#25 Turning a $623M exploit into a lesson in crypto building blocks
What Ronin exploit teaches us about blockchains. Also, EU regulation, Tesla resorts to crypto for a loan, and Shopify will accept bitcoin.
(cheap influencer trick coming…)
Many people have asked us about sponsorship opportunities in this newsletter. So far we hadn’t considered any opportunity seriously - Carbono Insights was our way of reaching out and building a network for Carbono. But we want to open the door now and see what it looks like outside. So if you have a project that you want to put in front of the eyes of an international audience of crypto amateurs and enthusiasts, let us know! We will read you at team@carbono.com
The Ronin exploit explains sidechains, bridges, nodes, and mixers.
We have a new leader in the cryptocurrency hack ranking: the Ronin Network was exploited for over $624M on March 23rd, ~$13M more than the previous champion. The king-sized heist of one of the most representative projects in crypto, the gaming platform Axie Infinity, leaves a trail of lessons to learn. The history of the Ronin hack is a practical use case of a few concepts worth reviewing in this newsletter.
The Ronin Network was Axie’s response to Ethereum’s low speed and high transaction fees. Axie Infinity was on its way to becoming the first real play-to-earn platform: a game with a built-in token economy, where users could earn money by playing. But Ethereum’s scalability issues came in the way, so Axie built their own blockchain: the Ronin Network was created as an Ethereum’s sidechain to help speed up transactions. And it did. Ronin was one of the main improvements responsible for the subsequent boom that led Axie to onboard hundreds of thousands of players and become a milestone in crypto history.
What is a sidechain?
A sidechain is one of the many scalability solutions meant to improve the speed and cost of transactions in a blockchain. Unfortunately, draggy throughput is one of the elements preventing crypto from becoming a viable alternative to traditional finance. Bitcoin and Ethereum, the two major blockchains, cannot match the speed of transactions of well-established payment methods. But there are a few ways of solving this:
Creating brand new blockchains that are specialized in speed and cost optimization. These are called Layer 1s, and you’ve probably heard of Solana, Cardano, Cosmos, or Binance Chain.
Creating extensions for current blockchains that take on specific tasks, specialize in them, and alleviate the burden on a blockchain. Those are Layer 2s. Lightning Network is Bitcoin’s Layer 2, allowing fast payments (like Twitter tips). Ethereum’s most popular L2s are Arbitrum or Optimism.
Sidechains are another option, somewhere in the middle of L1s and L2s: they are blockchains of their own, with security and validation mechanisms, etc., but linked indelibly to the main net like an L2 is. Ronin is an example of this.
Axie built their own sidechain so that players wouldn’t have to spend enormous amounts of money making the small exchanges a game requires. You don’t want to make people wait and pay hundreds of dollars for breeding their new Pokemon-like monster.
But building a separate layer means creating a gap between ecosystems. As a result, smart contracts and tokens become incompatible. To allow the transfer of funds between layers, you need a solution. Enter bridges.
What are bridges?
Bridges link blockchains between them to create interoperability. The name serves as a metaphor but does not define how bridges work in crypto. Tokens do not seamlessly travel from one end of a bridge to the other. Instead, when a token transfer is performed through a bridge, say ETH turned into AXS, the ETH on one side gets locked by the bridge, and a synthetic version of that token is created on the other side. The word “wrapped” is usually used to define the synthetic version on the other side of the bridge. When a token crosses a bridge, you get some encapsulated version of the original token that can circulate in the new blockchain. The Ronin bridge lets you lock your ETH and creates wETH (wrapped ETH) inside the Ronin Network. And wETH is what you can use to purchase or cash out on your AXS.
What ends up happening is that one side of the bridge is like a massive vault of locked tokens...waiting for a heist.
The Ronin theft was relatively singular in the crypto ecosystem. While we are used to hackers exploiting vulnerabilities in smart contracts and finding holes between the 1s and 0s, the Ronin hack used social engineering to obtain the keys to validate transactions. As a result, the thieve/s needed only two trades to send the funds to their wallet, two perfectly valid transactions since they were approved by more than 50% of the nodes in Ronin’s validation network.
Let’s stop to see what nodes are because here’s a big part of the story.
