Week 72 — SEC Backs Down, TON’s Hype, LayerZero’s $ZRO Airdrop & CertiK-Kraken $3M Controversy

Week 72 — SEC Backs Down, TON’s Hype, LayerZero’s $ZRO Airdrop & CertiK-Kraken $3M Controversy

​

GM! Buidlers

In this latest HashingBits issue, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all, we will dive into what’s happening in TON, LayerZero, Polygon, Solana & Near ecosystems, along with recent advancements in the AI & Web3 space. For developers, we’re highlighting new updates in tools designed to assist Smart contract developers and auditors. And, of course, we’re also digging into the headlines about CertiK’s controversial $3M white-hat hack on Kraken & Hologram’s $14.4M breach by a former contractor.

EtherScope: Core Developments 👨‍💻

• ​Ethereum All Core Developers Execution Call #190 Writeup​
• ​eth_multicall Metting: Talks on EIP-4488, state rent, parallel execution, gas accounting, & future developments​
• ​Blob Usage Strategies by Rollups and Non-rollup Applications​
• ​Execution Layer Meeting 190 — Recap​
• ​Notes from this week Verkel Implementers Call​
• ​Pre-confirmation Liveness Slashing Penalties from the Proposer’s Perspective​
• Summary of EOF Implementers Meeting 51​
• Lido generates the most Fees out of all applications in crypto​
• Application Filed for Combined BTC & ETH ETF​
• SEC Backs Down: Ethereum No Longer Under Investigation​
• ​EigenLayer Opens Phase 2 of its ‘Stakedrop’​

Layer1 & Layer2

• ​Tether introduced Alloy $aUSD₮!​
• ​Generalized Staking for $ENA Launches with Symbiotic Finance and LayerZero Labs.
• ​Liquidity Book V2.2 Launches: New Hooks and ARB Rewards
• ​Scroll introduced Nuri Exchange, a Scroll-based Next-Gen DEX with Concentrated Liquidity!
• ​$SNX — Synthetix V3: Goes live on Arbitrum!
• ​$RPL — Rocket Pool’s Houston upgrade: Introduces on-chain voting.
• ​Helium Mobile’s developer is now licensing its tech stack.
• ​RISC Zero introduced its zkVM 1.0!
• The first Robinhood Wallet x Arbitrum quest is live!
• ​Starknet 2024 Roadmap Update.
• ​Polkadot>Ethereum Snowbridge is here!​

ERCs

• ​ERC-7777: Common Quote Oracle​
• ​ERC-7725: Exponential Curves​
• ​ERC-838: ABI specification for REVERT reason string​

EIPs

• ​EIP: eth_signIntendedValidatorData JSON-RPC method​
• ​EIP-7723: Network Upgrade Inclusion Stages​

EcoExpansions: Beyond Ethereum 🚀

TON

• TON introduces the Open League Quest!
• ​TON/USDT Pool Surpasses $200M TVL, Propelling TON to 15th on DefiLlama with $564M Total TVL!
• ​State of TON DeFi Q1 2024.
• ​TON’s tap-to-earn is the new crypto gaming trend​
• Where to get started on TON: Beginner’s Guide
• ​A total rundown on A-Z about TON.
• A look into the On-chain metrics of $TON.

LayerZero

• ​LayerZero’s ZRO Airdrop has arrived!
• ​LayerZero will be live on BounceBit​
• ​Iskra has integrated LayerZero to expand to Base.​
• ​The LayerZero ZRO Airdrop Rundown​
• LayerZero is introducing a new claiming mechanism called Proof-of-Donation​

Polygon

• You can now compile the Miden client directly to Wasm!
• ​Ternoa is launching a ZK-powered layer 2, built with the Polygon CDK.
• ​Ronin zkEVM is here. It is built with Polygon CDK.
• ​Fox Corp. Transitions Verify Protocol to Polygon zk L2 from Polygon PoS!
• ​Thrive Polygon Consumer Crypto Grants is here!
• ​Azuro initiates grants program in collaboration with Polygon

Solana

• ​Drift, a Solana-based perp dex, launched DRIFT staking.
• Metaplex Core Verified Creator and Autograph plugins have rolled out to Mainnet​
• ​Solana Summer Kickoff: San Francisco
• Registration for Solana Worldwide Meetups has begun!
• ​A list of exciting things coming to the Solana ecosystem
• Introucing ZK Compression to Solana​

NEAR Protocol

• ​Restaking is now live on NEAR, powered by Allstake
• ​NEAR Monthly Active Wallets up 300+% from Q4’23, average retention at ~40%​
• ​TVL on NEAR grows more than 2x in 2024 to $280M+​
• ​Highlights of NEAR Mega Issue: Everything that’s going on in the NEAR ecosystem

DevToolkit: Essentials & Innovations 🛠️

• ​Python Uniswap Universal Router SDK v1.2.0 is out!
• Graph Protocol releases Graph node v0.35.1!
• Vyperlang releases v0.4.0 (“Nagini”)!
• ​Aptos Node v1.14.1 is here!
• You can now export on-chain data to CSV format on Solscan!
• Ghostlogs released sandwiched.me: A real-time dashboard for sandwiches on Solana​
• ​Alloy v0.1 is here!
• ​How to use Flare to speed up the testing and dev process: A Guide
• ​Releasing Revmc​

