# I, Degen - E14: All Eyes On Ethereum - How to stay safe during the merge - 9/11/2022 [![hackmd-github-sync-badge](https://hackmd.io/Pz67KecbRkSq21SYBWY3ig/badge)](https://hackmd.io/Pz67KecbRkSq21SYBWY3ig) ::: info Listen at: idegen.fm ::: :::success Contact us: [@idegenfm](https://twitter.com/idegenfm) ::: #### Intro Welcome to I, Degen - A podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we dig into a weekly look at crypto, cutting through the misinformation and hype in search of signal in the noise. #### Episode Summary All eyes are on Ethereum - we are now less than four days out from the merge. We’ll talk about some possible scenarios the merge might bring and what you can do to stay safe during the merge. We’ll also look into recent updates on the Tornado Cash sanctions, a new report on fraudulent crypto trading volume, and other crypto security-related news. # I,Degen - Weekly ### Cryptosphere 1. From August 23rd, [SudoRare, a LooksRare clone rugs 820K after just 6 hours of operation](https://thenewscrypto.com/sudorare-nft-marketplace-executes-rug-pull-hours-after-launch/) Rugged funds likely moved to a KYC'd address on Kraken. > SudoRare, an NFTplatform that forked from SudoSwap and LooksRare, is just the latest crypto project to run off with users' funds. The project also deleted all of its social media accounts Tuesday morning. - [](https://decrypt.co/108051/nft-project-sudorare-disappears-roughly-520-ethereum-user-funds) 2. Coinbase launches Liquid Staked derivative (LSD) cbETH ahead of the merge - [[1](https://cointelegraph.com/news/coinbase-introduces-wrapped-staked-eth-asset-ahead-of-the-merge)][[2](https://www.reddit.com/r/ethereum/comments/wwp0ka/coinbase_staked_eth_whitepaper/)][[3](https://www.thedefiant.io/coinbase-launches-cbeth)] 3. [Earn 1 MIL if you can find a good bug in Ethereum before the merge](https://decrypt.co/108168/ethereum-bug-before-merge-could-earn-million-dollar-reward) 4. August 26th, 2022 - [Tailiban Outlaws Crypto in Afganistan and begins arresting sellers that refused to comply](https://finbold.com/taliban-outlaws-crypto-in-afghanistan-and-starts-arresting-token-traders/) [Bloomberg article](https://www.bloomberg.com/news/articles/2022-08-26/taliban-ban-crypto-in-afghanistan-arrest-digital-coin-dealers) 5. [Password managment first LastPass had it's developer systems hacked to steal source code](https://www.reddit.com/r/programming/comments/wxx674/password_management_firm_lastpass_was_hacked_two/) 10. [According to Forbes, more than 1/2 of all Bitcoin trades are 'fake'](https://www.forbes.com/sites/javierpaz/2022/08/26/more-than-half-of-all-bitcoin-trades-are-fake/?sh=7e993e0a6681) > The U.S. Commodity Futures Trading Commission defines wash trading as “entering into, or purporting to enter into, transactions to give the appearance that purchases and sales have been made, without incurring market risk or changing the trader's market position.” The reason why some traders engage in wash trading is to inflate the trading volume of an asset to give the appearance of rising popularity. In some cases trading bots execute these wash trades in tokens, increasing volume, while at the same time insiders reinforce the activity with bullish remarks, driving up the price in what is effectively a pump and dump scheme. Wash trading also benefits exchanges because it allows them to appear to have more volume than they actually do, potentially encouraging more legitimate trading. "Fraudulent or non-economic" >The biggest problem areas regarding fake volume are firms that tout big volume but operate with little or no regulatory oversight that would make their figures more credible, notably Binance, MEXC Global and Bybit. Altogether, the lesser regulated exchanges in our study account for approximately $89 billion of the true volume (they claim $217 billion). On Forbes method: > We apply volume discounts based on a proprietary methodology that relies on 10 factors such as an exchange’s home regulator if any and volume metrics based on an exchange’s web traffic and estimated workforce size. So, private trading firms numbers are being grok'd by proprietary methodology. Worth note, the Bitwise Study from early 2019 said 95% of BTC trading was fake... so it's getting better. [In case you're interested in this topic, another nice paper from 2019 that talks about fake BTC trading](https://www.sec.gov/comments/sr-nysearca-2019-01/srnysearca201901-5574233-185408.pdf) 7. spoiler! -[New Netflix show on John Mcafee rasies questions about his