#17 The Context: Are DeFi hacks inevitable?
Also: A $500 million stampede for real estate in the metaverse
Hi, hope your week has been a good one. This week we take a sideways look at a couple of themes, not least what is being done, or not being done, in preventing hacks, scams and rug-pulls. Thanks to everyone for completing the questionnaire. We’ll be closing it next week so if you haven’t completed it, please do find a minute to offer your feedback. It’ll be really helpful in figuring out what we need to do to make this newsletter as useful as possible.
As usual, a disclaimer: This newsletter collates the interesting stuff in DeFi/crypto/metaverse/web3/NFT land and offers some context (hence the name). It’s aimed at anyone who wants to keep an eye on the space but isn’t following it too closely, or is on the hunt for story ideas and angles. It’s put together by a team at YAP, and doesn’t contain any promotion of our clients (if one is mentioned, we’ll flag that).
Ping us at thecontext@yapglobal.com. Old newsletters can be found here.
[tl;dr]
DeFi lender Rari Capital/Fei lost $70 million to a hack: what is being done or can be done to make crypto more secure?
The company behind the Bored Apes Yacht Club sold more than half a billion dollars of digital real estate in a metaverse that doesn’t yet exist. Meanwhile, people are doing the opposite: using crypto to buy real-world real estate. Does either make sense in the long run?
Crypto’s biggest real-world users are in places like Argentina, where double-digit inflation is driving residents to quickly turn their underwater pesos into crypto, supported by traditional banks keen to grab some of the business. Is this where the future of DeFi lies?
[Another hack: what’s being done to fix the problem?]
An interview with FTX’s Amy Wu quotes her as saying cybersecurity remains one of the main questions asked of her by traditional finance people: “People don't feel safe in crypto. That needs to be solved. There needs to be more security software and different tooling to really help fix that issue. It's one of the biggest areas that we're looking at investing in right now.” Her point, in an interview with Coindesk isn't followed up, possibly because people have been saying the same thing for a few years now, and there's no end in sight for hacks. (This week DeFi lender Rari Capital/Fei lost $70 million to a hack, while at least $6 million was apparently lost to a phishing attack pretending to be the Otherside NFT -- see below. ) So what is the state of cybersecurity in crypto?
Most of the work has focused on auditing the smart contracts behind much of DeFi. They’ve attracted significant investment. CertiK (pronounced Certi Kay) raised $270 million in its Series B round, including from the likes of Goldman Sachs. RugDoc IO focuses on community initiatives to drive awareness and better practices, while its sister company Paladin Blockchain Security is an ‘audit shop’, especially for smart contracts. Immunefi is a bug bounty platform for web3 (the catch-all term for things in DeFi). As in normal cybersecurity hackers review code of specific web3 projects and if they find a vulnerability (the bug) they will work with the client to fix it and get paid (the bounty). Here's a piece on Immunefi from TechCrunch.
But it’s smart contract auditing that is the main line of defence. Here's a list of Smart contract auditors from BowTied Island and a recent Twitter Space dedicated to the issue. All is not sweetness and light, though: Hacken, one player in the field, says the lack of transparency among project auditors is a big problem: the growing complexity of the space, including bridges between blockchains, creates blindspots because there's no way of knowing who is responsible for key parts of the ecosystem, such as keys, minting new tokens, ensuring the tokens are properly bridged, etc. A recent report by Hacken on the state of play is here (PDF). (We’ve covered crypto security challenges in issues #15 and #12)
Crypto differs from traditional terrains when it comes to cybersecurity. Usually once the bad guy has done what he wanted to do — steal data or money, break things — he gets out, and there’s not much anyone can do. But as we’ve talked about in previous newsletters (here and here), there is a paper trail, and sometimes some of the stolen crypto can be recovered, or the transactions reversed.
Sometimes the thief is encouraged to return the funds: in the Rari Capital/Fei case, the hacker was offered a $10 million 'bounty' if they returned the funds, no questions asked. But where are the lines drawn between exploit and simply exploiting the system?
When the community around Juno accused one member of gaming an airdrop to claim more tokens than his rightful allotment, it went to a vote on whether to revoke the holder of most of his tokens, which amounted to 10% of the platform's tokens. The user, Takumi Asano, has said he is considering legal action, according to Coindesk.
