Welcome back, this week Lucas and Anita welcome Jacquelyn Melinek as a new permanent co-host on Chain Reaction. They dove into the hot crypto topics of the week, including the $190 million draining of the Nomad bridge by both ‘black-hat’ and ‘white-hat’ hackers. They also discussed the widespread Solana wallet attack and a particularly deep round of layoffs at Robinhood. You’ll notice something different about the show this week besides a new co-host -- we’re splitting up the news analysis and interview segment into different episodes! On Tuesdays you’ll hear us sit down with experts in the crypto space and on Thursdays, we’ll dive into the hottest web3 topics of the week. Catch us early next week for an interview with Uniswap COO MC Lader.
Welcome back, this week Lucas and Anita welcome Jacquelyn Melinek as a new permanent co-host on Chain Reaction. They dove into the hot crypto topics of the week, including the $190 million draining of the Nomad bridge by both ‘black-hat’ and ‘white-hat’ hackers. They also discussed the widespread Solana wallet attack and a particularly deep round of layoffs at Robinhood.
You’ll notice something different about the show this week besides a new co-host -- we’re splitting up the news analysis and interview segment into different episodes! On Tuesdays you’ll hear us sit down with experts in the crypto space and on Thursdays, we’ll dive into the hottest web3 topics of the week. Catch us early next week for an interview with Uniswap COO MC Lader.
Subscribe to the Chain Reaction newsletter to dive deeper: https://techcrunch.com/newsletters
Helpful links:
Lucas Matney 0:02
Everyone, it's Lucas, Anita and Jackie Welcome to chain reaction where we unpack and explain the latest in crypto news drama and trends breaking things down block by block for the crypto curious.
Anita Ramaswamy 0:15
We have some exciting changes that we're making this week. And the first one is that as you probably just noticed, we have a new co host joining us Jackie Melnick, Jackie is a senior crypto reporter at TechCrunch plus, which is our membership subscription product. She is going to be joining me and Lucas every week to talk through some of the biggest news stories in crypto. The second change that we're making is that we're splitting up what used to be one episode into two different parts each week. So our discussion of the news is coming out today. And that's the episode that you're listening to right now. And the guest interview that you're used to hearing is actually going to come out next week conducted by me and Lucas, the crypto world has just gotten pretty crazy. And things have heated up a lot compared to where they had been a couple months ago. So we're really hoping that this change is going to give us a chance to dive a little bit deeper into each topic. So with that, let's get started. We do have a lot to dive into this week. And Jackie is going to be talking about the first news topic that we have on the docket.
Jacquelyn Melinek 1:06
Yeah, thank you so much, and Anita and Lucas and I'm really excited to be here and be one of the new co hosts on the show. To start. I really want to go into what happened on Monday with the crypto bridging protocol Nomad, which was hacked for about $190 million. For those of you who aren't familiar, Nomad is a bridging protocol. And that basically means it allows users to swap tokens from a blockchain like Aetherium to another like Solana, avalanche, their process where tokens are locked up and issued and wrapped tokens, as they call it. And then they're transferred to a new blockchain. And then they're presented with the new token. Nomad isn't some like rinky dink small protocol, it's actually backed by a bunch of big names like Coinbase, ventures, open sea, crypto.com, and polygon, among others. So it had a strong following and a bunch of big names backing it and believing in the protocol. But basically, what happened is it went from having $190 million to about $1,700. And a number of hours after one attacker basically saw a vulnerability, and were able to change the receiving address of the funds on the bridge to their own. And hundreds of other accounts, basically figured out the trick and copied it and stole funds as well. And sounds very messy. Yeah, it was a bit messy. And it was a combination of people who wanted to keep it for themselves, you know, the bad actors, the actual hackers. And then there were white hat hackers, which are people who hack for fun, and then give back the funds usually for like a little return or something or they just do out of the goodness early. vigilante. Yeah, they're like the good people in crypto, right. There's good people in crypto. But basically, these bridges are like big targets for hackers. We've seen this in the past earlier this year, actually, infinities Ronin bridge lost $625 million in a hack, wormholes, bridge loss over $300 million and a hack. So this isn't new. And this is obviously something that is a big problem in crypto right now.
Anita Ramaswamy 3:01
What's the significance of bridges? Jackie? Why does that matter? Bridges are
Jacquelyn Melinek 3:04
kind of a way for you to get one either like layer one or layer two blockchain or cryptocurrency into another without having to go through like a centralized exchange, you could do it through decentralized protocols that basically allow you to take one coin like Aetherium and convert it into Solana. But the problem with that is that there's a lot of vulnerability in these and that if the code isn't 100%, perfect, we could have exploits like we've seen. And the craziest part about all of this is that the vulnerability in Nomades code was present in an audit report a few months back, and it was not addressed. And it was marked as a low risk priority, which I don't think it's a low risk priority anymore.
