Bridge Hack, Wallet Hack

08/12/22 • 52 min

1 Listener

with @mg_486662 @riyazdf @nassyweazy and @smc90

This week’s all-new episode digs into recent high-profile hacks that took place in the crypto space over the last week -- we not only dig into what happened, including a more technical breakdown of the how and how we know -- but also cover the categories and issues specific to (and not specific to!) web3 security; as well as solutions and advice for builders.

We also touch on related trends and topics such as the role of open source; communications around hacks, as well as social media status signaling; and much more. Throughout, we try to help tease apart what’s hype/ what’s real, as well as the signal vs. the noise, in the narratives out there...

Joining host Sonal Chokshi this week are experts from the a16z crypto security team, including: security engineer Matt Gleason; CTO Riyaz Faizullabhoy; and CISO Nassim Eddequiouaq -- both of whom previously worked at Facebook, Anchorage, and Docker [Nass also appeared on an earlier episode of this show, on evolving NFTs & security, available here].

But for this episode, just to quickly recap for your context, the hacks we’re specifically covering are:

The hack of the Nomad bridge -- which connects several different blockchains including Avalanche, Ethereum, Evmos, Moonbeam, and others – with reported range of between $185-$190M stolen;
The hack of the Slope wallet -- a non-custodial, browser-based wallet that was reported to affect nearly 8000 users on Solana as well as other ecosystems -- with reported range of between $4.5-8M stolen. It occurred a week ago and Slope just posted their latest update today confirming some of the details in this episode (which was recorded a few days earlier).

As a reminder: None of the following is investment, business, tax, or legal advice; please see a16z.com/disclosures for more important information, including a link to a list of our investments.

with @mg_486662 @riyazdf @nassyweazy and @smc90

But for this episode, just to quickly recap for your context, the hacks we’re specifically covering are:

The hack of the Nomad bridge -- which connects several different blockchains including Avalanche, Ethereum, Evmos, Moonbeam, and others – with reported range of between $185-$190M stolen;
The hack of the Slope wallet -- a non-custodial, browser-based wallet that was reported to affect nearly 8000 users on Solana as well as other ecosystems -- with reported range of between $4.5-8M stolen. It occurred a week ago and Slope just posted their latest update today confirming some of the details in this episode (which was recorded a few days earlier).

As a reminder: None of the following is investment, business, tax, or legal advice; please see a16z.com/disclosures for more important information, including a link to a list of our investments.

Previous Episode

Top Tech Topics, Explained

@tim_roughgarden @josephbonneau @skominers with @alive_eth @cdixon

A tour through top-of-mind blockchain & crypto tech topics, explained by several a16z crypto researchers, including VDFs (verifiable delay functions); zk-rollups, SNARKs, and zero knowledge in general; and others. We quickly zip up and down the stack, and across themes -- such as scalability; data availability; reputation and the creator economy, also discussing applications for NFTs and more.
It is based on a conversation that took place a few months ago (on the heels of our a16z crypto research lab announcement), live on Twitter with:

Tim Roughgarden, Head of Research at a16z crypto and professor in the computer science department at Columbia University;
Joseph Bonneau, research partner at a16z crypto, who also wrote the textbook on cryptocurrency technologies, pioneered VDFs, and has taught cryptocurrency courses at several top universities; and
Scott Duke Kominers, research partner at a16z crypto and professor of business administration at Harvard Business School, and a faculty affiliate of the Harvard Department of Economics, who also advises a variety of marketplace businesses, startups, and crypto projects, and serves as an expert on NFT-related matters.
...with moderators and general partners Chris Dixon and Ali Yahya.

Be sure to also subscribe to our YouTube channel -- as well as our newsletter at a16zcrypto.substack.com -- for more related content, and videos from researchers, going deeper on the topics discussed in this episode and beyond...

---

Welcome to web3 with a16z, a show about building the next generation of the internet, from the team at a16z crypto -- this show is for anyone (whether researcher, developer, engineer, artist, company leader, community manager, entrepreneur or other builder) -- seeking to understand, and go deeper on all things crypto and web3: towards a decentralized, community-owned, and creator-owned internet.

Next Episode

Crypto Regulations, Illicit Finance, Privacy and Beyond

with @michelekorver @jai_ramaswamy @smc90

We tease apart the facts vs buzz around recent news -- that the U.S. Treasury sanctioned Tornado Cash for allegedly laundering proceeds of cybercrimes, and then later the Dutch Fiscal Information and Investigation Service stated that they arrested a suspected developer of Tornado Cash Tornado Cash -- including what's novel and what's not here, as well as the broader regulatory and compliance backdrop.

But we also share an evergreen explainer that goes well beyond recent events, to help crypto founders and others navigate various regulatory and compliance requirements for builders... while still ensuring innovation.

The first third covers a ton of analysis beyond the news around Tornado Cash -- from broader backdrop to specifics to players to what's novel or not in recent actions; as well as going into the differences between sanctions and national securities laws, to civil enforcement actions, criminal liability and money laundering, and Bank Secrecy Act (BSA) and anti-money laundering (AML) program compliance requirements.
We then do a brief interlude on the difference between obfuscating vs privacy preserving technologies, and why that matters in the big picture.
And then the SECOND half of the episode dives deep into understanding and navigating compliance and legal for builders, covering: different frameworks, principles, common myths & misconceptions; when and how to resource (tooling to hiring); a lightning-round primer on the alphabet soup of governmentt entities relevant to this space; advice for BOTH entrepreneurs & government agencies on engaging with each other
and much, much more... that’s all in the second half of the episode.

Our expert guests (in conversation with Sonal Chokshi) are:

Michele Korver, head of regulatory at a16z crypto, former federal prosecutor who was also at the Department of the Treasury’s Financial Crimes Enforcement Network as their chief digital currency advisor; she also spent time in the U.S. Departmentt of Justice, where she was the first dedicated subject matter expert in cryptocurrency-related prosecutions and forfeitures; and
Jai Ramaswamy, chief legal officer at Andreessen Horowitz, where he oversees legal and compliance; he was also formerly chief risk and compliance officer at cLabs, which launched the decentralized protocol Celo; Jai also headed (or advised) on AML compliance & risk management at major banks (Capital One, Bank of America); and previously spent over a decade in government including significant time in the U.S. Department of Justice criminal division, where he focused on cybercrime, asset forfeiture, and money laundering.

As a reminder: None of the following is legal, business, investment, or tax advice; please see a16z.com/disclosures for more important information, including a link to a list of our investments.