Missing from the article - the hacker first compromised Resolv Lab's AWS account, took a private key from KMS that was used to control minting, then managed to extract $25 million into ETH before all protocol functions were suspended.
They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked.
So there was a traditional hack at the core of this heist, not just a smart contract exploit.
Usually I would expect proof for a positive - like that it was an inside job, or there being an indication of it. I'm not saying whether it was or not, just that it seems unusual for you to ask about proof of it NOT being an inside job.
When it comes to crypticurrencies, no, the "hack" that turns out to be an inside-job rugpull is so common that the correct burden of proof is on the people who think this wasn't an inside job.
Stablecoins enable cash-like (instantly redeemable and verifiable) payments for large amounts, for almost free.
In EU countries, you can't now buy a car with cash. You have to buy a bearer's check from your bank, which is expensive, requires that both parties have a brick and mortar bank, and doesn't work cross-border. Stablecoins solve this.
No-one in the real world wants to be paid with a $USR. Most everyone wants a cashapp/zelle/PayPal/wire transfer. The bullshit payment systems gained ground on crypto while crypto became more difficult/less usable
I don't know what USR is, but I would prefer to be paid in USDT or USC if Wealthsimple supported it as deposit method. When I withdraw, I do Deel -> Wise -> Interac e-Transfer -> Bank -> Interac e-Transfer -> Wealthsimple. This is incredibly stupid and I am forced to buy Canadian dollars. For groceries or electronics, you can buy gift cards using crypto.
If you track the FATFs crushing of bearer bonds, bearer notes, non-KYC/non-AML offshore banking, and Hawala it almost perfectly tracks with the rise of crypto.
But you do have to deal with bullshit payment systems. I can't receive stablecoins in my regular bank account, I'd have to set up some crypto nonsense on DankRocketBets or whatever for it to even work.
Why would I do this when I can already receive actual USD without any extra ceremony?
Stablecoins are a solution in search of a problem.
If your employer does direct deposit of USD into your USD bank account, you don't need stable coins. This is not the case for most people outside of the U.S.
Most people don't realize they're inside a plexiglass shielded financial jail until they try to do something like wiring money for some legal activity in someplace spicy or on the FATF grey list.
If you fall into the middle bands of uses, or in the upper class that can just bend or make the rules, then the financial system is well oiled and it looks like the people questioning it are just cranks.
It's true that a lot of those in the outer bands are criminals but others are things like "buying a truck to build an orphanage for starving Iraqi children just outside of terrorist territory" or "wanted an investment visa in some corrupt island paradise and as it turns out no bank will open up account for purposes of 'international wires to the Comoros' "
Makes it easier to do pump and dumps, was never about "privacy" or "decentralization" as web3 types parroted 4-5 years ago. Monero is the exception btw.
I mean they use Blockchain, right? Isn't that like the only real requirement for the name crypto?
As long as you burn as much electricity as Andorra does in a week just to make a transaction, you're probably a cryptocurrency. And that's their sole benefit it seems.
>I mean they use Blockchain, right? Isn't that like the only real requirement for the name crypto?
Absolutely not. Cryptocurrently exclusively refers to permissionless, decentralized, cryptographically secured, irreversible, fungible monetary system with a disinflationary or non-inflationary supply, following a voluntary, collectivized governance model.
A vast majority of tokens colloquially referred to as "cryptocurrency" couldn't be further from these principles. There are no stablecoins that are cryptocurrency. Ethereum is not cryptocurrency. Any coin issued by a corporation (e.g. Ripple) is not a cryptocurrency.
I don't know how this specific thing works, but I don't really see any fundamental problem with mixing and matching. If you believe in the benefits of crypto, then 50% crypto is still possibly better than 0%.
It's not like I forgo a lock on my front door just because my windows are made of glass.
Not really. At a traditional bank I have to trust n people with varying degrees of access. Et ceteris paribus, any reduction in n is an improvement, even if n is not zero.
