# I, Degen - E15: Wintermute's 119 Million Dollar Key Generation Lesson - 9/20/2022 ::: info Listen at: idegen.fm ::: :::success Contact us: [@idegenfm](https://twitter.com/idegenfm) ::: #### Intro Welcome to I, Degen - A podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we dig into a weekly look at crypto, cutting through the misinformation and hype in search of signal in the noise. #### Episode Summary In this episode, we hunt for Do Kwon and look at the White House's comprehensive framework for the responsible development of digital assets. Then we look into Wintermute's 119M key generation issue. We discuss emerging post-merge Ethereum narratives and the Omni bridge replay attack. We also get into an IRL customs scam for our hack attempt of the week. # I,Degen - Weekly 1. 9/14/22 - [South Korean Court Issues Arrest Warrant for Terra Luna founder Do Kwon](https://thecryptobasic.com/2022/09/14/south-korean-court-issues-arrest-warrant-for-terras-founder-do-kwon/) [[2](https://www.ft.com/content/7a8f63e8-b337-4685-81fb-36054b05f651)] >The wanted crypto developer Do Kwon, who is accused of fraud by investors following the $45 billion (€45 billion) collapse of his cryptocurrencies Luna and TerraUSD, is reportedly trying to evade South Korean authorities. > Prosecutors have accused Kwon of financial fraud, **arguing that his terraUSD stablecoin was a kind of investment security under South Korea's capital markets act** [2] > Kwon moved from South Korea to Singapore, where the now defunct stablecoin issuer Terraform Labs, which he co-founded, has a base. However, Singapore Police Force said on Saturday he is currently not in the city-state. >South Korean prosecutors told Bloomberg in a text message on Monday that there has been "circumstantial evidence of escape" since he left Singapore. The media outlet said prosecutors declined to comment on whether the office knows of Kwon's whereabouts or if it will contact the international police agency Interpol. >Last week, Kwon was charged with violating the Capital Markets Act, and an arrest warrant was issued for him and five allegedly connected to the case who were believed to be in Singapore. [--EuroNews](https://www.euronews.com/next/2022/09/19/arrest-warrant-issued-for-do-kwon-the-man-allegedly-behind-the-45-billion-terra-luna-colla) 2. [White House Releases Comprehensive Framework for Responsible Development of Digital Assets](https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/16/fact-sheet-white-house-releases-first-ever-comprehensive-framework-for-responsible-development-of-digital-assets/) > Over the past six months, agencies across the government have worked together to develop frameworks and policy recommendations that advance the six key priorities identified in the EO: consumer and investor protection; promoting financial stability; countering illicit finance; U.S. leadership in the global financial system and economic competitiveness; financial inclusion; and responsible innovation. > The nine reports submitted to the President to date, consistent with the EO's deadlines, reflect the input and expertise of diverse stakeholders across government, industry, academia, and civil society. Together, they articulate a clear framework for responsible digital asset development and pave the way for further action at home and abroad. **Protecting Consumers** > Still sellers commonly mislead consumers about digital assets' features and expected returns, and non-compliance with applicable laws and regulations remains widespread. One study found that almost a quarter of digital coin offerings had disclosure or transparency problems—like plagiarized documents or false promises of guaranteed returns. >The reports encourage regulators like the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC), consistent with their mandates, to aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space. >The reports encourage Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC), as appropriate, to redouble their efforts to monitor consumer complaints and to enforce against unfair, deceptive, or abusive practices. >The reports encourage agencies to issue guidance and rules to address current and emergent risks in the digital asset ecosystem. Regulatory and law enforcement agencies are also urged to collaborate to address acute digital assets risks facing consumers, investors, and businesses. In addition, agencies are encouraged to share data on consumer complaints regarding digital assets—ensuring each agency's activities are maximally effective. > The Financial Literacy Education Commission (FLEC) will lead public-awareness efforts to help consumers understand the risks involved with digital assets, identify common fraudulent practices, and learn how to report misconduct. **Advancing Responsible Innovation** > The Office of Science and Technology Policy (OSTP) and NSF will develop a Digital Assets Research and Development Agenda to kickstart fundamental research on topics such as next-generation cryptography, transaction programmability, cybersecurity and privacy protections, and ways to mitigate the environmental impacts of digital assets. Quite a bit more to the report. **And the Forbes Headline reads....