harpocryptes 🦇🔊

@_prestwich Why do you *need* upgrade keys? Cannot you make the bridge immutable, and if a new bridge is needed, you can deploy a new (immutable) one at a different address?

you set out to build a trustless bridge and then you end up with some frankenstein altair oracle zk proof mess and you STILL need upgrade keys to it because Ethereum plans to deprecate it's entire consensus system (again)

well part of it is that truly trustless bridges aren't actually possible at all. and the other part is that costs and downsides grow rapidly as you approach the ideal

$rETH is the only major LST trading at a price premium on secondary markets Only Rocket Pool ensures full backing by staking deposits, plus additional node operator ETH bonds on top Fully permissionless and maximally decentralised, rETH is Ethereum's overcollateralised LST

@LucasKozinski What changes do you propose?

Breaking: Ethereum's entry, exit queues and the 2.5% staking yield need a complete revamp. Ethereum is being farmed to death as incentives are misaligned, with lending loopers and LSTs pricing staking close to risk-free. Meanwhile, the entry and exit queues create unnecessary risks to Ethereum's institutional adoption. Ethereum has grown up, it's time to update the system.

@austingriffith Where can I learn more about the "developper games" you mention?

🎙️ catch me rappin' 🎥 ethereum ecodev looks good from here

@cautionfun_ @materkel Plenty of companies and projects want it. l2beat.com

@materkel If something is free, and people don’t want it, what would you say the true value of that something is?

Why not both? That was literally my whole point 🤷‍♂️ You can have Ethereum network effects for free. Even if you think these network effects are small… You get them *drumroll* for FREE!!! Thank you for your attention to this matter.

@KumaCapxbt @UltraSM1559 @RyanSAdams Your mention of the foundation tells me you are not serious. They are selling nowhere near the size that would significantly affect the price.

@UltraSM1559 @RyanSAdams Cause sol can scam pump way more than eth. Eth can pump, but whales and foundation will slam it back down rapidly, almost no risk of liquidation. On a long enough time frame, eth going back to sub 2k is literally 90%+ probability so risk reward is very good

Tempo chain by Stripe is Libra v2 but with a political climate that won't strangle it in the crib

@ryanberckmans I was impressed how articulately you made the case for Ethereum. Well done!

Great to stop by Bankless and chat about why ETH is growing into a multi-trillion-dollar asset Ethereum and ETH are much more special and valuable than Jon thinks

@potuz_eth @peter_szilagyi Note than this is a 4 year old post. Do you know what happened afterwards?"

@peter_szilagyi It's also wild that there are deep fights and takeover over crypto libraries in the rust space that scare the shit out of using any of them. Particularly with that curve you are using reddit.com/r/rust/comment…

Daily reminder that #golang's opinionated official crypto library approach is far superior to #rustlang's everyone go wild approach: I need to put an X25519 pubkey into an x509 cert. No Rust library supports that, even though it's a standard. Nobody got "that far" yet.

@ViktorBunin @GwartyGwart @jessepollak x.com/jessepollak/st…

@GwartyGwart I am fairly certain I saw @jessepollak tweet that we hold the eth base earns, but can't find the tweet now.

If your mental model of ETH is AWS credits then you're right, L2s make zero sense. However if your mental model of ETH is money that will power the global economy, L2s make perfect sense, because they use ETH as money.

@DPGSpurs @dcinvestor @jimpeiko "BTC has no inflation" is a wild take when each block issues new BTC (0.83% annual inflation rate).

ETH being valued like Ethereum is a tech company with revenue makes no sense whatsoever absolutely nothing else in crypto is valued like that, nor does it even make sense when these tokens do so much more than be be simple network profit sharing tokens most people who hold ETH use it for speculative purposes, staking income, DeFi collateral use, medium of exchange for an onchain economy, and a little bit for gas money. all of these use cases create significant reserve demand for ETH no one is holding it because they think they are entitled to blockspace revenue, which will longterm be driven towards zero anyway the value of ETH is lower right now because the volume and magnitude of these uses utilizing ETH are currently down on both L1 and L2 as compared to the mania of last cycle there's a def a discussion to be had about if L2s are paying enough to L1, etc. BUT i totally reject that ETH is some kind of security valued based on network income it never has been, and it never will be

@TimBeiko @0xTycoon @TardFiWhale Instead of freezing the receiving address, you could not increase its balance. That could work for ETH, but then there's erc20 tokens, defi, etc. It's an endless cat and mouse game.

