There was a fairly interesting series of events yesterday that went largely unnoticed by people who aren’t deep in the weeds of the bitcoin and crypto industry. A research partner at Paradigm, Sam Sun (known as Samczsun), discovered a potentially critical security flaw in the code of SushiSwap's MISO platform.
The details of this white hat rescue are fairly technical in nature, so I won’t bore this audience with the exact details. You can read more about the sequence of events by reading Samczsun’s write up. The key takeaway is that over $300 million worth of ETH was exposed to a potential exploit and could have been stolen. After reading through the various analysis of the situation, I had two main takeaways.
First, Samczsun wrote an opening paragraph to his analysis that I thought highlighted a great point:
“A common misconception in building software is that if every component in a system is individually verified to be safe, the system itself is also safe. Nowhere is this belief better illustrated than in DeFi, where composability is second nature to developers. Unfortunately, while composing two components might be safe most of the time, it only takes one vulnerability to cause serious financial damage to hundreds if not thousands of innocent users. Today, I’d like to tell you about how I found and helped patch a vulnerability that put over 109k ETH (~350 million USD at today’s exchange rate) at risk.”
This idea of safe components do not equal a safe system is really good. You can apply it to many aspects of life, but software code may be one of the most complex applications of this rule. As we know, the more complex a system, the higher the likelihood that vulnerabilities will exist.
Complexity is a weird topic. To the uneducated, complexity appears to be a signal of sophistication and intelligence. But as the experienced know, complexity is actually the exact opposite of sophistication in most cases. The famous line from Blaise Pascal applies here — “I would have written a shorter letter, but I did not have the time.” The same thing goes with software code to a degree. The more time someone has, the cleaner and more efficient it can become.
This brings me to my second takeaway. So much of the progress that is being made across the industry is being done at an incredible speed. Rightfully so, most developers are focused on innovation and experimentation. They are seeking new and profound ways to apply the various technologies that have become available over the last 10 years or so. The downside to this approach is that speed is historically a direct trade-off with security and resilience.
The faster that developers innovate, the higher the likelihood that vulnerabilities will be introduced into software. Sometimes that trade-off is acceptable. Other times it is not. Knowing the difference is important.
One framework to apply to this analysis would be a spectrum of innovation speed to security. Let’s start with bitcoin as an example of the extreme pursuit of security. The bitcoin core developers have an arduous, methodical, and intentional development process. There is over $800 billion of economic value that is at stake. If we have to go slower from an innovation standpoint, it is worth the continued achievement of the ultimate security. You can see the end result of this approach in everything from the decentralization of miners and nodes to the software review process. Resilience and security over everything.
The other end of the extreme is a pursuit of innovation and speed over everything. There are various altcoins and protocols that are attempting to invent new technologies or applications. They can’t win on a first mover advantage and they can’t win on the most secure or decentralized, so they choose to pursue a strategy of innovation. It is a rational strategy. These projects don’t have a lot of economic value at risk, which means the cost of making a mistake is minuscule compared to bitcoin.
These are the ultimate extremes in the industry. Do you value security and resilience as the most important aspects of a protocol or do you value speed and innovation? The interesting answer to that question is that each path is valuable for a different kind of desired end result. If you are building something that requires decentralization (like a transparent, programmatic monetary policy for a digital currency that has aspirations to become the global store of value) than security is the single most important thing. If you are building something that requires speed of innovation, like an application built on top of a smart contract platform, than you aren’t as worried about security and resilience in the early days.
Remember, we are still so early in all of this. The industry is only 12 years old and majority of companies or projects have only been around for 3-4 years. That is nothing in terms of lifetime in the technology sector. There will be immense mistakes made, similar to what we saw a few days ago with a $600 million defi hack. But that doesn’t mean that every platform will have vulnerabilities, nor does it mean that speed of innovation should be pursued more aggressively than security and resilience.
One of the reasons that I’m personally interested in bitcoin, and spend the majority of my time on it, is that I believe it has grown to become the most resilient and secure computing network in the world. It has true staying power. There is a very high likelihood that bitcoin is still around in 50 or 100 years. That type of resilience can be incredibly valuable if you’re a long term thinker. My plan is to hand my bitcoin to my grandchildren, so resilience and staying power is of the upmost importance to me.
So far, so good. Lastly, it is cool to see people like Samczsun in the world. There are not many people who would discover a $300 million exploit and their first reaction is to call the project and work with them to fix the issue. We need as many good people as we can get in this world.
Hope each of you has a great day. Talk to you tomorrow.
SPONSORED: Unstoppable Domains allows you to replace cryptocurrency addresses with a single, easily-readable name like mine, Pomp.crypto. Instead of worrying about getting 1 character wrong in a long string of random letters and numbers, get your own Unstoppable Domain here.
Bridgewater, Citadel, Even Tennessee’s Treasury Among Coinbase COIN Whales: Some of the biggest names on Wall Street and even a handful of U.S. states ended Q2 with multimillion-dollar bets on Coinbase, possibly the ultimate crypto proxy stock. A review of regulatory documents reveals that a parade of megabanks, including Goldman Sachs, JPMorgan, CitiGroup and Bank of America; asset managers such as Millennium Management, BlackRock, Miller Value Partners and Bridgewater; and even states such as Tennessee’s Treasury, have told securities regulators they held COIN on June 30. Read more.
UK Police Recover $22M in Stolen Crypto From Scammers: U.K. police have seized $22.2 million in cryptocurrency and made two arrests after specialist officers learned of a scheme in Greater Manchester that led to the discovery of USB sticks containing significant amounts of ethereum. The police allege that victims were tricked into depositing their savings into what they thought was an online savings and trading service using Binance Smart Chain.Read more.
