December 14, 2021 - It has been a busy past week with significant volatility for cryptocurrencies with BTC dropping below $45k, ETH below $3.6k, and turmoils spread across several blockchain projects from crypto congressional hearing, more fallouts from Badger DAO hack, and many more. Let's dive in.

Blockchain News

• Visa added crypto-focused services. Visa announced the launch of its Global Crypto Advisory Practice, a new service within its Visa Consulting & Analytics (VCA) business that will advise clients on all aspects of crypto investment and adoption - This includes NFTs, digital currencies, and other cryptographic ecosystems.

• Crypto Executives Testify on Capitol Hill. Six execs from Coinbase, Bitfury, FTX, Paxos, Stellar Lumens Foundation and Circle testified before the House Financial Services Committee urging for a single entity to manage oversight to digital assets and their providers, and for lighter more flexible regulation for the industry.

• Vitalik Buterin published his endgame thesis providing the roadmap for the future of the Ethereum network. Proposed second tier of staking, added ZK-SNARKS to check block validity, offered the use of data availability sampling to check block availability, and lastly, suggested the use of side channels for secondary transactions. All these recommendation target to reduce network resource consumption, increase transaction speed, and lower network fees.

• Polygon Acquires Startup Mir Protocol to bring ZK-proof rollups to Polygon supporting Ethereum Layer 2 Solution. This is the second major deal for Polygon which merged an earlier deal with Hermez Network, another ZK-rollup that uses mathematical proofs to verify and settle transactions.

Hacks and Scams

• Approximately $54M or 896 wrapped BTC belonging to Celsius Network's Celsius funds were extracted from the BadgerDAO hack last week. Celsius was using Metamask to interact with the BadgerDAO protocol. The incident cost Badger DAO around $120M and the DeFi insurer, Nexus Mutual, may not pay out as the attack was on the frontend of the protocol and not the on covered BadgerDAO' smart contracts. Additional post-mortem conducted investigators revealed that an unauthorized API key was utilized allowing the malicious actors to insert code snippet to set user Web3 permission to the attacker wallet.

• Pizza DeFi platform running on EOS blockchain was hacked resulting in the $5M loss of user funds. The hacker(s) exploited the eCurve and minted a very large number (e.g., infinite) of Tripool tokens as collaterals to drain the valuable assets from the liquidity pool.

• 8ight Finance reported its private keys were compromised resulting in a loss of $1.75M. The stolen funds in DAI, LP and USDT were sent to Tornado Cash. Post-mortem indicated that two developers has the private keys which they shared through Facebook chat and Google Drive.

• AscendEx's hot wallet compromised resulting in a loss of $78 million in various ERC-20 tokens including TARA, USDT, USDC, MATIC, PAX and others.

• Solana blockchain suffered a DDoS attack. This is the second time Solana experienced outage. Back in September the network suffered a 17-hour-outage due to mass botting activity for an initial DEX offering (IDO) on Solana-based decentralized exchange platform Raydium.

• Vulcan Forged, a blockchain studio and NFT marketplace, reported that the majority of user funds were taken from the platform in PYR native token, as well as ETH and MATIC, to a tune of $140M. The private keys of 96 addresses were compromised, all of which are related to an integrated wallet provided by Venly.