(Just wanted to first point out that in any normal industry this would have been the talk of the town for months, but in crypto, we already are forgetting about it 4 days after it happened given the other amount of things happening. Crazy).
So, what happened?
Outcome: somewhere between $150M and $300M of funds stored in Parity Multisig wallets are now lost (or more specifically inaccessible) . The latest guesses are around 151 wallets with their balances being 513,743 ETH or $152 million in total.
Background: Parity Multisig wallets are deployed as Ethereum contracts. In July, a hacker exploited the contract and stole around $30M (at the time) worth of Ether. Whitehats came to the rescuse fast and saved quite a lot more. Parity released a fix, a new version of its library, and all new multisig wallets deployed after July 20th now reference that library (like calling a js script).
Well turns out that even this contract had a pretty giant security bug. According to Parity "it was possible to turn the Parity Wallet library contract into a regular multi-sig wallet and become an owner of it by calling the initWallet function."
How: some random newbie who says s/he was trying to learn (but others speculate was trying to find funds in unsecure contracts) became the owner of the contract by calling the function.
Then, they probably panicked and sent a "kill" function. This has rendered the library unusable and all the wallets that used the library are now f*****.
Who's affected: as we were saying, there are around 150 wallets affected. Ironically, the biggest wallet affected was that of Polkadot, a project developed by Gavin Wood and the parity team.
Solutions: not many really. There are a few scenarios: 1) all the money is lost. 2) BIP156 is implemented somehow and the funds are restored 3) an ad-hoc fix is implemented in one of the already planned hard-forks.
To me, #1 looks like the most probable. Our thoughts: we wish we had more time to organize our thinking around such an interesting and important development in the space.
But there are a few easy takeaways: 1) Smart contract development is hard! It's still software development, with the added complexities of it being a completely new world AND one where you can't change what you deploy. Hardware engineers must be rejoicing all over the world (maybe that's where we should be looking for devs.. 🤔).
Parity is probably one of the few shops able to develop complex smart contracts - I mean, Gavin invented Solidity - and they can obviously get it wrong (multiple times).
Does this mean Ethereum suck? Not in our view. Solidity is a complicated language, and it doesn't make it extremely easy but it can always be improved and we can still make up new languages that compile to the EVM. We did have Serpent, Mutan and more at one point.
This to me shows there are multiple opportunities: - creating tools for more secure smart contract frameworks - creating competing multisig wallet tools - black hat hacking of unsecure fund-holding contracts
2) The ETH hard-fork set a precedent and now everyone is wondering what is going to happen here. We don't have predictions nor particular ideas, we'd like to see what the community consensus is - but we don't think there are the conditions for an ETC-like split with all the options on the table.
3) The most interesting thing to me is the relationship between Vitalik and Gavin. I've always been fascinated by this and can't wait to see how this one will play out.
Gavin Woods was one of the early additions to the Ethereum team (and got the founder title) but left in 2016 when the foundation was short on funds to create Parity. In his goodbye post he doesn't mention Vitalik, and I've always felt a HUGE tension behind the two.
Now we get to see if there is some sort of power struggle, given that Gavin's interests are pretty big this time around.
4) DO. NOT. FINANCE. MEGA. ICOs.
The web3 foundation issued a very short post saying that the loss of almost $100M DOES NOT AFFECT THEIR ABILITY TO DEVELOP POLKADOT.
So, if removing $100M from their wallet doesn't affect the delivery of the project, why in the world did they need it? AND, more importantly, what were they going to do with it?
This is just a reminder that my opinion on these types of ICOs is that they are pure money-grabs and that there is no reason to finance with so much money such early stage projects. Bringing a software product to market can cost $200k, $1M, maybe $5M if it's really complex and takes a lot of time, but when you start talking 8 figures, we get into "scaling" area - which should ideally be supported by the project's token reserves (as to have everyone aligned in the growth of the token).
We have usually shun away from covering the politics of Bitcoin here, because our interest is mostly around bringing new products and innovations to market.
But Bitcoin is the OG, it is my first love and it is, today, the only really used and functioning decentralized application (which appears to be more like digital gold than digital cash at the moment).
We could write books on the fork wars, as many people on Twitter seem to be doing (worryingly, many of the Core developers and BCH proponents too - when ideally they should both have much more important things to do).
This has been one of the most intense trading weeks in the history of Bitcoin.
It all started with the announcement that there was not going to be a Segwit2x hardfork anymore.
This sent Bitcoin's price all over the place, with sellers getting out because they just wanted a free dividend and buyers now more convinced about the future of Bitcoin.