death](https://www.reddit.com/r/CryptoCurrency/comments/wwkahh/john_mcafees_exgirlfriend_claims_he_faked_his/) - supposedly he called his ex-gf after his 'death' to say he faked it. 8. [Australia Establishes Federal Crypto Police ](https://finance.yahoo.com/news/australia-establishes-federal-crypto-police-060537077.html) > Launched in August, the unit will help combat crypto criminals by targeting their assets and providing investigative tracing capability and insight to other AFP authorities > The new crypto unit will operate as part of its Criminal Assets Confiscation Taskforce (CACT), which has been seizing illicit crypto funds since 2018, but without a dedicated standalone team > The Australian Federal Police have confiscated over AU$600 million (US$408 million) in illicit funds and property since 2020, and **though the amount of crypto funds seized were small compared to “traditional” criminal assets**, the additional focus helps provide intelligence insights 9. [Solana didn't go down this week](https://www.reddit.com/r/CryptoCurrency/comments/x73wf0/solana_would_have_had_another_network_outage_or/) - high TPS spike that might have caused a network outage before, didn't cause one this time. 10. [September 5th withdrawals frozen at crypto mining firm Poolin because of a lack of liquidity](https://www.theblock.co/post/167850/withdrawals-frozen-at-crypto-mining-firm-poolin-amid-liquidity-problems) - From theBlock. > Poolin, one of the world's biggest crypto mining pools, is suspending bitcoin and ether withdrawals from its wallet service due to "liquidity problems." And now, from September 9th [Bitcoin hash rate cut in half as miners leave](https://bitcoinmagazine.com/markets/poolin-bitcoin-mining-hash-rate-cut) > This is significant because 1) Poolin is a China-based mining pool service, operating in China after the mining ban, and 2) the pool was estimated to have roughly 10% of the hash rate before withdrawals were suspended. 11. [Flash Loan used against single NXUSD market on Nerus](https://medium.com/nereus-protocol/post-mortem-flash-loan-exploit-in-single-nxusd-market-343fa32f0c6) > At approximately 10:30PM UTC on September 6th, the Nereus team notified the community of an incident through the community discord; this was later picked up by CertiK and other on-chain analysis groups and reported broadly as a flash-loan exploit resulting in a $371k gain. > An exploiter was able to deploy a custom smart contract and that leveraged a $51M flash loan to manipulate the AVAX/USDC Trader Joe LP pool price for a single block resulting in the ability for the exploiter to mint 998,000NXUSD against ~$508k worth of collateral. > In the hours that followed, Nereus quickly consulted security experts, developed a mitigation plan, and notified law enforcement to support efforts. In response, the Nereus team has mitigated the exploit by liquidating and pausing the exploited JLP market. > The team has also paid off the bad debt using NXUSD from the Team’s treasury. No users funds are at risk, and NXUSD continues to be over collateralised. > In addition, no part of the lending and borrowing protocol was ever at risk. 12. Tornado Cash Sanctions Update * 1) [Coinbase Bankrolls Suit Against Treasury Department over Tornado Cash Sanctions](https://www.cnbc.com/2022/09/08/coinbase-bankrolls-suit-against-treasury-department-following-tornado-cash-sanctions.html) - Basis/premise is that OFAC is overstepping because a smart contract is not a person or org. * This CNBC article is quoting the '7B laundered using TC' which as we've discussed is not an accurate number. * some members of the suit have coins locked in TC * 2. [Base Layer Neutrality Sept 8th, from Paradigm](https://www.paradigm.xyz/2022/09/base-layer-neutrality) * > On August 8, 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) added certain Ethereum addresses associated with Tornado Cash, an open-source privacy protocol on Ethereum, to the Specially Designated Nationals and Blocked Persons List (SDN List).2 Since the announcement, many participants in crypto’s base layer have expressed concern that they could be required to monitor or censor blocks involving SDN List addresses to comply with sanctions, jeopardizing the neutrality of the base layer and compromising its integrity and core functionality. However, we believe that under current OFAC guidance, base layer participants are not required to monitor or censor these addresses as part of a risk-based sanctions compliance program. * > Specifically, while the application of sanctions law to decentralized blockchain systems