Anita Ramaswamy 3:52
It's always low risk until it's high risk, I
Jacquelyn Melinek 3:54
feel. I think that applies across all aspects of life. And this protocols too, but I think the fear of depositing funds into bridges will definitely continue to grow. Or even having funds in like a decentralized manner where things aren't insured and hacks continue to happen. In this case, we had one on Monday, and we'll go into if we had another one on Tuesday. And like the technology has developed over time, and there has been more awareness. But at the same time incidents like this will continue to occur until things are kind of bulletproof.
Anita Ramaswamy 4:25
How big is this hack? Like? What is the significance of this in the grand scheme of all the crypto hacks that we've seen?
Jacquelyn Melinek 4:31
I think the significance of the Nomad hack is kind of like nothing is safe until nothing's really safe. You think something's a low priority risk, and it turns out to drain the whole bridge, you know, they labeled it low priority and it was not low priority. And I think the significance here is that bridges aren't exactly as safe as people want them to be. And I think there's an idea that this cross chain world where we can take one blockchain and bring it to another it is so significant and everyone seemingly wants this in the crypto ecosystem. But a lot of people are sacrificing security in the meantime. So until these things are, as I mentioned before bulletproof I think we're going to continue to see exploits like this happen.
Lucas Matney 5:14
Yeah, if you're operating a bridge right now, I mean, looking at like XC infinity, that was a North Korean hacking group Lazarus group. So if you're operating a bridge right now, like you are the hotspot for hackers to be coalescing, poring through every service that you use, and trying to find a way in, and it's like, name another place in the world where you can liquidate $190 million in funds within like an hour or two, you couldn't carry that much money out with, like, drive it out in semi trucks in the same amount of time. So this was like, just so quick and so rapid. And it was hilarious, because people were just copying and pasting this code, and scoring denominations of money, like over a million dollars. So it's like, it's a level of messiness that I think people have kind of grown to expect, and it's giving a bad name to bridges bridging.
Anita Ramaswamy 5:59
I saw this quote earlier today from people pleaser, the NFT. artist, and she was like, web three is just held together by duct tape at this point. And yeah, a lot of parts of the ecosystem are just sort of taped together. So I think this really goes to show that there's a lot more work to be done in getting people to actually trust the systems and like you said, bridges are especially vulnerable.
Jacquelyn Melinek 6:18
And I think there's like a lot to think about here. And it was literally August 1, this happened. And then on August 2, we had another hack basically happen, just when we thought what was enough for the beginning of the month.
Lucas Matney 6:29
Yeah. So I mean, one of the things is that, like bridges have kind of they've gotten hacked enough. They've been enough high profile hacks that when people interact with them, they kind of know there's a chance that everything could go south. But there have been a few areas that feel a little bit more safe, one of which has been wallets and there's been this big movement over the years. Basically, since crypto started on having your own wallet, where are your private keys are stored with you, you have them written down somewhere. They're not held in a centralized exchange. There's no custody of them by these centralized exchanges. But people have generally felt like kind of safe, they know that they're like potential flaws. But stuff hasn't gone too wrong. So on August 2, a bunch of Solana wallets, ones that were kind of on mobile wallets on people's phones, all the funds in them started evaporating. This happened to 1000s of wallets, millions of dollars was liquidated. And in the meantime, no one had any idea what was going on. People were wondering whether this was a fundamental hack to the salon and network, they were winning all these different things. The only people who weren't being affected were people who had their tokens stored in centralized exchanges, or had them on hardware wallets, which store the private keys directly in the little device. So yeah, it was kind of funny. We were all watching this play out in real time on Twitter, and everyone was just kind of like throwing their hands up even like the Solana founder, people were sending around Google Forms asking people who've gotten their money stolen, what, you know, wallets they're using, and like, when the last time they interacted with them was like, usually when something this widespread happens, maybe there was a big push by like a malicious contract. And a lot of people approved signatures, and then their funds got liquidated. But a lot of these wallets hadn't been used in months. So this was scary. And I think they've kind of narrowed it down at this point. So there were a lot of wallets that were all connected to a wallet called slope. And so far, it seems like some of the top figures in Solana are saying that there was something regarding a service provider for users of this mobile wallet that left the private keys vulnerable. So it's a tough thing to overcome when your job is securing user funds.