[Crypto and land, both real and imagined]
Unreal estate: While much of the crypto market remains in the doldrums, the launch of ‘deeds’ for virtual land plots on Otherside—a metaverse game from the creators of the Bored Ape Yacht Club—generated hundreds of millions of dollars’ worth of NFT sales, according to Decrypt. Holders of the ApeCoin token who verified their identity were eligible to buy deeds for 55,000 parcels of virtual land in Otherside, according to Bloomberg. Plots in the yet-to-be built virtual world sold for about $5,800, excluding the 'gas' fees for recording the purchase on the Ethereum blockchain -- which as the sale overwhelmed the platform doubled the overall cost for many users. (Ethereum wasn't alone: Solana, a fast-rising alternative blockchain fell over for seven hours as demand for an NFT minting program called Candy Machine crashed the network.) According to CryptoSlam, the project has generated nearly $559 million worth of secondary market sales since Saturday evening. This is big, but does it mean that NFTs and the metaverse are now sure bets? Not necessarily: Bloomberg says that monthly sales volumes on OpenSea, the world's biggest NFT marketplace, are still down from its January all-time high. And while there have been virtual land sales before, “most have seen only a small number of users and transactions. On Decentraland, for example, the number of transactions is down 35% in the last 30 days, according to data tracker DappRadar.” (We’ve covered metaverses in issues #14 and #2)
Real estate: In \#15 we mentioned how one Silicon Valley startup is selling houses via NFTs, and in \#5 the dangers of taking out a mortgage against your crypto assets. That doesn't seem to have dented the appetite for buying real estate with crypto, according to Bloomberg's Heather Perlberg. Florida-based Milo Credit offers a new twist: “Instead of simply paying for property with tokens, borrowers pledge their digital holdings as collateral, with no down payments necessary. That enables the holders to keep their coins, avoiding taxes on capital gains and theoretically benefiting from rising values for both the tokens and the real estate.” It also heightens the risk, of course, but that hasn't dampened interest: it has issued pre-approval letters on $340 million of mortgage in the past month.
Lending in DeFi is indeed becoming more commonplace, and more varied in how the deals are assembled:
Goldman Sachs last week offered its first ever lending facility backed by Bitcoin.
MakerDAO has for some time been offering loans for real world assets, including property. There are some technical documents here and here; the FUD Letter explores some of the issues with MakerDAO's model here. (paywall)
Credolab, a company offering behavioural data to make credit scores, looks at the pros (and cons) of crypto lending, compared with TradFi. (Of course, Credolab has a dog in the fight, and wants lenders pondering adding DeFi lending services to use its behavioural models.)
[NFTs and an end to static art]
What is the future of the NFT as art? Last year Mike “Beeple” Winkelmann leapt into the art world’s stratosphere, becoming the third-most-valuable living artist with the sale of a single NFT for $69 million, according to Decrypt. His next project, a combined physical and digital sculpture, fetched a measly $29.2 million at Christie's. That, Beeple tells Decrypt, is the future: dynamic NFTs which are “canvases that can be a living, breathing document that changes over time," he told Decrypt. While a painting is a statement in time, a dynamic piece of art which could be influenced and changed over time, depending on its surroundings and those who interact with it. (Piece by freelance art critic Dorian Batycka) (More on NFTs in issues #10 and #14)
Beeple makes an interesting point: There's no need for NFT artworks to remain static. Indeed, by (more or less) solving the problem of establishing immutable provenance of a piece, that creates the opportunity for the piece itself to shift over time, depending on external factors, or those built into the NFT itself. The 'non-fungible' part of the token does not preclude the art it is tied to from shapeshifting, and for that itself to be part of the art.)
[Can crypto salve real world pain?]
How useful is crypto? Increasingly, for those living in countries with high inflation (most countries, these days, but particularly acute in Latin America: Venezuela is thought to have an inflation rate of anywhere between 250% and 1,198%), crypto is a positively comfy ride compared to the local currency.
In Argentina, for example, inflation which has passed 55% over the past year, according to The Wall Street Journal. Savvy Argentinians have learned cash their pay-checks quickly before they lose value, and hoard whatever durable items they can, from toilet paper to frozen fruit. Others pay their taxes late, knowing the government won't charge interest on an overdue bill. Many are being paid, and saving, in crypto, preferring the volatility of Bitcoin to the one-way bet of the peso.
