By Donovan Choy of Bankless
Ethereum Neoclassic (aka ETH PoW) chain
As the Merge nears, one related point of discussion is emerging around a potential hard fork for an “ETH PoW” (Ethereum Proof-of-work) chain which some miners are voicing their support.
I’m calling this the Ethereum Neoclassic (ETN) chain, because “ETH PoW” puts readers to sleep and there already exists a PoW-based Ethereum Classic from 2016.
So why is the Ethereum Neoclassic hard fork potentially a thing? For the simple reason that the Merge is about to render an estimated $5B worth of mining rigs obsolete. That presents Ethereum miners with two choices:
- Redeploy their rigs toward mining Bitcoin, Dogecoin, Ethereum Classic, or some other PoW chain
- Protest the Merge by forking into the new ETH Neoclassic chain that retains PoW validation
Should enough miners support the second option, it would likely be Ethereum’s second high-profile hard fork. The first one of course was in 2016 after the infamous DAO hack that saw a minority group of miners protest the Ethereum foundation’s decision to negate the theft of 3.6M ETH, thereby giving birth to Ethereum Classic (ETC).
There were die-hards then, and there are die-hards now. People like the status quo, especially if they have a stake in seeing it preserved.
But today’s die-hards that threaten to hard fork face an even larger challenge for a few reasons.
First, for the new Ethereum Neoclassic chain to thrive requires that the existing state of DeFi is successfully “ported” over to the new chain. That would require hundreds of asset providers and bridging protocols to honor claims on users’ assets — stablecoins, Lido’s staked ETH, all forms of wrapped tokens — that currently exist on the Neoclassic chain.
Tether is likely going to enable redemptions for USDT on the new PoS Ethereum chain rather than a Neoclassic chain, given the strong social support for the Merge. If so, then decentralized exchanges and lending platforms on Neoclassic will collapse in the absence of liquidity.
Of course, there is a chance that something maybe goes catastrophically wrong with the Merge, then a new Schelling point might gravitate around the Neoclassic chain. Then a minority of users maybe wants to redeem their USDT on the Neoclassic chain, and Tether maybe honors them. But that is a lot of maybes. It’s a classic collective action problem and no protocol wants to be stranded alone in a highly fractured DeFi landscape where trading infrastructure is broken and all other assets are dead.
A short thread about EthPoW and what is quite likely to happen:— Marc "Aavechan.lens" Zeller 👻 💜 (@lemiscate) August 1, 2022
Spoiler TL;DR: Galois et Guo delenda est
Second, a Neoclassic chain would come with the difficulty bomb, a built-in mechanism by Ethereum developers to disincentivize the original chain from functioning post-Merge by making mining increasingly difficult. Ethereum Neoclassic miners would have an insurmountable task of gathering consensus twice: Once to hard fork the Merge, then hard fork the previous hard fork again to remove the bomb.
Third, an Ethereum Neoclassic chain doesn’t only face competition for developer talent and users from the new PoS chain, but also the old Ethereum Classic (ETC) chain. Incidentally, ETC’s price has been rallying 32% in the past two weeks as speculators anticipate that the hash rate may be redirected to.
For all of these reasons and more, most analysts and researchers don’t foresee an Ethereum Neoclassic chain taking off.
Will it happen? Likely.
Will it succeed? That’s another question.
Nomad bridge hack
There are two major hacks rippling across DeFi this week. The first is the Nomad bridge racking up 5th place on the Rekt leaderboards with a ~$190M loss.
Nomad is a decentralized cross-chain bridge protocol supporting asset transfers across five chains: Avalanche, Ethereum, Cosmos’ Evmos, Cardano’s Milkomeda, and the Polkadot Moonbeam network. On the eve of its hack, Nomad was the 6th largest Ethereum bridge holding ~$169M of value.
What happened? A flaw in a Nomad smart contract allowed users to spoof transactions and withdraw money from an open vault (it was open for 43 days 🤯) on the bridge.
That opened the door to hundreds of hackers for a cash grab by copy-pasting the transaction call data used by the original hacker, and replacing the wallet address with one of their own to siphon funds.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm— samczsun (@samczsun) August 1, 2022
Unlike the centralized Axie Infinity Ronin bridge $650M hack in March where private validator keys were stolen, the Nomad hack stems not from a flaw in design architecture i.e., the degree of trust required, but from a smart contract flaw. In short, Nomad’s design focused on trust-minimization and was more in line with the decentralized nature of Web3, but still came up short.
The silver lining here is that because the exploit was a free-for-all, some ethical hackers accumulated at least $9M of the spoils, which have been returned to Nomad.
Nomad exploit onchain activity, visualized. pic.twitter.com/WqjcbQfWKW— Hsaka (@HsakaTrades) August 1, 2022
It’s probably worth reiterating for the hundredth time on Bankless that cross-chain bridges come with their own risks (different from multi-chain bridges like Cosmos).
If the crypto that you own sits only on its native network, then its security relies exclusively on that network’s validator security. But there’s a new exciting dapp on another chain running liquidity-mining-fuelled 100% APYs, so the smart investor thing to do is wrap and transfer your crypto around different chains to stake for greater returns, while at the same time watch number go up on your original collateral— win-win right?
Cross-chain bridges enable that kind of capital efficiency but it also introduces new attack vectors and smart contract risks as your crypto traverses different chains.
Lesson: If you use a bridge, use it with your eyes wide open.
With the recent hack of @nomadxyz_ I think it is time to reflect more broadly on bridges security as by now they became by far the most critical piece of blockchain infrastructure. Here are some things to consider: 👇🧵https://t.co/se3eU95olY— bartek.eth (@bkiepuszewski) August 2, 2022
Solana wallet hack
The second hack this week is taking place within the Solana ecosystem, affecting at least 8,000 Solana wallets with total losses of up to $6M, particularly popularly used wallets like Phantom, as well as Slope and Trust.
In the early stages of the hack, it wasn’t clear what the security issue was. Both the Solana Foundation and Phantom alleged that the problem may be related to Slope Finance, a Solana Web3 aggregator platform that offers iOS and Android mobile wallets. The uncertainty led Solana users rushing to push funds to a hardware wallet or even centralized exchanges.
Well, it turned out that the root cause of the problem simply stemmed from… Slope Wallet is a terrible service provider. Slope stored wallet seed phrases on a centralized event logging service and then that service was exposed.
Correction - the Slope wallet did not send seed phrases to external partners, but may have logged them on their own centralized servers. Apologies for getting a bit ahead of myself, postmortem still in progress. Wait for an announcement from the team for true confirmation.— foobar (@0xfoobar) August 3, 2022
Slope’s official statement doesn’t tell us much, safe for “we dun goofed”, “we know it hurts, and “wait for pending investigation”.
Three Arrows Capital fallout
You thought the fallout was over but it isn’t. Celsius sees a data breach that leaks its customers emails.
The Block reports that Babel Finance, a crypto bank that halted withdrawals last month lost at least $280M in trading during the June market downtown.
Aave moves to freeze Fantom markets due to recent bridge exploits; Rainbow Wallet supports NFTs on Ethereum, Polygon, Arbitrum and Optimism; Starknet launches NFTs; Robinhood gets fined $30M by the New York State Department of Financial Services.