Hackathons, Workshops & Events

• ​Registration for The Aptos Experience begins!
• Sui introduces incentive program for bug hunters
• ​mtnDAO v6 Registration begins!
• ​Cross-Chain Summer Hackathon: Registrations are on!
• ​MANTRA Launches Incubator Program at Dubai World Trade Centre (DWTC) in Partnership with Virtuzone​

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

• ​Do Rollups Really Fragment Composability? Debunking the Myth
• ​Sandwich Bots Extract 150k SOL from Retail Memecoin Traders: A Broken Market?
• What is Aptos On-chain randomness API?​
• The jury is still out on Vitalik’s account abstraction proposal: EIP-7702​
• Why ETH Outshines Bitcoin in the Expanding Digital Economy
• ​Very Fast Vanity Program IDs and Token Mints on Solana​
• ​Draft of the J4J plans​
• ​Deep Dive into Sequencers​
• ​Deep Dive into Rollups​

Articles

• Top takeaways from the decentralization panel at Consensus​
• ​How to Optimize Compute Usage on Solana​
• ​Introduction to Solana Compute Units and Transaction Fees​
• ​Wormhole: Native Token Transfers (NTT)​
• SuiNS introduces @ naming standard.
• ​stETH: Ethereum’s Preeminent Institutional Grade Product​
• ​Finding mispriced opcodes with fuzzing​
• ​Telegram Is Crypto’s Adoption Machine​
• ​Block Building is not just knapsack!​

Research Papers

• ​Distributed Randomness using Weighted VRFs​
• ​Dispatchable fungible assets on mainnet: Aptos proposal
• ​Dye4AI: Assuring Data Boundary on Generative AI Services​
• ​Decentralized Credential Verification​
• ​DIDChain: Advancing Supply Chain Data Management with Decentralized Identifiers and Blockchain​
• ​ICICLE v2: Polynomial API for Coding ZK Provers to Run on Specialized Hardware​

Github

• Read about AIP-73 — Dispatchable token standard​
• Example Repo on how to build native stable coins on Aptos​
• ​OSINT guide Repo ​

Watch 🎥

​

Web3 Security Watch 🛡️

Articles

• ​ZachXBT wins $150,000 bounty for exposing Martin Shkreli as DJT token creator
• ​Certik Returns $3 Million To Kraken Amid Controversy For Holding Funds ‘Hostage’
• Insider Accused Of Perpetrating Holograph Exploit, Tanking HLG By 50%​
• ​Investigation on Certik/Kraken Case: A Neutral Perspective​
• ​COTI: Keeping Blockchain Data Private on Ethereum​
• Governor Secured: A Soft x Hexens Collaboration​

Research Papers

• ​PostMark: A Robust Blackbox Watermark for Large Language Models​
• User-Level Differential Privacy for Language Model Fine-Tuning​
• ​SeCTIS: A Framework to Secure CTI Sharing​
• ​Solana’s Unexpected Resilience despite the Security Challenges Faced by Developers​

Twitter

• ​SEC vs Kraken?​
• ​Is Certik Extorting Kraken for Millions?​
• ​Certik provides a timeline of what went down​
• ​$2M bug bounty awarded for 2 critical bugs in Sei​

Hacks and Scams 🚨

Certik/Kraken Exploit (Loss ~ $3M)

• Kraken accused security researchers of extortion following a $3 million bug bounty exploit.
• CertiK, the cybersecurity firm, discovered and reported a critical vulnerability in Kraken’s system.
• Kraken allegedly responded by threatening CertiK employees and making unreasonable demands, as claimed by CertiK.
• The dispute escalated publicly, with both sides accusing each other of unethical behavior.
• Kraken fixed the reported bug within an hour and 47 minutes, but CertiK found additional severe vulnerabilities.
• CertiK claims Kraken demanded repayment of crypto without providing wallet addresses.
• CertiK went public to protect users, asserting they followed responsible disclosure practices.
• The exploit allowed over $3 million to be withdrawn from Kraken’s wallets over five days.
• CertiK claims the funds were for testing purposes, and no real user assets were involved.
• Kraken requested the return of funds, but researchers demanded a speculative ransom.
• Three transactions from the testing address were deposited to Tornado Cash, raising legal concerns.

Holograph (Loss ~$14.4M)

• The Omnichain NFT protocol Holograph was exploited by a former contractor, resulting in a loss of approximately $14.4 million.
• The contractor exploited an infinite mint vulnerability in their smart contract, minting an additional 1 billion HLG tokens, which were then dumped on the market.
• This malicious actor had funded the operator contract roughly 26 days before the attack and deployed an unverified contract on Mantle.
• The unverified contract was used to mint the additional tokens through a function that exploited the protocol’s verification method.
• The 1 billion HLG tokens were then bridged to Ethereum and sold on various exchanges.
• In response, Holograph has temporarily locked down the protocol and is working with security experts to prevent similar exploits in the future.
• The malicious actor’s exchange accounts have been frozen on Bybit, Gate, KuCoin, Bitget, and Backpack.
• At least 200 million of the additional HLG tokens have been frozen.
• As a precaution, these exchanges have also temporarily suspended all HLG deposits and withdrawals.
• Moving forward, a third-party audit of the protocol will be conducted.

Community Spotlight