When the Ethereum network split into two (ETC and ETH, July 2016) the networks didn't have replay protection so you would send thru these contracts that were super simple and would ensure that ONLY your ETH or ETC was sent on the intended chain.
It was especially important exchanges did this as in the first days of the network split, users who were "in the know" could send only ETH to, say, Coinbase and then withdraw that ETH but actually receive ETH & ETC and then send that ETH and separately ETC to Poloniex to profit.
It doesn't matter if the forkchain doesn't have value but the moment Polo listed ETC (about 3 days after the hard fork) ETC had value and eventually anyone who had ETH listed at the time of the fork had to credit their customers w ETC. That they may have inadvertantly given away.
(Shout-out to @ShapeShift_io who not only foresaw this as a real possibility while most were of us had the "longest chain will win" mindset BUT ALSO RELEASED A TOOL FOR USERS WITHIN DAYS SO USERS COULD SAFELY "SPLIT" THEIR ETH & ETC!!! 👏👏👏👏)
Okay but this is NOT THE CODING ERROR rekt Quadriga. Lol. #QCX
Usually exchanges handle funds like this:
1. User sends to their user deposit address (onchain) 2. Exchange sweeps to hot wallet (onchain) 3. Exchange credits users exchange acct balance (DB)
Once the fork happened, you need to split all new funds or funds you held at time of fork. For some, it's a massive undertaking.
An OG infamous account known as "The accumulator" generated a lot of interest and speculation when they split their holdings. reddit.com/r/ethereum/com…
But QCX. Oh sweet #QCX. For the next year, even after network-level replay protection was added, they just did this:
1. User sends to use deposit addy 2. Exchange sends thru "safe split" contract to their hot wallet 3. Exchange credits user acct balance (DB)
Everything was fine until one day the TXs that were sent via this safe split contract just....didn't make it to their final destination (the #QCX hot wallet)
This is partly bc the contract was so simple it didn't account for unhappy paths. But neither did their sweeper code.
So for 3 days in June 2017 all user deposits were sent to the contract, the contract didn't pass them along, but users were still credited.
Until @BokkyPooBah was like "uh hey guys you know all your money is getting stuck, right?"
And QuadrigaCX was like "oh shit oops. Don't worry though, we are #1 exchange and we are Canadian therefore you can trust us when we say we'll cover the loss with our profits."
And so until Feb 2019, everyone trusted them and no one was like "yo where are your cold wallets?" until it was revealed that QCX top dog Gerald Gotten had died ("died") and "no one knows where the keys are" which is code for "there are no cold wallets."
And everyone was like "but Canadians are the trustworthy and nice!"
And Gerald was like "lol canadians are really good at running schemes and laundering money too and man the weather in Thailand/hell is super hot compared to Canada! 😎"
Then any remaining $ was spent trying to find the $ and creating a report (June 2020).
And no one was like "BITCOIN FIXES THIS" even tho AN IMMUTABLE TRANSPARENT LEDGER THAT ENSURES ACCOUNTABILITY LITERALLY FIXES THIS but #digitalgold > #DeFi, amiright?
tbh if i was the dude managing Hyperliquid's 4 validators (or those fucking ghetto ass binaries on gh) I would be shitting my pants right now.
Hyperliquid dudes dont seem worried at all though so im sure its fine. 🫠
lol @ all you retards who think the risk is USG forcing Hyperliquid to freeze AAAAAAAAAAHHAHAHHHAHAHAHAHAHAHHAHHAHAHHAHAHHAHAHAHAHHAHAHHAHAHHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHAHAHAAHAHHAHAHAHHAHAHAHHAHAHAHA
Yall, DPRK doesn't trade. DPRK tests.🤦♀️
my offer from 2 weeks ago still stands @HyperliquidX
i'm still happy to do it async or via a call. i can even give you one of my super nice happy colleagues if you don't like me.
but a massive amt of harm will come to people if you don't harden your ass asap.
At some point prior to July 2024 the actual hackers landed a backdoor onto something that gave them some access to the WazirX multisig signers and/or their signatures.
We don't know what or who was compromised and it doesn't really matter.
Initial toehold was likely gained by tricking someone at WazirX or Liminal into installing malware -> escalated from there.
This access allowed the hackers to intercept/insert invisible, malicious payloads for signing in a way where none of the 3+ signers were able to notice.
With the recent sophisticated hacks fresh on everyone's mind, there's been a lot of talk about ✨fancy stacks and setups.✨
Yes, you should evaluate how—and with what—you sign txns.
But building a custom UI for your LAN Qubes OS AWS KMS everyday is not really the answer 😅
Background on the referenced hacks (feel free to skip):
1. Funds were stolen from each org's multisig.
2. Keys themselves were not compromised.
3. In Radiant and WazirX and maybe DMM, the keys backing the multisig were actually only on hardware wallets + actually controlled by distinct parties.
DMM Bitcoin - $305m in May
The least amt is known about DMM, including whether keys were cold vs hot. Early theories said address poisoning. It def wasn't that. Attached is rampant speculation (likely all wrong)
See also: x.com/mononautical/s…
Also, note, any organization that can implement / enforce EDR, etc. should do so. Full stop. End of conversation.
However, the crypto industry generally considers this a non-starter for all sorts of philosophical + practical reasons.