Of course n can be smaller and the specific people less trustworthy, but that's quite a different thing.
At a traditional bank you have your national deposit insurance scheme; you get that in return for converting your "assets" to the said nations issued currency but accept the authorities control of the money supply and your funds.
With decentralised money, you get the safety of a globally distributed attestation backed by cryptography without a single authority controlling the supply of money or your funds.
There is no halfway option. You either have a single authority that can exercise control or you do not; number of delegates for exercise of control is almost irrelevant since you can change banks.
That access is to provide account support, no? Reverse fraudulent transactions and the like. A "bank" could just not do that save for if you're a large enough client to merit attention but why would I want to bank there if I'm not a large enough client?
FDIC deposit insurance does not protect against losses due to theft or fraud, which are addressed by other laws.
That's covered by private bankers bond insurance, much like you could get for a decentralized stored pots of gold or you can buy insurance in the form of put options (like on IBIT) on the loss of value of bitcoin or if your cold wallet is stolen you can initiate legal proceedings against the thief.
What is the point of stable coins? Like why does anyone buy them?
It seems to me that their initial value is 1usd per token (or some other fiat I guess) and that's also the roof of their value: they kinda guarantee that they won't become more valuable than that.
They are less usable than fiat: more businesses accept fiat than crypto, especially weird and small coins like all stable coins are.
There isn't really a floor to their value, as demonstrated here.
I see plenty of downsides of owning one of these coins, but not a single upside?
Yet people apparently do buy them, so what is the upside? There must surely be something that's good about them?
I think the idea is if you're attempting to actually use crypto in the way that you would normally use money (ie, to buy/sell stuff) then you don't want the volatility. So in theory, it takes away the volatility while living within the crypto ecosystem.
But obviously...things happen. Just like cash is usually relatively non-volatile, but financial crashes happen.
The main use is just having something dollar-like that you can move around easily. That’s useful outside the US, but also for plenty of people inside the US depending on what they’re doing; especially businesses that have a hard time getting or keeping normal banking (cough gambling, porn, weed cough).
They’re handy inside crypto since you can move in/out of other assets without touching a bank. And sometimes you can earn yield on them, which is part of the appeal (with the usual “this can blow up” caveats).
Also, there’s a reason every company wants to launch one: if you control the stablecoin, you get the float and the rails. That’s a pretty nice business if people actually use it.
If you already have solid access to USD and don’t care about that flexibility, they’re less compelling.
But yeah, not risk-free at all (depegs, issuer risk, etc). And honestly there probably isn’t much real need for dozens of slightly different stables beyond the business incentives.
Stablecoins present less frictions, have cheaper transaction costs and less intermediaries susceptible to block them. It greatly increases the velocity of money.
Let’s be honest, it’s principally for illicit use, a tiny fraction of privacy folks and then a lot of people caught in between who don’t understand yield but want to bet on a volatile asset and have to use a stablecoin to go between. (Because the backers of the volatile thing are doing something illicit.)
Not that it matters much, but this summary isn't right. The contract wasn't "exploited." The company's AWS account was compromised, giving the attacker access to a (off-chain) private key.
The contract relied on the key to mint new tokens. The hacker gained access to the key (through AWS) and with it minted as much as they'd like. It is certainly a valid take that a contract that only required the private key to mint an unlimited amount of the token isn't a good one, but you don't exploit someone's front door lock by grabbing the key from under the welcome mat.
The contract code said, "if you have a valid (off-chain) private key, you can mint tokens." The hacker gained access to their AWS account and ultimately their keys.
While I am happy to celebrate dumb crypto stuff, this isn't a situation where someone's code was "exploited." Their code was stupid, relying only on an off-chain private key to allow the minting of tokens. Their security was just also bad.
Yeah, people who genuinely believe that don't have any problem with smart contracts getting exploited. Of course there are people who _say_ that because it's financially expedient at the time, then change their tune. But both groups exist and this is not really a gotcha.
