Sam Bankman-Fried’s American subsidiary, FTX US. The application shows that the largest client has a balance of $28 million. BlockFi agreed earlier this year to accept a credit package from FTX worth up to $400 million to help it weather a liquidity restriction caused by the exchange’s exposure to the TerraUSD stablecoin’s collapse.

For blockchain programming and economic commentary follow me on 🐦 @0xfmoi. Support my work at 0xfmoi.eth.

My notes on 2022’s major crypto happenings 🤷🏼‍♀️ UNEDITED.

For blockchain programming and economic commentary follow me on 🐦 @0xfmoi. Support my work at 0xfmoi.eth.

*Defo pieces here and there are copy/pasted. These are an assembly of my notes for personal use only but thought I’d share them in case anyone was interested. Only critical sources have been cited.

2022 Crypto Major Happenings

1. Jan - Fireblocks raises $550m at $8bn valuation

2. Feb - Polygon raises $450m at a market cap of $13bn

3. Feb - Wormhole Bridge Hack $325m: Hackers targeted Solana (where users must first lock Ethereum into a smart contract to get an equivalent amount in Wrapped Ethereum, or WETH) to mint tokens. The attacker was able to mint new tokens on the Solana side of the bridge and drain the balance from Ethereum side of the bridge contract. They used a deprecated insecure function (load_instruction_at) to bypass signature verification so that Secp256k1 was called previous to verify_signatures. The role of signature verification is delegated several times from post_vaa to verify_signatures to Secp256k1. WETH is token pegged to the price of Ethereum on a 1:1 basis. 120,000 in WETH tokens were stolen which were worth $326m. Jump Trading, Wormhole’s parent company and a major player in the Solana ecosystem replaced what was stolen.

   1. The attacker creates a validator action approval (VAA) with a call to post_vaa. This VAA was used in a call to complete_wrapped to mint the 120,000 ETH extracted in the attack. The attacker “legitimately” extracted the minted tokens from the bridge. There was a failure to perform proper signature verification in the VAA creation process. This command doesn’t check the value of the system address, the Instructions sysvar. They created a fake version of the Instructions sysvar that was an account created previously that called the Secp256k1 contract.  The attacker passed in this account rather than the Instructions sysvar.  The check that Secp256k1 was called previously passed (even though it was in a completely different context), so the signatures were believed to have been properly verified.

   2. Source: https://halborn.com/explained-the-wormhole-hack-february-2022/

4. Mar - Haun Ventures launches $1.5bn cryptofund

5. Mar - Yuga Labs raises $450m at a $4bn valuation

6. Mar - Axie Infinity Hack: North Korean group Lazarus hacked Axie Infinity developer Sky Mavis via the Ronin network on Mar 23 2022 of 173,600 ETH and 25.5m USDC ($625m+ in total) is the biggest hack of all time. It was discovered on Mar 29 2022 when a user reported being unable to withdraw 5k of ETH from a Ronin bridge ATM. Separately the hackers used the stolen funds to short $AXS and $RON but were liquidated before the news broke. Through a series of social engineering attacks, Lazarus used LinkedIn creating a fake company, fake interviews, and an “extremely generous” fake job offer to get engineers to click a compromised PDF. Through hacking the personal computer the hackers were able the private keys to take control of four of the validator nodes. The hackers used a backdoor through Axie’s gas-free RPC node to get the fifth signature for the Axie DAO validator. In November 2021 when Axie’s user base became untenably big and Axie had to lax its security by allowing Sky Mavis to sign transactions. Two transactions were made after obtaining 5/9 signatures required for a multisig withdrawal to drain the Sky Mavis treasury. Real life legal action was taken and Axie Infinity launched “Origins” to pivot away from its reputation as a game focused on making money.

   1. FBI discovered it was Lazarus.

   2. A fresh address was used for depositing the stolen funds.

   3. Hackers laundered the funds through three centralised exchanges and through Tornado Cash and apparently only laundered about 7.5% or $42m of the funds.

   4. Axie reimbursed $150m (mostly due to the dwindling price of Ether) back to users in a raise led by crypto exchange Binance and other investors. Around $400m belonged to users. Reimbursements expected to start on June 28.

   5. Axie was opened for new transactions on Ronin.

   6. Axie originally claimed these were advanced spear-phishing attacks targeted at an employee who no longer worked at Sky Mavis.