Jacquelyn Melinek 8:24
I think also it kind of speaks to like the safety of storing crypto, I feel like so many times, I've heard the saying, as you both know, not your keys, not your coins. And now we're seeing like, even when it is your keys, and it is your coins, like it might not be as safe as you want it to be when it's on a cold wallet, or a hot wallet,
Lucas Matney 8:43
I should say yeah, these things are fundamentally still apps, there have been like hacks in the past where it was related to like a vulnerability with like a JavaScript integration into a mobile mobile app or something like that. This stuff can get scraped. It's just It's rare to see something like this, that at the time we're recording this, maybe it's been figured out by the time this goes live, but at the time of recording this, it's been about 18 hours or so no one really has like the clearest idea and exactly went wrong yet.
Anita Ramaswamy 9:08
Yeah, I think what's really crazy is there's been a lot of talk before about the Solana ecosystem, specifically having like security issues, or maybe that's one of the trade offs you make when you use Solana, but it sounds like that wasn't even the underlying issue. So there's so many different little points of vulnerability along the whole chain of events when you do anything with your crypto that Yeah, even if Solana like has their act together, it doesn't really matter, like the funds are still not necessarily secure.
Jacquelyn Melinek 9:31
I think this also like points back to the importance of security and education over speed and also understanding like the risks when you're holding your cryptocurrency on an exchange or a hot wallet or cold wallet wherever you hold it, because I was listening to a Twitter space last night that had 1000s of people tuning in, and they were basically telling them to move it to an exchange or to a wallet like ledger. And some of the people didn't even know what that meant, and they were losing their funds. And it just kind of speaks to the significance of like really doing the education in this space to make sure that you protect yourself even when others might not be protecting you
Lucas Matney 10:06
a lot of people in like the Aetherium and Bitcoin ecosystems have long poked a lot of fun at Solana and have said that it's basically a centralized service like Venmo built on crypto rails, just like saying, you know, they're operating a ton of the core infrastructure. They talk about how it's very decentralized, but I think there's still some people who just have a little bit more faith, but they have more faith in the proof of work mechanisms that Bitcoin and Aetherium use. Now, Bitcoin is going to continue to use that. But as a theory moves to proof of steak, I think this also kind of raises some questions there.
Anita Ramaswamy 10:39
Yeah, one thing I want to just clarify, for anyone who's listening, it's like the difference between a hot and a cold wallet. It's honestly something I learned, like embarrassingly recently, it goes to Jackies point of like, the education is so important, a hot wallet is one that's connected to the internet. So it's actually an online wallet, whereas cold storage would be using something like ledger or a hardware device to store your coins. So you have to have like physical custody, essentially, of the cold wallet itself. It's like a USB thing that you plug into your computer. If you lose it, you're kind of screwed. So I think that's where people find it tough, because there seems to be no really secure, but also decentralized option, because if the two options people are being given in order to secure their assets, or like, okay, either deposit it with like Coinbase, or an exchange will okay, but then I don't personally hold my keys. And then my other option is to get this like USB plugin thing that's not super secure, either, because I feel like I'm the type of person who would lose my hardware Wallet. So it just seems like that's a it's a really big trade off. And it's more about like people having to figure out where they fall in terms of being comfortable with those trade offs, rather than I mean, there's no perfect solution that exists.
Jacquelyn Melinek 11:39
And the middle option would be using something like Phantom for Solana or slope or Metamask, or any of these other crypto wallets that are basically browser extensions. But when you think of them as like something that you would assume to be safer to hold your crypto in this hack is proving that it's not necessarily
Lucas Matney 11:57
I just I also loved like giving someone advice on Twitter to use a hardware wallet, like in response to an emergency. We're just like, Okay, let me go fucking too. Yeah, exactly.
Anita Ramaswamy 12:12
Just like can Amazon Prime that?
Lucas Matney 12:14
Yeah, exactly. And it's also it's funny, because this is a piece of hardware. And a lot of these costs like probably around 100 bucks, 150 200 bucks. And I would say fair to say at this point that anyone who's gotten into crypto in the past two years does not have 100, or 200 bucks of profit on their crypto investment. So it's just also like, if you're holding like 1000 bucks or something, spending $100 on the mechanism for holding it is not trivial. So it's like something that you're going to feel more inclined to do if you're like holding a crypto punkers something that's like super high value in your wallet. Like it's,
Anita Ramaswamy 12:45
you know, while this part is it's like saying like, Oh, go get an external hard drive. It's like, sure that works for my like, shitty photos from 2016 that I don't want to lose off my iPhone, like, that's okay. But it's different when it's real money, like actual currency, I just can't imagine like logging into my bank account and seeing like, oh, half of the money is gone. I don't even know what happened here.