Missing from the article - the hacker first compromised Resolv Lab's AWS account, took a private key from KMS that was used to control minting, then managed to extract $25 million into ETH before all protocol functions were suspended.
Do you have a source for that information? I'd like to read more on it.
According to a writeup at https://www.chainalysis.com/blog/lessons-from-the-resolv-hac... this started with a plain old hack that compromised their signing key.
They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked.
So there was a traditional hack at the core of this heist, not just a smart contract exploit.
Is there any proof, or even indication, that this wasn't an inside job?
Usually I would expect proof for a positive - like that it was an inside job, or there being an indication of it. I'm not saying whether it was or not, just that it seems unusual for you to ask about proof of it NOT being an inside job.
When it comes to crypticurrencies, no, the "hack" that turns out to be an inside-job rugpull is so common that the correct burden of proof is on the people who think this wasn't an inside job.
Could this be an inside job?
>"However, the hacker was only able to siphon off $25 million; the rest was locked into the protocol after system admins got alerted."
"Only" ?!!! Poor thing.
If the admins can "lock all transactions", what's the point of it being a crypto?
Exactly. Stablecoins make zero sense.
Stablecoins enable cash-like (instantly redeemable and verifiable) payments for large amounts, for almost free.
In EU countries, you can't now buy a car with cash. You have to buy a bearer's check from your bank, which is expensive, requires that both parties have a brick and mortar bank, and doesn't work cross-border. Stablecoins solve this.
How do stablecoins fit in here? You can buy a car with crypto but not cash?
you can send them around easily without having to deal with bullshit payment systems
No-one in the real world wants to be paid with a $USR. Most everyone wants a cashapp/zelle/PayPal/wire transfer. The bullshit payment systems gained ground on crypto while crypto became more difficult/less usable
PYUSD is run by PayPal afaik.
I don't know what USR is, but I would prefer to be paid in USDT or USC if Wealthsimple supported it as deposit method. When I withdraw, I do Deel -> Wise -> Interac e-Transfer -> Bank -> Interac e-Transfer -> Wealthsimple. This is incredibly stupid and I am forced to buy Canadian dollars. For groceries or electronics, you can buy gift cards using crypto.
If you track the FATFs crushing of bearer bonds, bearer notes, non-KYC/non-AML offshore banking, and Hawala it almost perfectly tracks with the rise of crypto.
But you do have to deal with bullshit payment systems. I can't receive stablecoins in my regular bank account, I'd have to set up some crypto nonsense on DankRocketBets or whatever for it to even work.
Why would I do this when I can already receive actual USD without any extra ceremony?
Stablecoins are a solution in search of a problem.
If your employer does direct deposit of USD into your USD bank account, you don't need stable coins. This is not the case for most people outside of the U.S.
I am outside the US. Many of my assets are in USD and USD-denominated securities. I've never touched a stablecoin.
Waiting to hear what "most people outside the US" are supposed to need those stablecoins for.
Most people don't realize they're inside a plexiglass shielded financial jail until they try to do something like wiring money for some legal activity in someplace spicy or on the FATF grey list.
If you fall into the middle bands of uses, or in the upper class that can just bend or make the rules, then the financial system is well oiled and it looks like the people questioning it are just cranks.
It's true that a lot of those in the outer bands are criminals but others are things like "buying a truck to build an orphanage for starving Iraqi children just outside of terrorist territory" or "wanted an investment visa in some corrupt island paradise and as it turns out no bank will open up account for purposes of 'international wires to the Comoros' "
This comment isn't really beating the rap that the primary purpose of stablecoins is to facilitate crime.
Monero is better for that task.
Until it becomes another bullshit payment system
Makes it easier to do pump and dumps, was never about "privacy" or "decentralization" as web3 types parroted 4-5 years ago. Monero is the exception btw.