   7. Ronin bridge was halted for several weeks and began running again on June 28 after a hard fork.

   8. The hacker address was on the watchlist before the exploit

   9. Ronin is a side chain.

   10. “This was a social engineering attack combined with human error from December 2021. Sky Mavis tech is solid and we will be adding several new validators to the Ronin Network shortly to further decentralize the network,” said Axie Infinity co-founder and chief operating officer Aleksander Leonard Larsen.

7. Apr - Framework Ventures launches $400m cryptofund

8. Apr - Ava Labs (Avalanche) raises $350m at $5.25bn valuation

9. Apr - Near Protocol launches $350m ecosystem fund

10. Apr - Binance.US raises $200m at a pre-money valuation of $4.5bn

11. May - Terra Classic De-PEG: $2b worth of TerraUSD (USTC) was removed from the Anchor protocol on May 7 dropping USTC from from $1 to $0.91 which catalysed trading of $0.90 in USTC for $1 in LUNA (now LUNC or Luna Classic). By May 9 USTC was worth $0.35. Between May 7 and 10, in total, the top 20 addresses withdrew a total of 2B UST from Anchor through a total of 5,051 transactions. Seven “initiating” wallets swapped significant amounts of UST vs other stablecoins on Curve as early as the night of May 7 (UTC). These seven wallets had withdrawn sizable amounts of UST from the Anchor protocol on May 7 and before (as early as April) and bridged UST to the Ethereum blockchain via Wormhole. Thse players exploited inherent vulnerabilities - specifically in relation to the shallow liquidity of the Curve pools securing the UST’s peg to the other stablecoins. $40bn in market cap was wiped out.

    1. The Terra network formed by Terraform Labs was made up of multiple types of currencies.

    2. TerraUSD (USDT) is linked to sister token LUNA (or Terra, which is also the protocol’s governance token), whose price is set by the market.1 UST = $1 LUNA so you’d always get $1 value back. UST is an ERC20 algorithm stablecoin that sought to maintain its $1 value through a network of arbitrageurs who buy and sell in order to maintain the price and a system of minting and burning. In addition to mining fees validators were incentivised through stability fees (Tobin Tax, which refers to a percentage fee added to any swap between Terra stablecoins; and spread fees, which is a percentage fee added to any swap between Terra and Luna, the minimum spread fee being 0.5%). If UST > $1, the equivalent in LUNA would be burned thus minting the equivalent in UST creating more UST and lowering its value. If UST < $1 UST would be swapped with LUNA. The tokens live on Cosmos.

    3. LUNA’s popularity rose due to lending protocol Anchor offering 20% APY.

    4. In 2018 Do Kwon and Daniel Shin propose the formation of the Terra network. Terra is incorporated in Singapore. Jan 30 2019 LUNA ICOs via a private round - Terraform Labs charged $0.18 per token during Seed and $0.80 in the private round.

    5. In Jan 2022 Do Kwon sets up the Luna Foundation Guard (LFG) which is “mandated to build reserves supporting the $UST peg amid volatile market conditions”. Jump Crypto and 3AC are its lead investors in the purchase of $1 billion through the sale of LUNA tokens to buy bitcoin for UST’s reserve system.

12. May - Huobi Global launches $1bn cryptofund

13. May - Dapper Labs launches $725m ecosystem fund

14. Jun - Binance Labs launches $500m cryptofund

15. July - Contagion - Three Arrows Capital (3AC) Collapse and the beginning of the 2022 crypto crash and institutional liquidity crisis: digital assets plunged 70%+ erasing more than a trillion dollars in value. FTX bailed out some of the bankrupt crypto lenders. One of the fund’s biggest positions was in Grayscale Bitcoin Trust (GBTC) at about $2bn. GBTC’s premium had been a result of the initial uniqueness of the product — it was a way to own bitcoin in your eTrade account without having to deal with crypto exchanges and esoteric wallets. As more people piled into the trade and new alternatives emerged, that premium disappeared — then went negative. In February 3AC longed $200m in LUNA. 3AC’s LUNA holdings of $500m reduced to $604. blockchain.com wrote to 3AC and Davies regarding its LUNA holdings and wanted to call back a significant portion of its $270m loan. Davies said they would boycott the company if they called back the loan, sending a unsettling signal out. The founders internally stopped scheduling and showing up to meetings. In late May Zhu and Davies began calling investors to borrow more quantities in BTC at the usual hefty interest rates they’d built a reputation for. A scrambling of selling positions and margin/collateral calls sent prices spiralling to multi-year lows. The crypto market lost $2tr in the downfall going from $3tr to 1.