Jacquelyn Melinek 13:03
Yeah, there's a lot of self responsibility with that like to transfer it, you know, and put it on like a hardware wallet. That's not asking you to put your photos like you said onto a little USB thing. Like you're putting whatever funds you have invested in crypto on to this thing and trusting that you won't lose it and you won't misplace it when you do it. That's a lot of education that has to be done.
Lucas Matney 13:23
Yeah, this whole thing was is an ongoing fiasco. And I think it's gonna serve as like a learning point for a lot of people in the slano ecosystem, because like a lot of them have these like phantom wallets or slope wallets or just like popular wallet ecosystem and are probably just like checking it out and trying to figure figure out what went wrong for them. So they're learning about hardware wallets today. Yeah, I would say that overall, this weekend, mostly bad stuff happening on our sides. It was the hacks but for some of the big companies, it looks like they're kind of trying to slow down the growth. So and you know, what's going down in, in public company world?
Anita Ramaswamy 13:54
Yeah, it sucks that I got to be the bearer of bad news this week. But I guess you had to do it as well. The latest bad news is out of Robin Hood. So Robin Hood just announced yesterday that they are cutting 23% of their workforce. And this is coming just three months after they cut 9% of their full time staff. So the layoffs have been pretty steep. If you do the math, that amounts to about 713 employees who are affected and would leave around 2400 employees currently employed still at Robinhood. That's according to some math done by some of our colleagues who reported on the issue Maryanna Natasha, you can check out their article. But essentially what was crazy about this is that their CEO, Vlad 10, F wrote a blog post announcing the layoffs explicitly like he was super upfront about it. And he essentially admitted that they over hired there was a quote in that post that said, as CEO, I approved and took responsibility for our ambitious staffing trajectory. This is on me. And I think it's super rare to see a CEO come right out and just say that, you know, I'm the one accountable. I'm the one who signed off on all of these hiring decisions. And I think crypto is just growing so fast and retail investing in general was growing super fast and so flat 10 have specifically pointed to the fact that all of these new traders were entering the ecosystem in 2020 and 2021. The company is super dependent on trading based and transaction based revenues. And people are just not I mean that that market is just not growing as fast as they thought it would be. And in some ways, it's sort of like a groupthink mentality because a lot of other crypto exchanges recently also conducted layoffs. We saw this at Gemini, we saw the SEC coin base, we saw really unexpected, like huge job cuts at both of these companies. And it's sort of like, if you're a crypto exchange, and you see all of your competitors are aggressively hiring, if you don't do the same, then you get worried and you got afraid that you're gonna fall behind. Now that we've seen the macro environment basically go to shit, inflation is really high trading activity is just down. And that's going to really hurt. So I guess the backdrop to all of this, though, is that Robin Hood is actually sort of somewhat doing better from there really low lows that they kind of reached and Lucas and I had chatted about on previous episodes. You know, they were down a little bit after hours after they announced the layoffs. But then overall, today, they're up about 12%. And over the month, they're up about 25% or so from where they were trading a month ago. So you know, this is interesting, because they also announced their q2 results yesterday. It's like a huge day for Robin Hood. And they announced that they saw a 6% increase in net revenue. And I don't want to be misleading about this because they are still operating at a loss, it just means that the losses were smaller compared to last quarter. But one bright spot, and one of the reasons that they were actually able to improve their loss is because although their transaction based revenue was down across the board, crypto revenue, specifically increased 7%. So crypto sort of a bright spot for them. But it's interesting, because there's one other piece of news that the Robin Hood got hit with, which is bad and relates to their crypto division. And that's that they were fined $30 million this week by the New York State Department of Financial Services for violating anti money laundering and cybersecurity regulations. So a lot going on there like Robin Hood is doing better, but they're definitely still struggling with some of the issues of their past hypergrowth that we saw.
Jacquelyn Melinek 17:01
Yeah, I don't want to speculate either. But going back to what you said, about how we've seen a number of layoffs across the industry, in the past couple of months. Now we're seeing for lack of better terms, like a double dipping here, like we saw that with Robin Hood, we saw that with Gemini. And it'll be interesting to see if other crypto or FinTech companies come forward and do the same like realize, Oh, crap, I didn't lay off enough people or Oh, we don't really have the funds for this, you know, so I think this is gonna be a trend that we will continue to see unfortunately, as we continue into, like this bearish market,
Anita Ramaswamy 17:33
it's always better for companies to just do it all at once I feel like you know, sort of get it over with instead of having to be in the headlines in the press twice for laying off your staff.
Jacquelyn Melinek 17:40
I mean, that's you don't like band aids being ripped off slowly. Yeah.
