The Dumpling
Posts
a $150m decentralised hack 🥴

a $150m decentralised hack 🥴

Magic ETHen's beta, Nomad down bad, a case of 1984

Lili (QueenBao)
August 03, 2022

GM Baos.

Today is a sizzlin' news day. Queue one of the craziest decentralised hacks crypto has ever seen, followed by another one that is still a mystery :c

Today we cover:

Magic ETHen teases launch
Nomad’s treasury is drained
1984 got done

The new marketplace on the block

Magic Eden is launching Ethereum NFTs!

They begin their multi-chain conquest with the project EZU, a profile picture project by Psychedelics Anonymous. It will be the first ever project thats cross-chain mintable with ETH and SOL.

Magic Ethen (😆) will begin rolling out features for ETH NFTs this month. Early testing will include cross-currency trading tests enabling NFT purchases with SOL, ETH or credit cards.

They’ll then release their own launchpad (projects can mint on Magic Ethen), allowlist tool, and a drop calendar for notable NFT launches.

Magic Ethen.
— Magic Ethen 🪄 (@MagicEden)
4:01 PM • Aug 2, 2022

I can’t take this name seriously right now but it’ll grow on me I think. I am definitely excited about this launch though 😆

You can join ME’s Discord to get a chance at testing their private beta!

Nomad is down $150M in the most frenzied hack ever

Yikes.

You would expect a hack of this scale to be executed in a calculated and precise manner, but this was a chaotic mess over the course of an hour.

It begins with bitliq.eth, bridging 0.01 WBTC on Moonbeam and receiving 100 WBTC back on Ethereum (aka bitliq.eth paid $300 worth of bitcoin for ~$3m 😅).

Here’s what happened

Nomad pushed an update for its smart contracts that made it easy for users to spoof transactions
Users could send funds from one blockchain to another without Nomad checking the amount
Users could withdraw funds that didn’t belong to them ☠️
Any unsophisticated attacker could exploit this by changing the address of the recipient and similarly withdraw 100BTC
Around 41 unique addresses participated over the course of an hour until Nomad’s total value locked reached as low as $4k

This is insane 🤯 A professional attacker would have been able forge a message and drain Nomad’s treasury in a single transaction per asset. Check @samczsun’s tweet, head of security at Paradigm, for a more technical breakdown.

It’s truly unfortunate this happened only days after Nomad publicised its $22 million seed round…

1984 Team Breakup

Sit down Baos, we have some tea for y’all.

1984 is a pre-launch NFT project that's made a name for themselves with their colourful art on billboards.

Their founding team included Conde.eth and Alex Lin with Hichamhabchi as their main artist - carving the identity of 1984.

👀
— 1984 (@1984global)
12:48 PM • Aug 1, 2022

It's an unfortunate situation where founders can't see eye-to-eye, artists that want more involvement get denied, the whole story gets publicized on Twitter, and the NFT project that had good merit blows up (sounds like à la Weather Report right?) ☠️

Who kicked it off? 1984 went in for that first punch. 👊🏼

Fellow misfits we are at WAR.
@notalexlin CEO of Valhalla and board member of Zulu Labs invited me out for hookah and tried to get me to sign documents when I said I needed to get them looked at he threatened to freeze the art work which would halt production of 1984.
— 1984 (@1984global)
8:07 PM • Aug 2, 2022

Alex came and smashed anything that came his way with his side of the story and how the leading artist was removed from the project.

a tl;dr summary:
-I am an advising co-founder at 1984.
-Despite months of promises, post-launch, Condé abruptly decided not make @Hichamhabchi, our artist, an equal co-founder.
-Condé fired Hicham on Sunday with a 4 hour notice. Because of this, I will also resign.
2/x
— VΔL | Alex 🫡 (@notalexlin)
8:15 PM • Aug 2, 2022

But LITTLE did we (and Conde.eth 👀) know that there were going to be some wild cards that came into this. The leading artist, supporting artists, the smart contract developers, the community manager were validating the experience and/or resigning from project 1984.

Let this be a lesson learned in Web3:

Conflict resolution is a great soft skill
Reactionary actions don’t belong in business
Negotiations take time, compromise is key

Is this the end of 1984?

Likely. At least without Alex and Hichamhabchi. 👀🔥

Bao-sized news

A SOL exploit today either on Phantom or Magic Eden draining at least $6m. This happened about an hour before writing, we aren't sure yet why...
Ticketmaster is hiring a product manager for NFT ticketing tooling. NFT Ticket is just a doorstep away 🤫
Did Pak reveal himself or are we getting pranked?! Clapis tweeted “I’m Pak.”, and Murat Pak himself linked this article in response.
A16z invested $50 million into Gary Vee's VeeFriends collection for expansion.

Things that made my abs grow ever so stronger

We have KangarWu to thank for this section's new title 😉

We all know there’s at least one person in your Web3 group… If there isn’t anyone, it’s you.

Crypto bros avoiding profit
— Alan Carroll (@alancarroII)
5:13 PM • Aug 2, 2022

The real winner when there's a lottery, gg IRS.

Congratulations to the IRS on winning the $846.3 million Mega Millions Jackpot!
— John W. Rich (Fake Tech Exec) (@Cokedupoptions)
5:48 PM • Aug 2, 2022

Work by Asian Creators

Bao Zi was determined to achieve his dreams and decided to put his art pieces up as NFTs.
— Fortune Friends Club ☼ ◡ ☼ (@FortuneFriends_)
1:01 PM • Aug 2, 2022

Happy hump day, keep chugging along Baos 🥟

–Lili