    1. Voyager Digital, a publicly traded crypto exchange based in New York that once had a multibillion-dollar valuation, filed for Chapter 11 in July, reporting that Three Arrows owed it more than $650 million. Genesis Global Trading had lent Three Arrows $2.3 billion the most of any lender. Others lent billions more. Blockchain.com, an early crypto company that provided digital wallets and evolved into a major exchange, faces $270 million in unpaid loans from 3AC and has laid off a quarter of its staff. The amount may be even greater but the suspicion is some lenders or investors did not come forward in order to preserve reputation and avoid scrutiny.

    2. 35 year old founders are Su Zhu and Kyle Davies, two Andover graduates who ran the Singapore-based crypto hedge fund. Pompous and condescending in reputation. Investors and exchange executives now estimate that, by the end, 3AC was leveraged around three times its assets, but some suspect it could be magnitudes more. They were also selling assets that belonged to 3AC’s partners and clients.

    3. On June 14, the same day Zhu posted his tweet, 3AC sent nearly $32 million in stablecoins to a crypto wallet belonging to an affiliated shell company in the Cayman Islands. “It was unclear where those funds subsequently went,” the liquidators wrote in their affidavit. But there is a working theory. In Three Arrows’ final days, the partners reached out to every wealthy crypto whale they knew to borrow more bitcoin, and top crypto executives and investors — from the U.S. to the Caribbean to Europe to Singapore — believe 3AC found willing lenders of last resort among organized-crime figures.

16. July - Contd. Contagion - Voyager Digital Collapse: July 16 investment firm Voyager Digital filed for bankruptcy. Shares of Voyager Digital crashed more than 60% (The company’s stock is down 95 per cent since its peak in November 2021) after it announced a loan of $650m+ ($665?) ($350mn worth of the stablecoin USDC along with 15,250 bitcoin) to 3AC. Under the proposed bankruptcy plan customers who had cryptocurrencies in their accounts would receive a combination of crypto, proceeds from the funds recovered from Three Arrows, shares in the newly reorganized company, and Voyager tokens. Voyager has more than 100,000 creditors, and lists assets and liabilities of between $1 billion and $10 billion.

    1. Voyager offers rewards to retail investors who deposit their crypto, as well as a debit card and an app for trading digital assets. In return it promised customers yields of up to 12 per cent. As of the end of March, it held $5.5bn of crypto assets payable to customers.

    2. Three Arrows Capital and Alameda had participated in a private placement of shares by Voyager that raised $58mn. Alameda owns 11 per cent of the company.

    3. New York based.

17. Jul - Contd Contagion - Celsius Collapse: Celsius halted withdrawals from hundreds of thousands of accounts, citing “extreme market conditions.”. In bankruptcy filings statements show that the company held $4.3 billion in assets against $5.5 billion in liabilities, representing a $1.2 billion deficit. User deposits made up the majority of liabilities at $4.72 billion, while Celsius’ assets include CEL tokens as assets valued at $600 million, mining assets worth $720 million and $1.75 billion in crypto assets (entire market cap for CEL is only $321 million, according to CoinGecko data).

    1. Celsius Network raised $400 million in an investment round in fall 2021 and, at its pinnacle, had amassed about $20 billion in assets.

    2. For years, the crypto lender had offered astronomically high yields — as much as 30 percent — to consumers who deposited bitcoin and other digital coins. While it acted much like a bank, billing itself as a democratized interest income and lending platform, accounts were not federally insured. Nor was it required to demonstrate that it had sufficient assets to pay back investors if they demanded their money. State regulators took notice, with officials in Alabama and New Jersey accusing Celsius of selling unregistered securities.