Stablecoins aren't cryptocurrencies in any sense of the word. It's just electronic FIAT.
I mean they use Blockchain, right? Isn't that like the only real requirement for the name crypto?
As long as you burn as much electricity as Andorra does in a week just to make a transaction, you're probably a cryptocurrency. And that's their sole benefit it seems.
Most blockchains nowadays are not proof of work anymore.
>I mean they use Blockchain, right? Isn't that like the only real requirement for the name crypto?
Absolutely not. Cryptocurrently exclusively refers to permissionless, decentralized, cryptographically secured, irreversible, fungible monetary system with a disinflationary or non-inflationary supply, following a voluntary, collectivized governance model.
A vast majority of tokens colloquially referred to as "cryptocurrency" couldn't be further from these principles. There are no stablecoins that are cryptocurrency. Ethereum is not cryptocurrency. Any coin issued by a corporation (e.g. Ripple) is not a cryptocurrency.
If your definition excludes Ethereum your understanding of the term so differs from everyone else's that we aren't talking about the same thing
I don't know how this specific thing works, but I don't really see any fundamental problem with mixing and matching. If you believe in the benefits of crypto, then 50% crypto is still possibly better than 0%.
It's not like I forgo a lock on my front door just because my windows are made of glass.
Currency isn't a homebrew computer or backyard car project; it is either centralised or not; there is no in between.
Blockchain with central authority is the worst of both worlds.
Very much this, it’s all the technical rigour, code debt, and none of controls/reversibility.
At least when I report fraud to credit card or my bank, they can stop or undo/chargeback a transaction.
And if it is centralised, what is the point of blockchain? Just run it out a Postgres database.
Not really. At a traditional bank I have to trust n people with varying degrees of access. Et ceteris paribus, any reduction in n is an improvement, even if n is not zero.
Of course n can be smaller and the specific people less trustworthy, but that's quite a different thing.
At a traditional bank you have your national deposit insurance scheme; you get that in return for converting your "assets" to the said nations issued currency but accept the authorities control of the money supply and your funds.
With decentralised money, you get the safety of a globally distributed attestation backed by cryptography without a single authority controlling the supply of money or your funds.
There is no halfway option. You either have a single authority that can exercise control or you do not; number of delegates for exercise of control is almost irrelevant since you can change banks.
That access is to provide account support, no? Reverse fraudulent transactions and the like. A "bank" could just not do that save for if you're a large enough client to merit attention but why would I want to bank there if I'm not a large enough client?
Ok so we are expected to trust; the creator/s, some random hacker, whoever else has the key? So the value here is between 2 and 'many'.
If my money in the bank is stolen I have legal recourse.
is insured by the FDIC legal recourse?
FDIC does not cover bank theft[].
That's covered by private bankers bond insurance, much like you could get for a decentralized stored pots of gold or you can buy insurance in the form of put options (like on IBIT) on the loss of value of bitcoin or if your cold wallet is stolen you can initiate legal proceedings against the thief.[] https://www.fdic.gov/news/fact-sheets/crypto-fact-sheet-7-28...
What is the point of stable coins? Like why does anyone buy them?
It seems to me that their initial value is 1usd per token (or some other fiat I guess) and that's also the roof of their value: they kinda guarantee that they won't become more valuable than that.
They are less usable than fiat: more businesses accept fiat than crypto, especially weird and small coins like all stable coins are.
There isn't really a floor to their value, as demonstrated here.
I see plenty of downsides of owning one of these coins, but not a single upside?
Yet people apparently do buy them, so what is the upside? There must surely be something that's good about them?
I think the idea is if you're attempting to actually use crypto in the way that you would normally use money (ie, to buy/sell stuff) then you don't want the volatility. So in theory, it takes away the volatility while living within the crypto ecosystem.
But obviously...things happen. Just like cash is usually relatively non-volatile, but financial crashes happen.