Then, it became clear that the B2X faction, had "migrated" and started to support Bitcoin Cash (the coin that forked when Bitcoin implemented Segwit).
Now, consider the following, which for me are the most interesting part: - Bitcoin Cash claims to fulfill Satoshi's original vision and is markedly against Segwit - The B2X faction was what prompted Core to implement Segwit on BTC as a compromise after a long power war and the famous New York Agreement - Now Bitcoin has Segwit - But all the B2X people have moved to a coin that doesn't have Segwit, and is vehemently against it (as it breaks the Nakamoto consensus)
I don't think this was 100% planned, but if it was, it could have been one of the most masterful "plays" ever, as now Bitcoin has implemented a solution that isn't really supported by anyone (many Core devs where completely against Segwit for a long time) and has still unsolved scaling issues.
All of this while the markets were going crazy, Roger Ver sent 25k BTC to Bitfinex in plain sight, the Bitcoin mempool was being spammed, and on Twitter the personal attacks were constants.
So, where do we go from here? No one knows. A vast majority of users seems to be confident that Bitcoin will stay Bitcoin and that the Bitcoin Cash price rise is just a pump-and-dump scheme by a few whales and miners (Bitmain and co), and that given their software has no development and little support it will die off. Meanwhile BCH supporters think that BCH will just drop the "Cash" part and become Bitcoin in less than 6 months, as they are both fulfilling Satoshi's vision while providing on-chain scaling mechanisms.
The only thing we know for sure, is that this is not over and it will make for an interesting week ahead, as if we had any need for more things to happen.
Mandatory disclosure: I own both BTC and BCH, having gotten the latter through the fork obviously, and having never had either leave my cold storage (which will probably not happen for at least 10 years on both coins + all the other ones we'll get through other forks) or bought any of the two after the fork.
If you are a hodler like me, you have the privilege of watching it all from the sidelines, without any particular incentive for anyone to win the war (other than not destroying the whole thing, obviously - which actually is a major concern).
Unfortunately, it is pretty hard to form sound opinions from the sidelines, as we do not have all the information we need and it is clear that miners, developers and whales have WAY more power than Satoshi's original vision. I think this will become more and more of a problem in the future and maybe an opportunity for a few coins to try and address this.
A confused, funny, creepy letter from Rick Falkvinge (of Pirate Party fame) where he jokingly claims to be Bitcoin Cash's CEO and proclaims its values.
I think it's still a must read.
🇵🇹 Back from Websummit
We are back from an intense week in Lisbon for the Websummit. We will be back!
The conference itself attracted 60k+ people, the streets of Bairro Alto were crammed with badge holders until the early hours in the morning. A clear sign that European tech is booming and it's attracting interest from all over the world.
There were half a dozen talks focused on crypto, although with 20 minutes allocated to each they barely manage to scratch the surface and there was not much to learn unfortunately. Amongst the startup booths we saw a dozen or so blockchain / crypto projects, some of which we had not heard of, including the odd one pushing a questionable ICO by giving out fliers for 5% discount in the token sale.
The highlights for us were two: - we organized a crypto tapas session on Tuesday evening with the help of our man on the ground Mathias and well north of 50 people showed up over the course of the evening, including Joe Lubin himself and many other founders and investors in the space. - we got hand delivered a copy of Jack Tatar and Chris Burniske's new book with a lovely message from Chris.
Albert Wegner is clearly thinking long and hard about the governance of decentralised systems.
He's picked up on last week's YC post about forking as the evolutionary mechanism for blockchains, making a case for the alternative, less disruptive way i.e. on-chain voting for protocol upgrades or meaningful state changes (e.g. Tezos, Decred).
We would add a third way, beyond forking or on-chain voting, provided by off-the-shelf governance protocols such as Aragon.
Bonus I: Muneeb from Blockstack goes through how they've designed their token sales to optimize it for transparent checks & balances and public good in Governance models for crypto tokens.
Quite a lot of juicy posts last week on the threat posed by tokens and ICOs to the traditional venture model.
A special mention to Tom Tunguz of Redpoint, who's made a fame for himself in the saas venture space for the most data oriented blogger. This time he covers ICOs, showing how they have been eating through traditional Series A funding this year.
We've expressed our views on ICOs multiple times. They certainly have been "novel and important mechanism for crytpocurrency based startups to raise capital" so far, and may continue to be until the market remains irrational and regulators get their heads around. However we expect innovative issuance mechanisms to emerge that do not necessarily involve selling tokens, to the point that in a few years time we may not even be talking about ICOs as we know them today.