18. Jul - Multicoin Capital launches $430m cryptofund

19. Aug - Eigenlayer raises $14.4m in options/warrants

20. Aug - Nomad hack $190m: Nomad lost all its funds—held in Ethereum, USDC, DAI, FXS, and CQT—after hackers took advantage of a bug in the upgrade. The protocol offered 10% reward to hackers who returned the tokens which recovered $22m. Nomad has not published how the attack happened but security at Paradigm and auditor Zellic both say that a recent update to one of Nomad’s smart contracts made it easy for users to spoof transactions. This meant that when a user transferred funds from one blockchain to another, Nomad allegedly never checked the amount, enabling the user to withdraw funds that didn’t belong to them. The funds were drained over the course of an hour and the attacker interacted directly with the bridge, calling a single function, process() which is responsible for executing cross-chain messages and ensures that only valid messages are executed and only once. The bridge keeps an internal database of valid messages, its Merkle tree. Accepted messages are included into the tree by an off-chain updater and the tree root at the time of inclusion acts as a receipt (it is “proven"). Messages are marked as "PROCESSED", so that they cannot be replayed. acceptableRoot() has to deal with these cases: * Legacy messages are passed in as just 0, 1, or 2. * New messages are passed in as a bytes32 hash of the message. For the legacy messages, both 1 (PROVEN) and 2 (PROCESSED) are handled. But what about 0 (NONE)? In that case, the control flow falls through into the non-legacy logic. Here, _root is the zero hash. So what's in confirmAt[0]? Since 0 is the default map value, this allows any message to be processed. So you can pass process() any message you want (as long as it doesn't already exist in the system), and it will happily process it! Why is confirmAt[0] set to 1? Well, it was set all the way back when the contract was deployed and initialized. a simple logic mistake (forgetting to handle a case), combined with a conveniently initialized storage slot, created a path to exploitability for a critical vulnerability. Most exploiters were simple copy-cats. They only copied transactions stealing 100 WETH or 1M USDC. A skilled attacker could forge a message to steal ALL liquidity per asset in ONE CALL.

21. Oct - Binance Smart Chain (BSC on BNB) hacked for $566m (2m BNB): The exploit targeted the cross-chain bridge BSC Token Hub. Hackers essentially conjured tokens using artificial withdrawal proofs from the address of BSC: Token Hub using two transactions of 1m BNB each. The chain was halted and hackers were only able to move 10-20% of the funds ($137m) to other chains.

    1. On Oct 5, 2022, a day before the attack, a ChangeNOW wallet sent 100 BNB to the Attacker, which was then used to register as a Relayer for BSC Token Hub. BSC Token Hub acts as a vault, facilitating cross-chain transactions between BNB Beacon Chain (BEP2) and Binance Smart Chain (BEP20). When an Externally Owned Account (EoA) or smart contract calls the BSC: Cross-Chain Bridge, the Relayers are responsible for submitting Cross-Chain Communication Packages between the two blockchains. By registering as a Relayer for BSC Cross-Chain Bridge, the Attacker’s relaying requests could be accepted by BSC, allowing the Attacker to exploit a bug through the way BSC Token Hub verifies proofs. After registering as a Relayer, the Attacker forged arbitrary messages on block height 110217401 (while the legitimate withdrawals’ block heights were much higher). This enabled the creation and subsequent withdrawal of the 2m BNB in two transactions: *At 6:26 PM UTC, the Attacker succeeded in delivering a 1m BNB package to its own address. *Between 8:32 PM and 8:42 PM UTC, the Attacker continued to make 15 failed attempts to deliver similar packages to its own address (the transactions failed with an error log of 'sequence not in order’).* Finally at 8:43 PM UTC, the Attacker succeeded in delivering the last 1m BNB package to its own address.

    2. The attacker utilized Venus, a popular lending protocol on BNB Chain, and put down 900k BNB as collateral to borrow various stablecoins, such as USDT, USDC and BUSD. At 6:30 PM UTC, 4 minutes after the first hack, the first lending transaction of 600k BNB happened, resulting in 27.5m vBNB tokens worth over $250m. Within 2 minutes of supplying the collateral, two borrowing transactions were made, the first amounting to 62.4m BUSD. Second borrowing transaction of 50m USDT. At 6:36 PM UTC, the second lending transaction of 300k BNB occurred, resulting in 13.7m vBNB (~$129m). Following this, the final borrowing of nearly 35m USDC was made. These stablecoins were then routed to multiple EVM-compatible chains using bridges such as Stargate Finance and Multichain, in incremental amounts of $400k-5m USD each. In each chain, the Attacker utilized various liquidity providers and lending protocols such as Curve Finance, Uniswap and Geist. The actions ranged from providing collateral to borrow certain tokens, swapping between stablecoins and conducting cross-asset swaps from stablecoins to Ethereum. After the Attacker managed to bridge, swap, transfer and provide collateral in these chains, the news spread on Twitter. Following this, three hours after the hack, BSC announced that the chain would be halted due to “irregular activity”. This prevented the Attacker from moving more funds onto other chains.