** [Joe Biden Just Sent A Stark Warning To Bitcoin And Crypto After $2 Trillion Price Crash](https://www.forbes.com/sites/billybambrough/2022/09/17/joe-biden-just-sent-a-stark-warning-to-bitcoin-and-crypto-after-2-trillion-price-crash/?sh=fcde60a406f9) What is your narrative? What do the machines think? ![](https://hackmd.io/_uploads/HksEsSPbs.png) ![](https://hackmd.io/_uploads/ry_cjSwWi.png) 3. (June 9th, Wintermute OP issue)[https://rekt.news/wintermute-rekt/] and now this.. ()[https://rekt.news/wintermute-rekt-2/] [Let's start with a story that broken on September 14th. 1Inch, a dex aggrator protocol's community discovered an issue with Profanity, a Ethereum address generator tool](https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c) Even worse, [the possibility of this issue was raised on the Profanity Github](https://github.com/johguse/profanity/issues/61) on January 17th, 2022. Why didn't Wintermute act when the Profanity issue was raised with proof six days ago? Well, the did: > Around the time that the disclosure happened, Wintermute removed all ether from an [admin address](https://etherscan.io/tx/0x93716f3e3a9e3f47dec05b4df511e07e53b3e4695e84cd4f05f5d83188f3552a) which suggests that they realized it might have been vulnerable. However, they forgot to remove this address as an admin from their vault. > The attacker is likely a seasoned hacker/solidity developer. They created a helper contract, deposited stables into curve to avoid blacklisting, and figured out this vulnerability in a closed sourced vault contract in the first place. --[Mudit's Blog](https://mudit.blog/wintermute-muted-in-crypto-winter/) > The stolen funds were mostly various stablecoins, totalling $118.4M. The majority of these were deposited into Curve's 3pool, presumably in an attempt to avoid any blacklisting. > The exploiter is now the 3rd largest holder of 3CRV with over 13% of the supply. # I, Degen - Deep Dive Reflecting on the merge ETH? ### Ethereum itself Social Attacks - Narrative-based attacks in crypto. We tend to think about FUD as a person or small group spreading disinformation, but with crypto it seems we have more large-scale coordinate narrative-based attacks. For example, ["Only 2 addresses control 46% of all ETHs PoS" - Santiment Tweet](https://twitter.com/santimentfeed/status/1570339602346684416) ![](https://hackmd.io/_uploads/HJGLZ5wbs.png) --[Beaconcha.in](https://beaconcha.in/pools) >Flashbots does build the vast majority of relay blocks... but all relay blocks only make up [less than 20% of the network](https://www.mevboost.org/) ... so, it's missing the much more interesting point, which is that surprisingly few validators are using MEV Boost at all. --[r/Ethstaker](https://www.reddit.com/r/ethstaker/comments/xiwkd7/comment/ip5mrke/?utm_source=share&utm_medium=web2x&context=3) However: ![](https://hackmd.io/_uploads/H1dh7cvbs.png) - [Debate rages over ETH as a security post merge](https://cryptoslate.com/ethereum-security-question-rages-post-merge/) > Gary Gensler said cryptocurrencies that allow staking could qualify as securities under the Howey test. ### Larger Ecosystem Impact - ETC Hash Rate ![](https://hackmd.io/_uploads/SJlSitPbi.png) - [Omni Bridge Replay attack on ETHPoW & price plummets 37%](https://decrypt.co/110023/ethereum-fork-ethpow-suffers-bridge-replay-exploit-token-tanks-37) - The root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn't correctly verify the actual chainId of the cross-chain message.--[From BlockSec](https://blocksecteam.medium.com/reveal-the-message-replay-attacks-on-ethereumpow-64e4feee991c) >According to the security researchers, the attacker first transferred 200 WETH through the Omni Bridge and then replayed the same message on the PoW chain, getting an extra 200 ETHW. >In short, the root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn't correctly verify the actual chainId of the cross-chain message. Besides, the similar issues may exist in other protocols. From Peck Shield - [Seems like @EthereumPow suffered a replay attack. $ETHW has dropped -12%. Be Alert](https://twitter.com/peckshieldalert/status/1571447028189888512?s=46&t=44IKB7InsaIyyRYn-dFS9Q) # I, Degen - Freestyle Convo [Crypto(graphy) guru Bruce Schneier on the Crypto/Blockchain Disaster](https://www.schneier.com/news/archives/2022/08/bruce-schneier-on-the-crypto-blockchain-disaster.html) # I, Degen - Other Stuff 1. [Interesting twitter thread on what crypto needs to avoid 100MM hacks every week](https://twitter.com/koeppelmann/status/1572181026096705538?s=46&t=grdW_rbsXJdIjsN4SRGWzg) # I, Degen - Personal Hack Attempt of the Week Central American customs shakedown [[[Outro]]] :::warning We do our best to report accurately on the topics we discuss, but we're not always going to get everything right. Please comment here or reach out to us @idegenfm with corrections or comments! :::