WETH is an ETH wrapped in an ERC20 like structure.
This is needed in many apps that use a number of ERC20 tokens, as Ether is not ERC20 compliant itself.
Now 0x is proposing a standard implementation of a WETH so that every dapp can use the same. They are supported by Augur, district0x, Ethfinex, Gnosis, Maker, Melon, Paradex, Radar Relay and The 0cean and are calling for others.
This is one of the saddest news of the week. Mark Karpeles, the former Mt.Gox CEO, in a twisty reversal could end up getting close to a $1B from the big mess he created (and that's not even counting the BCH that have been generated in the meantime!).
In short: - Mt.Gox will probably be required to pay its creditors the fiat value they were holding. - They will do so by selling the assets they have (BTC). - If there are more assets, these will go to the shareholders. - There are waaaay more assets now that BTC has risen so sharply in price from the old Mt.Gox days AND Karpeles is the major shareholder through a company.
Bram Cohen, the inventor of BitTorrent himself, is "now doing cryptocurrency stuff" as per his Twitter bio.
He has teamed up with Ryan Singer (ex COO of early bitcoin exchange Tradehill) and just raised a seemingly highly contested seed round for Chia Network, a new take on bitcoin aimed at solving miner centralization and the environmental impact of mining via PoW.
The way they aim to achieve that is via a novel two-step proof of space and time consensus algorithm, that Vitalik and Bram debated on Twitter (while we were all scratching our heads).
This is an obvious use case for a decentralized architecture.
Gems is a protocol for contracting workers built on top of Ethereum that aims to eliminate central fees and the efficiencies of the consensus by redundancy model typical of centralized micro-task marketplaces such as Amazon Mechanical Turk.
Both workers and verifiers will have to stake tokens on the validity of their work, thus penalizing bad actors.
Gems is exciting as it could at scale onboard the unbanked masses onto crypto, while giving a sneak peak at what the future of work in a decentralised world could look like, with some labour markets built on it potentially offering guaranteed minimum wage.
We've bookmarked the whitepaper as we heard it's a great read.
Two founders whose previous experience involved exotic car rentals in Miami, launch a dubious new endeavour and raise $32 million in an ICO heavily promoted by the likes of Floyd Mayweather and DJ Khaled, while the media picked up on the third founder and CEO not even being a real person. They then get indicted on perjury charges and resign from the company, with at least one of the two retaining a stake.
The SEC keeps the pace up on their evaluation of the crypto space.
This time the SEC Chairman himself Jay Clayton warns about the risk of price manipulation and fraudulent trading practices common to ICOs when insiders and management have immediate liquidity.
He also promised more clarity on standards for listing tokens on exchanges (GDAX standards last week where timely), on valuing tokens (this will be interesting to see) and on investor protections.
In an unscripted remark, according to the WSJ, he was also heard saying:
“I have yet to see an ICO that doesn’t have a sufficient number of hallmarks of a security. [...}. When you depart from the bitcoin or the ethereum, and you get into the tokens, the hallmarks become pretty clear”.
Interesting footnote at the end of his remarks: "My words are my own and do not necessarily reflect the views of my fellow Commissioners or the SEC staff."
A heavy hand coming? We are hearing something is on its way...
Germany’s financial regulator, BAFIN, has published the usual consumer warning on ICOs, listing all the possible risks associated with them. They cared to warn authorities about taking action against cases of fraud, money laundering and terrorist financing.
Apparently more detailed info on ICOs will be released by BAFIN on November 15th.
The Reserve Bank of India has eventually made it clear that virtual currencies won’t be allowed in the country “for any payments and settlements". Which on the face of it does not prevent people from buying and selling crypto currencies as an asset class (that would have been a big market removed from the demand side).
The RBI keeps the door open for the underlying blockchain technology, which is already in use by some Indian banks to power remittances and international transfers.
This is behind the FT paywall, so we'll TL;DR it here.
The key point is that regulators and governments are realising crypto currencies are hard to ban.
- As Chinese exchanges were ordered to shut down, more trading activity has shifted towards private OTC markets (often powered by messaging platforms such as Wechat or Telegram): the RMB share of bitcoin OTC trades has risen from 5% in September to 20% in October.
- It's tougher for Chinese miners though, for which OTC markets are too thin and inefficient to offload their proceeds. They may have to relocate their operations.
- Investors can still participate in foreign ICOs, despite facing more stringent KYC requirements.
- As projects that raised via ICOs gear up to return funds, there is an artificial short term demand for bitcoin (and ethereum) as the government has ordered to refund investors in those currencies.