22. Nov - FTX Collapse: FTX is a cryptocurrency exchange. The exchange issued its own token, $FTT, and was the fourth-largest crypto exchange by volume as of Nov. 9. Alameda Research was a crypto trading firm. CoinDesk reported on Alameda’s troubled balance sheet on Nov. 2. Its largest assets, according to the report, are billions of dollars worth of FTT. The CEO of rival exchange Binance, Changpeng Zhao, also known as CZ, tweeted on Nov. 6 that he was planning to sell off Binance’s stockpile of FTT because of “recent revelations that have came to light,” (roughly $530m) referring to the Nov. 2 CoinDesk report of FTX and Alameda’s blurred funds. Zhao’s announcement led to a rapid decline in FTT’s value over the next day as suspicion grew that FTX didn’t have the liquidity needed to back transactions and stay afloat. The value of other coins — including BTC and ETH — declined as well, with Bitcoin dropping to a two-year low. Bankman-Fried said in a tweet on Nov. 10 that the platform saw $5 billion in withdrawals on Nov. 6. Zhao and Bankman-Fried struck a deal for Binance to acquire the non-U.S. branch of FTX. The exchange CEOs signed a nonbinding letter of intent on Nov. 8, essentially promising to bail out the failing exchange to prevent a larger market crash. On Nov. 8, FTX halted all non-fiat customer withdrawals. On Twitter, Bankman-Fried posted a string of apologies explaining FTX’s liquidity issues and promising more transparency. Binance withdrew from the deal. On Nov. 9, Zhao posted on Twitter that Binance had completed its “corporate due diligence” and said it would not be acquiring FTX. Zhao tweeted that the news reports of “mishandled customer funds” and “alleged U.S. agency investigations” contributed to his decision. Bankman-Fried appeared to reference Zhao’s influence on FTX’s fall in a cryptic post on Twitter where he said,  “Well played; you won.” On Nov 11 roughly 130 companies in FTX Group — including FTX Trading, FTX US, under West Realm Shires Services, and Alameda Research — had started proceedings to file for bankruptcy in the United States. FTX CEO Sam Bankman-Fried has also resigned from his position and will be succeeded by John Ray (led the infamous energy giant Enron through its bankruptcy and liquidation process). FTX and FTX.US crashed due to a lack of liquidity and mismanagement of funds, followed by a large volume of withdrawals from rattled investors. Chapter 11 bankruptcy allows businesses to restructure their debt and continue operations, unlike Chapter 7 bankruptcy, where assets are liquidated. FTX.US also temporarily froze withdrawals on Nov. 11, following the bankruptcy announcement, despite earlier reassurances that FTX.US was not affected by FTX's liquidity troubles. Withdrawals were later reopened. FTX and FTX.US wallets were emptied on the evening of Nov. 11 in an apparent hack. More than $600 million was drained from the wallets, CoinDesk reported. FTX posted about the hack on its support channel the instant-messaging service Telegram, saying, "FTX has been hacked. FTX apps are malware. Delete them. Chat is open. Don't go on FTX site as it might download Trojans." Trojans are malware disguised as legitimate software. A Twitter user reported that hackers were also attempting to access bank accounts linked to FTX.US. Plaid, a service that connects customer bank accounts with financial applications, responded to “concerning public reports” by shutting off FTX’s access to their products, noting they didn’t see an indication their tools had been used fraudulently. FTX general counsel Ryne Miller posted on Twitter the same evening that the company would expedite moving remaining assets to cold storage — meaning offline — because of the "unauthorized transactions," referring to the apparent hack. An emergency motion was added to the FTX bankruptcy filing on Nov. 17 reported that there is “credible evidence” that Bahamian regulators directed Bankman-Fried to gain “unauthorized access” to FTX funds and transfer them to the Bahamian government. It’s unclear whether or when these transfers happened, as they would have occurred during the same time period as the hack. A press release from the Securities Commission of the Bahamas appears to support these reports.

23. Nov - BlockFi Bankruptcy: With assets and liabilities ranging from $1 billion to $10 billion, the firm had over 100,000 creditors. In addition, they had a $275,000,000 debt to Sam Bankman-Fried’s American subsidiary, FTX US. The application shows that the largest client has a balance of $28 million. BlockFi agreed earlier this year to accept a credit package from FTX worth up to $400 million to help it weather a liquidity restriction caused by the exchange’s exposure to the TerraUSD stablecoin’s collapse.

For blockchain programming and economic commentary follow me on 🐦 @0xfmoi. Support my work at 0xfmoi.eth.