And converting to crypto is getting easier: Argentina’s largest private bank has launched a crypto trading feature. The option has been added to the investment section of Banco Galicia’s app. Liechtenstein-based Lirium helped develop the service, working in tandem with OSL, a Hong Kong-based digital asset trading platform that began operating in Latin America last October. Lirium is also working on similar integrations with four other financial institutions in Argentina, as well as some in Brazil and Mexico. OSL said last October it was focusing on offering exchange services to professional and institutional investors in Latin America. (More on the relationship between crypto and inflation in issue #14)
The knee-jerk criticism of the use of crypto in these situations is that crypto is just as fraught as holding any real-world asset, with a lousy UX and a fluctuating value, and may leave the user holding nothing at all. But it’s clear that under certain circumstances crypto can play a key role:
Afghanistan: last week we looked at how Afghans are using stablecoins to keep their savings out of the hands of Taleban;
In the same newsletter we explored how Russian emigrés were able using stablecoins to bypass the sanction-imposed freeze on their bankcards;
so inflation-ravaged countries are a logical next step. And there are quite a few: the lowest in the top ten, Ethiopia, has a 33% inflation rate, according to this piece.
And inflation is not just a developing world problem, according to NPR. “A lot of countries are now suffering through the highest inflation in decades," one of its correspondents said. “In fact, 60% of the advanced economies in the world now have inflation that's above 5%. In more than half the developing world, inflation is over 7%."
[Tidbits]
Concern about the environmental impact of crypto's proof of work mechanism has led Wikipedia to stop accepting crypto, according to Bloomberg. The impact is more symbolic than practical: Bloomberg reported that crypto donations to Wikipedia accounting for 0.08% of its revenue.
Solana has a new intern: 14-year-old Gajesh Naik. Naik has also worked on Ethereum, Avalanche and Polygon as part of building his previous and current startups (sic). While his internship will only last four months, he plans to help improve the network's usability and composability. The Block interviews him (paywall).
Ripple, once one of crypto's most prominent companies, is still in battle with the SEC, a year and a half on, according to Decrypt. Their defence rests on arguing the SEC's crypto policy has been 'arbitrary and unclear,’ but the case will still likely focus on whether or not Ripple is a security. Unless new legislation is passed in Congress, the judge's decision is likely to prove a turning point for the industry, Decrypt's Jeff John Roberts writes. That decision won’t be made this year.
The EU's financial services commissioner has called for a global crypto agreement. In a op-ed piece in The Hill, Mairead McGuinness wrote that while crypto and the technology that underpins it "could bring great benefits to the world," it still posed risks, and fell to the EU and the US to” lead the way on a shared international approach to regulating crypto. Together, we can enable innovation in finance, while protecting consumers and maintaining financial stability."
Last week we wrote about Sam Bankman-Fried’s awkward explanation for yield farming. Here’s an effort to do a better job of describing it, courtesy of the Blockworks Newsletter.
[Reading]
In #14 we cited the International Monetary Fund's research that concluded crypto is more prevalent in corrupt states. Financial writer J P Koning has a riposte that's worth a read. His main point: “The IMF has this one backwards. Crypto doesn't fuel corruption. Rather, whatever underlying malaise is fuelling corruption is probably also fuelling crypto adoption." (Having lived in a few countries that might be considered corrupt, his argument makes sense: people turn to alternative means of saving and spending when their government doesn't provide a safe and inclusive financial system. Remittances are one example: overseas workers trying to send or bring money home are routinely fleeced by officialdom and other intermediaries.)
A look at the awkward relationship between football (soccer) clubs and crypto: Liverpool, NFTs, Klopp’s contract and the cost of competing at the very top (The Athletic). Liverpool's NFT launch has been a flop, leaving 94% of the stock unsold and those holding the token annoyed that there doesn't seem to be a proper "roadmap" for what the NFTs entitle them to. “The problem for Liverpool," the piece concludes, “is the image the club wishes to project — one primed to promote the notion that “we are Liverpool, this means more”. Even if the move into the world of NFTs had proved successful financially, did anyone involved ever stop to consider whether they were watering down a famous brand? Alternatively, if they decide to align with crypto, might it make the institution they represent seem phoney?"
This newsletter is pulled together by a team led by Jeremy Wagstaff, formerly of the WSJ, BBC and Reuters and Samantha Yap, founder of YAP Global. Other members: Ruby Wu, Roslyn Tear and Becky Corbel. Many thanks to Joey Woo for production. Any views expressed here are not necessarily those of the writers, YAP Global or its clients.