Lucas Matney 17:44
No, I'm not a fan of that. I mean, that's always the you know, the rule of thumb for layoffs is like you just want to cut and cut deep and you don't want to cut again, because it's not only bad for press, but it's bad for employee morale, if they're just like, Okay, well, when's the third round coming now? And I think that that's kind of what's interesting. If you look at some of these other layoffs from other folks like Gemini, or Coinbase, they kind of like pinned the majority of the blame on the macro market conditions or like crypto market, but now that Robin Hood is kind of like seeing all these issues, I feel like in a way like him taking responsibility as being like, we have control over our destiny, we're not just at the whims of the crypto market like nobody knows which direction it's going to go the market
Anita Ramaswamy 18:23
like it's some intangible force, but CEOs still do have control over their actions like you said,
Lucas Matney 18:29
yeah, and they haven't they have an advantage where they're not fully like obviously Brian Armstrong can't be like well you know the crypto markets go into shit but we can figure out something else. That's what they've got Robin Hood sell his home.
Anita Ramaswamy 18:43
How many million would that be Jackie? Yeah,
Unknown Speaker 18:46
yeah, right. Sorry.
Lucas Matney 18:49
But it's an interesting point now because like yeah, doing 9% layoffs is like signal something's wrong. again coming back and doing even deeper layoffs like a quarter of the company is that's got to be pretty demoralizing for some of the people on on staff there.
Anita Ramaswamy 19:03
Yeah, I mean, good on flat tena for taking accountability at the same time. It's a pretty big blunder to take accountability for gonna pat him on the back too much. Right, right. That's not what we're here for. It's not our jobs. But one thing I thought was interesting with the fine and the settlement from the NY DFS was actually that, you know, this investigation was something Robin Hood had disclosed about a year ago. And so it's been ongoing, right, like they've been under investigation for their lack of compliance. And one of the big things the NY DFS pointed out was that Robin Hood's compliance program was insufficiently staffed and basically failed to transition in a timely manner in accordance with their hypergrowth. So it's not just that they were over staffed in like certain areas. I think the layoffs mostly affected marketing and operations staff, the ones that were announced yesterday, but it's also interesting to see that they were actually understaffed in another area, which was compliance. So it's not just over allocating resources hiring. It's also miss allocating and like maybe not investing in the right areas that you need to invest in.
Lucas Matney 20:00
So I think that's it for the news this week, some of the stuff that we've been working on that you can check out on techcrunch.com. I've been looking pretty heavily at the metaverse side of the crypto world these days, Mehta has been talking about the billions that they're pouring into this industry. They're jacking up the prices of their headsets. They're getting sued by the FTC. It's a lot going on there. So that's what I've been mostly focused on. What about you, Jackie? Yeah. So
Jacquelyn Melinek 20:22
I actually put out an article on Wednesday with an interview Solanas co founder, Raj cocao. We spoke before the Solana wallet hacks. But basically we kind of discussed where he sees the ecosystem going, how the network is growing, and how there's a focus on speed and performance and how so many developers are really getting into Solana. So it's really interesting to sit down with him and hear his thoughts even with everything going on. And Anita, what about you?
Anita Ramaswamy 20:45
Yeah, for my part, we've talked a lot about this on today's episode, but I've been thinking a lot about crypto wallet security as a concept specifically for NF T's I think, you know, a lot of people sitting on multimillion dollar JPEGs really are concerned about the security of those. So I had a chance to talk to the co founder and CEO of upstream, which is a Dow tooling platform, and they released this new product, which is a Dow based multisig solution for NFT wallets to stay secure. If you want to know more about what that all means. I wrote an article on it that came out on Wednesday, so you can check that out. That's all for today's show. But next week, be sure to tune in for our interview of MC have uniswap She's their CEO, and we're gonna be chatting with her about all kinds of fun sci fi stuff. I'll see you then.
Lucas Matney 21:31
We'll be back every week with the top news in the crypto ecosystem. Catch us on Tuesdays for interviews with experts in the web three space. You can keep up with us on Spotify, Apple Music or your favorite pod platform and subscribe to our companion newsletter also called chain reaction. Links to the newsletter and the stories we talked about can be found in our show notes and be sure to follow us at chain underscore reaction on Twitter
Anita Ramaswamy 21:53
chain reaction is hosted by myself Anita Ramaswamy along with my co hosts Lucas Matney and Jackie melanic. We are produced by Yashad Kulkarni on our associate producer as Maggie Stemettes with editing by Cal Keller Bryce Durbin is our Illustrator Alyssa Springer at leats audience development and Henry pick about manages TechCrunch his audio products. Thanks for listening and see you next week.