US Mortgage Lender UWM Plans to Accept Bitcoin Payments: United Wholesale Mortgage plans to accept cryptocurrency payments – likely bitcoin – later this year in an apparent first for the U.S. mortgage industry, according to the Detroit Free Press. The Michigan-based lender will start by taking bitcoin but is looking into ether and other cryptocurrencies as well, CEO Mat Ishbia told the paper. “We’re going to walk before we run,” he said while emphasizing UWM wanted its crypto service to be first to market. Read more.
Ex-Goldman Sachs Traders Raise $4M for DeFi Risk Management Startup: Ondo Finance, a protocol meant to accelerate decentralized finance adoption among institutional investors by minimizing risk, has raised $4 million in a funding round led by Pantera Capital. CoinFund, Protoscale Capital, The LAO and Digital Currency Group (the parent company of CoinDesk) also participated in the round. Read more.
Steve Aoki Has Secured Funding to Pilot His NFT TV Show: DJ Steve Aoki is doubling down on his stop-motion short “Dominion X” after the non-fungible token (NFT) project’s near-instant sellout earlier this month. The festival staple has secured financing for a “proper pilot” episode of his trippy, music-infused collaboration with Stoopid Buddy Stoodios, the Seth Green production company best known for Robot Chicken, according to his publicist Mike Jones. He declined to provide details of the financing. Read more.
Chrisman Frank is the co-founder and CEO of Synthesis, a new educational experience for children aged 8-14 that focuses on teaching problem solving and critical thinking skills.
In this conversation, we discuss the Synthesis story, Elon Musk, critical thinking, independent thought, first principles, the broken education system, and why Synthesis is better than classrooms.
These companies make the podcast possible, so go check them out and thank them for their support!
Exodus is an absolute game changer in the crypto wallet space. With over 100 assets supported, one-click built-in exchange, Trezor hardware wallet integration and 24/7 customer support, this is a no brainer for both newcomers and crypto heavyweights. Download Exodus on desktop, iOS, and Android using my code http://get.exodus.com/pomp
Cosmos is building the Internet of Blockchains, marking a new era of interoperability, scalability, and usability. The free flow of assets and data between blockchains with bridges to Ethereum and Bitcoin will unleash the potential of DeFi, NFTs, and much more. Dive into Cosmos at cosmos.network/pomp
OKEx is a leading crypto exchange known for providing the most options for crypto traders and investors. Whether you want to trade spot, futures, options or swaps, OKEx gives you institutional-grade tools and a best-in-class trading engine. The platform offers credit and debit card funding options and supports 40 different fiat currencies, including EUR, CAD, GBP, TRY, INR and RUB, to name just a few. You can invest, trade, and earn yield, all within one place at okex.com. OKEx is not available to customers in the United States.
Unstoppable Domains makes crypto easier by replacing your address with [AnyName].crypto. They allow you to send and receive over 70 cryptocurrencies, including BTC, ETH, and LINK with a single blockchain domain. Go to unstoppabledomains.com and get [YourName].crypto to make your crypto life easier.
Crypto.com allows you to buy, sell, store, earn, loan, and invest various cryptocurrencies in an user friendly mobile app. Join over one million users today. You can download and earn $50 USD with my code “pomp2020” when you sign up for one of their metal cards today.
Public Rec is on a mission to make comfort look good. Their fan-favorite Flex Short is the ultimate crossover short you’ll need all summer long. From the beach to the gym, this quick-drying short has you covered. Comfort starts with a better fit. Free shipping. Free returns. Visit www.publicrec.com/pomp and use POMP at checkout for 10% off!
Circle is a global financial technology firm that enables businesses of all sizes to harness the power of stablecoins and public blockchains for payments, commerce and financial applications worldwide. Circle is also a principal developer of USD Coin (USDC), the fastest growing, fully reserved and regulated dollar stablecoin in the world. The free Circle Account and suite of platform API services bridge the gap between traditional payments and crypto for trading, DeFi, and NFT marketplaces. Create seamless, user-friendly, mainstream customer experiences with crypto-native infrastructure under the hood with Circle. Learn more at circle.com.
Gemini is a leading regulated cryptocurrency exchange, wallet, and custodian that makes it simple and secure to buy bitcoin, ether, and over 30 other cryptocurrencies. Offering industry-leading security, insurance and uptime, Gemini is the go-to trusted platform for beginner and sophisticated investors alike. Open a free account in under 3 minutes at gemini.com/pomp and get $20 of bitcoin after you trade $100 or more within 30 days.
Revolut is a finance app in the US and UK, that say they're the simplest way to access crypto. Sign up today at Revolut.com/pomp and make 3 card transactions to get $15, which you can exchange for any tokens Revolut supports. As usual, when you move your money from fiat to crypto your capital is at risk. See T&C's for details. Revolut is a financial technology company. Banking services provided by Metropolitan Commercial Bank, Member FDIC. Cryptocurrency services provided directly by Paxos Trust Company, LLC.
Did you know nearly 338 million dollars worth of NFTs were sent last year? And in 2021 that number is growing faster than ever. Looking to make your first NFT? Check out NEAR’s fast, scalable, low-cost, open-source platform. Learn why NEAR is the infrastructure for innovation at near.org
LMAX Digital - the market-leading solution for institutional crypto trading & custodial services - offers clients a regulated, transparent and secure trading environment, together with the deepest pool of crypto liquidity. LMAX Digital is also a primary price discovery venue, streaming real-time market data to the industry’s leading analytics platforms. LMAX Digital - secure, liquid, trusted. Learn more at LMAXdigital.com/pomp
You are receiving The Pomp Letter because you either signed up or you attended one of the events that I spoke at. Feel free to unsubscribe if you aren’t finding this valuable.
Nothing in this email is intended to serve as financial advice. Do your own research.