Nodes are computers that hold complete copies of a blockchain. They are often, but not necessarily, also where validation software runs. Broadly speaking, all miners are nodes, but not all nodes are miners.
In the case of the Ronin Network, nodes were also validators...and there were 9 of them. So the hackers just had to get control of five keys to unlock +$600M dollars. Four of them belonged to Sky Mavis, the company that develops the game. Speaks loudly about what decentralization means and the risks of not tackling correctly. If the hackers attempted to perform the same technique on the Ethereum blockchain, they would have needed to steal hundreds of thousands of keys.
There’s one interesting final lesson to learn from this hack. One that goes beyond just the technical side of crypto, with broader regulatory and legal implications.
What would you do if you had $600M in your wallet?
The hackers are having a hard time cashing out their loot. This is something that regulators worldwide still need to understand properly when they point fingers at crypto and accuse it of favoring scammers, terrorists, thieves, and now Russian oligarchs. Once a wallet is identified, there are very few ways to use them to move funds without leaving an indelible trace. This can be considered both a bug and a feature. On the one hand, blockchains' public nature will help regulators and enforcers finally trust crypto; on the other, there’s something utterly invasive and wrong in being able to trace somebody’s money transfers.
Let’s end today’s lesson by explaining mixers.
Mixers are platforms that allow funds to exit crypto with a clean history. Mixers do exactly what they say: they mix funds from different sources so that their origin cannot be traced when they come out. The Ronin hackers used Tornado Cash, one of the most popular crypto mixers, to “launder” some 1,400ETH.
In recent hearings involving industry leaders and US politicians, mixers came up in the conversation. Regulators were worried that they could enable Russian oligarchs to evade sanctions. However, as the speakers expressed, the amounts of funds managed by mixers are still too tiny to serve the spurious needs of multimillionaire evildoers.
So this is how you turn an ugly story into many lessons. The Ronin theft has many angles to it. We hope it served our readers to understand some core concepts of crypto, like sidechains, bridges, or mixers, that are generally used to help promote innovation and not steal.
⬡ Six Angles
We select six topics to illustrate the very different angles crypto can be approached from. We could choose dozens, but six is the atomic number of carbon… and otherwise we'd be writing for ages.
1. Crypto EU regulation
The similarities and differences between the regulatory approaches on both sides of the Atlantic paint the different personalities of American and European cultures.
While everyone was looking at the Markets in Crypto Assets, the regulatory framework meant to build the foundations of crypto regulation in the EU, some dispositions in the “Travel Rule” sneaked in and posed an unprecedented threat to crypto in the European Union. The move reminds us of what happened in August in the US, where the Biden administration's fine print of a $1T infrastructure bill tried to impose aggressive reporting duties on too many crypto participants.
The current version of the "travel rule" obliges banks and payment companies to store information that "travels" between payers and recipients and make it available to authorities for several years. European Parliament Proposes Expanding 'Travel Rule' to Every Single Crypto Transaction
The Travel Rule is the regulatory text that specifies the reporting obligations imposed on financial institutions to obtain and report transaction information for the “travel” of funds. Changes in the travel rule may impose the obligation on crypto participants (except for unhosted wallets) to report on ALL fund transfers, including those below 1,000€. As it happened in August in the US, some of the most important regulatory developments regarding crypto have happened almost under the radar.
While US citizens responded by uniting and lobbying aggressively against the infrastructure rule (albeit not very successfully), the European response was quite European. Some disapproving nods and heavy worded letters (although those mostly came from American companies like Coinbase or Gemini).
The controversy is the same in the two continents: burdening participants in crypto with reporting obligations can be very harmful to the industry. These obligations are in some cases impossible to fulfill, in others just too invasive, and, in all, a turnoff for innovation.
2. Tesla takes a crypto-backed loan
On March 30, 6s Capital, a commercial lender powered by MakerDAO, closed a real estate financing deal worth $7.8M for Tesla, the world’s leading electric vehicle company and the second-largest publicly-traded Bitcoin holder. Tesla Taps MakerDAO-Powered Lender for $7.8M Real Estate Deal
6s is a lender that helps firms tap into the advantages of DeFi to access funds. Tesla requested their services to fund a development project, and 6s resorted to MakerDAO for the funds.
