Morning Minute | A Web3 Crisis Averted

TylerD's Market Summary

A crypto wallet vulnerability could have impacted millions of Coinbase and Binance users to the tune of millions of dollars, had Fireblocks not found the issue. Here's what happened and what projects need to know.

🚩 Fireblocks Prevents Major Crypto Disaster

A major Web3 security crisis may have just been avoided.

Millions of retail customers would have been impacted across Coinbase, Binance and more.

But the Fireblocks team saved the day.

Here's how things went down and what providers need to do.

What Happened?

For quick background, Fireblocks is an enterprise-focused crypto infrastructure firm that provides crypto wallet services for institutional players (among other services and products).

On August 9th, the Fireblocks Cryptography Research Team shared their findings of multiple zero-day vulnerabilities at the Black Hat USA conference.

They had found exposures in widely used multi-party computation (MPC) protocols used by Web3 wallet providers.

MPC technology was designed to avoid a single point of failure, splitting (or sharding) private keys into multiple different places and parties for safer keeping (i.e. a wallet, a wallet provider and a 3rd party).

In theory, a user who exposed the keys at just one of those parties would still be safe, as the entire combination is required to access the wallet.

Well apparently that theory was wrong, based on the exploits Fireblocks found, which they named "BitForge."

BitForge would have “allowed a hacker to extract the full private key if they were able to compromise only one device,” effectively making the MPC premise much less meaningful.

Who was impacted?

BitForge impacted major providers like Coinbase WaaS, Zengo and Binance. Thus had these vulnerabilities not been found, hackers could've drained funds from millions of Coinbase and Binance users. To the tune of millions of dollars.

Luckily Fireblocks notified the providers (Coinbase, Binance, etc.) and they have since resolved the issues before the news was made public. In fact, Coinbase was applauded for how quickly they managed & resolved the raised issues.

The exposure went far beyond Coinbase and Binance, with dozens of providers impacted.

Given the widespread reach, the Fireblocks team published a BitForge status checker. Projects can check here to find out if they might be exposed to BitForge: http://fireblocks.com/BitForge.

What are they saying?

The Fireblocks Chief Technology Officer had some strong words.

Enter Pavel Berengoltz, Fireblocks CTO and co-founder:

"While we are encouraged to see that MPC is now ubiquitous within the digital asset industry, it is evident from our findings — and our subsequent disclosure process — that not all MPC developers and teams are created equal.

Companies leveraging Web3 technology should work closely with security experts with the know-how and resources to stay ahead of and mitigate vulnerabilities. Maintaining and updating core infrastructure technologies, like Web3 wallets, is crucial in preventing thefts and attacks, which amounted to nearly $500 million in the first half of 2023."

Why It Matters

Luckily Fireblocks & their WhiteHat team found these issues before any BlackHats did.

Had an exploit hit major providers like Coinbase WaaS or Binance, confidence in the space would have been eroded even further. And if the theoretical hack had been big enough, it could have really set the space back.

A terrible look, as the big institutions are just now seemingly looking to enter crypto in size.

Crisis avoided, this time.

But this is another reminder of the minefields that exist in crypto, and the importance of wallet security. While this was at the instiutional level, it's another chance for users managing their own crypto and NFTs to double check their security standards and processes.

Be safe out there folks. 

🚚 What else is happening in NFTs?

Here is the list of other notable headlines from the day in NFTs:

• Trading volume again ticked up to 10.5k ETH on Thursday largely driven by DeGods volume; NFTs saw mostly green (other than DeGods down 25%), with BAYC back to 31 and the Milady ecosystem seeing big gains
• Larva Labs is back with the Voxelglyph NFT, inspired by their predecessor generative works Autoglyphs and Protoglyphs, providing a 2d picture of a 3d structure; the Voxelglyph will serve as a membership NFT for FingerprintDAO and can only be bought with $PRINTS which briefly surged to $2 before falling to $0.93
• DeeKay Motion's open edition on Base saw over 51,000 mints across its New Era - ETH and New Era - BTC NFTs, with about 4 hours to go before the mint closes; the piece was seemingly banned on Instagram, perhaps adding to its provenance
• DeGods shared new details around the Points Parlor on Wednesday as a part of the DeGods III update; the Parlor will feature a simple game for stakers with packs and ability to earn prizes
• A DeGods whale dumped 200 DeGods into Blur bids on Thursday afternoon along with 200 ETH worth of $DUST, sending the floor to 6.4 ETH (-25%)
• An anonymous user "nothingness321" has been transferring massive amounts of ETH, other tokens and NFTs (3 Bored Apes, 2 Mutant Apes, and 1 CryptoPunk) to the burn address and other dead addresses over the past few weeks in one of the biggest open mysteries in crypto

🌎 Around Crypto and Web3

A few other Crypto and Web3 headlines that caught my eye:

• The crypto market was down slightly on Thursday; BTC -0.6% at $29,360; ETH -0.3% at $1,846
• Rollbit (RLB) saw a new ATH yesterday over $0.2 before settling at $0.182 this morning (+20% on the day) after their new token burns have started kicking in
• PayPal's stablecoin PYUSD sees pushback as Bank of America says its unlikely to see major adoption and Congresswoman Maxine Waters says she's "deeply concerned" about it
• Bitcoin Web3 wallet Xverse raised $5M in a seed round led by Jump Crypto to enhance features for DeFi, Stacks, Lightning, and other Bitcoin scaling solutions

🚀 NFT Total Volume

• DeGods (7,017 ETH, 6.42 ETH Floor)
• BAYC (701 ETH, 31 ETH)
• Milady (676 ETH, 4.24 ETH)
• MAYC (680 ETH, 5.75 ETH)
• Pudgy Penguins (339 ETH, 4.1 ETH)

📈 NFT Floor Price Increase

• Sproto Gremlins (51%, 1.09 ETH Floor)
• OnChain Buccaneers (42%, 1.11 ETH)
• Pixelady Maker (26%, 0.17 ETH)
• SchizoPosters (24%, 0.29 ETH)
• HV-MTL (12%, 0.65 ETH)

🗓 Upcoming NFT Mints and Reveals

Today is a slower day of drops and events to end a fairly busy week.

The main event is likely the Parallel Deck drop, taking place on Base as part of Onchain Summer and priced at 0.05 ETH. Decks include 40 cards to help players get going and start earning $PRIME (+33% this month), and given very positive reactions around their game plus demand to mint on Base, this could catch some real attention.

The other event to watch is the last few hours of the DeeKay Motion open edition New Era. All eyes will be on Cozomo to see if they pull any tricks or announcements in the final hours to drive more minting (over 51k minted as of 7 am ET today).

If you want more, see the full list of today's drops from Swizzy's daily mint monitor. 

• Memes by 6529 (11:00 a.m. ET)
• Parallel - BASE Started Decks (11:00 a.m. ET)
• DeeKay Motion open edition - ends (12:00 p.m. ET)

Enjoy this write-up and/or want to sponsor the Morning Minute? Follow along with me on Twitter @tyler_did_it or reach out via email tyler.warner@luckytrader.com.

For all volume and floor price data, see Lucky Trader's Project Rankings page.

For all upcoming mints, see Lucky Trader's NFT Calendar page.