They’re not really meant to go up in value.
The main use is just having something dollar-like that you can move around easily. That’s useful outside the US, but also for plenty of people inside the US depending on what they’re doing; especially businesses that have a hard time getting or keeping normal banking (cough gambling, porn, weed cough).
They’re handy inside crypto since you can move in/out of other assets without touching a bank. And sometimes you can earn yield on them, which is part of the appeal (with the usual “this can blow up” caveats).
Also, there’s a reason every company wants to launch one: if you control the stablecoin, you get the float and the rails. That’s a pretty nice business if people actually use it.
If you already have solid access to USD and don’t care about that flexibility, they’re less compelling.
But yeah, not risk-free at all (depegs, issuer risk, etc). And honestly there probably isn’t much real need for dozens of slightly different stables beyond the business incentives.
Ah, so we're basically battling the prudishness of VISA and MasterCard?
That... Actually makes sense.. Which is a rare feat for crypto!
Stablecoins present less frictions, have cheaper transaction costs and less intermediaries susceptible to block them. It greatly increases the velocity of money.
To take advantage of the ability to send money that way without the volatility
Let’s be honest, it’s principally for illicit use, a tiny fraction of privacy folks and then a lot of people caught in between who don’t understand yield but want to bet on a volatile asset and have to use a stablecoin to go between. (Because the backers of the volatile thing are doing something illicit.)
You are a decade late, nowadays stablecoins are commonly used in international trade. Most Alibaba sellers accept USDT nowadays, same for Indian ones.
And what happened next? He mixed those coins? Transformed them into monero?
Hacker? The coins were minted with perfectly valid code.
Oh wow, there's another interesting story on that site:
> Trump Administration Likely to Un-ban Bitcoin Mixers, Dept. of Treasury Says They are “Not Unlawful”
https://bfmtimes.com/trump-likely-to-un-ban-bitcoin-mixers/
I thought Tornado Cash was already taken off the OFAC list a year ago.
stable as in house always wins?
stable as in "close the stable doors after the horse has bolted"
Self-Funding Bug Bounties strike again.
Sounds like it's working as designed!
How is this industry still an industry?
People love gambling. Get rich quick pitches have always been popular.
Now, as to why the SEC hasn’t regulated crypto out of existence.. I refer you to dementia Don
Joe had 4 years, Barack had 8. The office of the president doesn't seem motivated to regulate crypto
Regulation (laws) are handled by the Congress, not the Executive.
Congress has passed laws to delegate details to the executive departments. Congress lacks the expertise to do any kind of precision in regulation.
Tl;dr another bug in a smart contract exploited, hacker got away clean.
Not that it matters much, but this summary isn't right. The contract wasn't "exploited." The company's AWS account was compromised, giving the attacker access to a (off-chain) private key.
The contract relied on the key to mint new tokens. The hacker gained access to the key (through AWS) and with it minted as much as they'd like. It is certainly a valid take that a contract that only required the private key to mint an unlimited amount of the token isn't a good one, but you don't exploit someone's front door lock by grabbing the key from under the welcome mat.
dang.. stealing money from fools and speculators.
But guys, what you don't understand is that the code IS the contract!!! That means you don't even NEED regulation!!
The contract code said, "if you have a valid (off-chain) private key, you can mint tokens." The hacker gained access to their AWS account and ultimately their keys.
While I am happy to celebrate dumb crypto stuff, this isn't a situation where someone's code was "exploited." Their code was stupid, relying only on an off-chain private key to allow the minting of tokens. Their security was just also bad.
Yeah, people who genuinely believe that don't have any problem with smart contracts getting exploited. Of course there are people who _say_ that because it's financially expedient at the time, then change their tune. But both groups exist and this is not really a gotcha.
I dont mind smart contracts getting battle tested.
I also dont mind the whole chain coming together to vote to reverse the transaction.
I also dont mind a bunch of people being unhappy with that and forking.