This story has a few faces:
On the one hand, it is yet another example of Tesla spearheading crypto adoption by big corporations. Their example keeps breaking the ice for other companies.
On the other, it emphasizes Maker’s will to expand to Real World Assests as collateral for their stablecoin Dai, as seen in the latest chapters of the stablecoin wars.
In either case, this event is an example of the future of finance serving the older of purposes.
3. Bitcoin as an energy balancer
Before its potential use as an escape route for Russian oligarchs, crypto’s energy consumption was its most significant issue in the eyes of regulators. And it will probably return to the spotlight as soon as the international situation stabilizes.
The crypto industry has long argued that one crucial question that should accompany any informed debate about energy consumption is “how” energy is consumed, instead of only “how much.”
Last week, Bloomberg reported that Exxon was launching a pilot project that would put excess gas production that would otherwise end up burnt in flares to work in Bitcoin mining.
Storage difficulties and transport costs result in enormous amounts of energy wasted worldwide. Giving a second opportunity to that energy as a means to produce a financial profit is a unique contribution from crypto to the sustainable global energy system.
4. 19 millionth bitcoin mined, 2 more to go
The last bitcoin will be mined in 2140. Twenty-one million bitcoins will be in circulation that year, precisely as Satoshi Nakamoto intended. There’s probably no other financial asset with such a predictable supply behavior in the world, which has pushed bitcoin to become an alternative to gold in the eyes of many investors. Markets like predictable stuff.
Every time a miner adds a new block to the Bitcoin blockchain, they get rewarded with 6.25 freshly minted bitcoin. This is the only way in which new coins come into circulation. It used to be 50 bitcoin back in 2009, but the amount gets cut in half every four years, approximately, in an event called the halving, which is usually welcomed by the markets with a spike in price.
50, 25, 12.5, now 6.25.
The 19 millionth bitcoin was mined recently, and there are only two more million before the spring dries.
5. The UK wants to be Europe’s crypto hub
While the EU threatens to cripple crypto, one small island of indomitable Englishmen holds out against the regulators. The UK has risen as crypto’s strongest European (?) ally in an interesting turn of events.
After months of producing hardly anything but bans on crypto advertising, the UK has suddenly unleashed a plethora of love towards the ecosystem. Today the UK is presenting itself as the most likely crypto innovation hub.
“We want to see the businesses of tomorrow—and the jobs they create—here in the UK, and by regulating effectively we can give them the confidence they need to think and invest long-term,” said the UK’s Chancellor of the Exchequer Rishi Sunak . UK Government Lays Out Plans to Become ‘Crypto Asset Technology Hub’
Sunak announced the launch of a financial market infrastructure sandbox, a “crypto sprint” led by the Financial Conduct Authority (FCA), and declared his love for stablecoins.
6. Shopify will integrate Bitcoin Lightning Payments
You remember what a Layer 2 was, right? It is an extension to a current blockchain built to improve certain characteristics of a mainnet, namely transaction speed and costs. The Lightning Network is Bitcoin’s most relevant Layer 2 and the tool developers use when they want to implement a bitcoin payment system. For example, Twitter has it for the tips feature, and El Salvador relies on it for convenient shopping in bitcoin.
Now users will also be able to pay with bitcoin on Shopify storefronts. Shopify is a leading e-commerce platform, reportedly used by 11% of the online shops on the Internet. So imagine being able to pay with bitcoin in 11% of the shops.
This integration is bullish for bitcoin. Not only because it increases the scope of use cases for bitcoin, but especially because it brings back one of its most forgotten narratives. During these days of geopolitical turmoil and global financial uncertainty, crypto has been sometimes considered a safe asset like gold, or a risk investment like a tech stock. Sometimes even an escape for oligarchs). But the use of bitcoin as a method of payment had been left aside.
If you enjoyed this issue, don’t forget to share. Carbono Insights is also available in Spanish. Share your thoughts and comments with Carbono at team@carbono.com, or through Twitter: @carbono_com, @raulmarcosl and @miguelatcarbono
Great issue, as always. Iooks like there was an explosion in that gas mining site, when the gas was being transported to the btc facilities... but not specifically where the btc-stuff was https://www.coindesk.com/business/2022/04/11/bitcoin-miner-crusoe-mostly-unaffected-by-north-dakota-oil-site-explosion/