and smart contracts presents novel legal issues, we believe the Tornado Cash sanctions and blockchain address sanctions imposed to date should not require blockchain technology infrastructure providers including builders, pool operators, relays, searchers, sequencers, and validators to monitor or censor transactions that involve blocked addresses. * 3. Tether will not block Tornado Cash addresses (yet) [[1](https://gizmodo.com/crypto-tether-stablecoin-tornado-cash-sanctions-1849450706)] * 4. [[1. Tornado Cash dev Alexey Pertsev alleged links to Russian FSB](https://fortune.com/2022/08/25/tornado-cash-developer-russian-fsb-linked-company/)] [[2. - The Actual Report](https://brief.kharon.com/updates/ceo-of-sanctioned-crypto-mixer-arrested-was-employed-by-company-linked-to-russia-s-fsb/)] [[3. - US Treasury Press release from 2018](https://home.treasury.gov/news/press-releases/sm0410)] >Digital Security was designated pursuant to E.O. 13694, as amended, for providing material and technological support to the FSB. As of 2015, Digital Security worked on a project that would increase Russia’s offensive cyber capabilities for the Russian Intelligence Services, to include the FSB. *Alexy worked at Digital Security in 2017 17. August 29th, [Solana DeFi Exchange Optifi Bricks Itself By Running Solana Shutdown Program Command During Upgrade and Loses 661K](https://decrypt.co/108585/solana-defi-exchange-optifi-bricks-itself-loses-661k) ![](https://hackmd.io/_uploads/Byfr7_5ei.png) [@OptifiLabs](https://twitter.com/optifilabs?lang=en) - > 95% of the inaccessible crypto funds were held by a member of the team. - They are returning the remaining funds to customers ### Other Stories of Interest 1. [Capitalsim can not survive the signularity](https://brettking.medium.com/capitalism-can-not-survive-the-singularity-44363c44a845) - Crypto vs AI? # I, Degen - Weekly Deep Dive - All Eyes on Ethereum - What need to stay secure during the merge **Respond, Don't React - It could get crazy, don't panic.** Should I move my coins to an exchange? No, why would you? 1. ETHPoW Fork led by Chinese miner Chandler Guo has confirmed it will use a unique chainID, this means replay attacks shouldn't be an issue. What is a replay attack? What about other forks that don't change their chainID? Don't interact with them if you want to be safe. If you're really concerned consider not making any mainnet ETH PoS transactions immediately after the merge as well as those TXs could be replayed on one of these random forked chains. Of course, the worst case would be that your TX from mainnet can be replayed on the random forked chain which wont affect your mainnet/real assets. [Some info from Decrypt on what to expect with NFTs around the merge](https://decrypt.co/108862/what-ethereum-merge-means-for-nfts) 2. General confusion and scams likely - be careful if you're interacting with an exchange or NFT market place that supports one or more forked ETH chains. Best bet is to stick to reputable exchanges who are unlikely to even support ETHPoW. True PoW heads will likely just stick with ETC right? 3. Various apps and protocols both centralized and decentralized have said they will pause some or all elements of their protocols around the merge just to be safe. This could cause unexpected issues even if the merge it self goes off with out a hitch. **If you’re a hacker or trader looking for an edge, the merge will likely offer some attractive, once-in-a-lifetime style opportunities.** **If you're not an advanced user and willing to take on the high risk, your best best is to do nothing.** # I, Degen - Other Random Stuff Reminder guys, never take yourself too seriously. This is pretty funny... ![](https://hackmd.io/_uploads/HkEKTSckj.png) # I, Degen - Personal Hack Attempt of the Week Email enumeration for Zeevo ![](https://hackmd.io/_uploads/rywdIET1o.png) What's going on here? Either bot building a list for marketing spam or email address enumeration for phishing attack? What's not show in the screen shot is email addresses they were sending too. They were not random but instead lined up with accurate shortend verisions of my name. That would imply manual operation behind the probe or that the data was scraped and fed to a bot. I kind of suspect the latter and have a hunch it was from Angel list's website but that's just a guess. [[[Outro]]] :::warning We do our best to report accurately on the topics we discuss but we're not always going to get everything right. Please comment here or reach out to us @idegenfm with corrections or comments! :::