This is almost correct — the nodes can see what happened in the past, you could say that any address that interacted with an address that interacted with address X is frozen as of block A. That said, a rule that says "all possible future addresses that X interacts with are frozen" would allow for the hacker to freeze all addresses on Ethereum.

ELI5 why we cannot "rollback" Ethereum? After yesterday's Bybit hack, crypto commentators are again asking why Ethereum cannot "rollback" the chain to reverse the hack. While experienced ecosystem actors near-unanimously agree that this is infeasible, it's worth breaking down why this reasonably sounding proposal is technically intractable for less knowledgeable observers. If that's you, consider this an "ELI5" version of why this is impossible. First, some context on rollbacks: The idea of a blockchain "rolling back" stems from an early incident in the Bitcoin blockchain. In 2010, less than two years since Bitcoin's launch, a bug in the client software caused 184 billion (yes, *billion*) Bitcoins to be minted in block 74638. To fix this, Satoshi released a software patch to the Bitcoin client which invalidated the transactions. This had the effect of "rolling back" the chain which had kept growing in the meantime to block 74637. In less than a day, the new chain had accumulated enough proof-of-work to become canonical and all user transactions that had been rolled back were included in the new chain. Note that at the time, Bitcoin's mining difficulty was 10 billion times lower than today, and the BTCUSD price was about 0.07$. In short, this situation was unique in that a clear protocol bug led to the problematic transactions, which could easily be identified due to their large amount. Additionally, Bitcoin's limited adoption made it easy to distribute a new client version and quickly mine a new chain segment. Ethereum and TheDAO: Ethereum's early history had a superficially similar crisis which often leads to confusion about the practicality of rollbacks. In 2016, a popular Ethereum application, TheDAO, had ~15% of all ETH in existence under its control. Unfortunately, a hacker found a bug in the application's code that allowed them to steal all of these funds. This was notably different than the Bitcoin situation because the Ethereum protocol worked as intended, it was the application built **on** Ethereum that had an issue. Luckily, the developers of TheDAO had implemented a failsafe where withdrawals from the applications were frozen for a month before they were completed. This presented a unique opportunity to address the bug: the code of the application could be changed to prevent the funds from ultimately going to the hackers. Because there was no way in the application itself to do this, Ethereum protocol developers had to make the change directly in the blockchain's history. This is called an "irregular state change", because the "state" of the application was changed by manually updating the database, rather than, say, by a valid Ethereum transaction. A rough comparison to the Bitcoin bug above would be to have set the balance of the addresses that received the 184 billion BTC to 0, rather than re-mining a chain excluding those transactions. This upgrade was contentious and the Ethereum community effectively fractured over it. A subset of miners refused to run the software patch and kept mining on the chain where the hack happened, which still exists as Ethereum Classic. The chain that is known as Ethereum today is the one where this software upgrade was activated. Again, this situation was unique. Hacked funds from TheDAO were effectively frozen for a month, giving time for the community to coordinate on a software upgrade. The funds being frozen had another major advantage: there was no "contagion" from the hack. Had the hacker been able to move funds at will, "freezing" the funds would be an impossible cat and mouse game, as the protocol is open source and any potential change which froze the funds would have to be broadcast to the hacker, giving them plenty of time to move their funds elsewhere. Which brings us to the Bybit incident. Why we can't rollback Ethereum Earlier this week, the Bybit exchange had 401,346 ETH (~1.4B USD) stolen. The theft was caused by the custodian of the funds signing a misleading transaction in a compromised multisig interface. The root cause for this hack was higher up the stack than both TheDAO and the Bitcoin overflow bug. There were no issues with the Ethereum protocol, or even with the underlying multisig application used by Bybit. Instead, a compromised interface made it appear as though a transaction was doing one thing while it was actually doing another. From the perspective of the Ethereum protocol, there is nothing to distinguish that transaction from other legitimate transactions on the network. There is no protocol rule that was broken where patching the issue would isolate the hacked funds, like in the case of the Bitcoin exploit. Furthermore, the funds were immediately available for the hacker to spend. Unlike in the case of TheDAO, where the community had a month to deploy a surgical intervention, here the hackers immediately started moving the funds onchain. Even if we could solve the cat and mouse game described above, the Ethereum ecosystem is far different today than in 2016. DeFi and bridges to other chains mean that any stolen funds can easily be mixed within a web of applications. For example, stolen funds can be swapped on a decentralized exchange, with the resulting tokens being used as collateral in a DeFi protocol, where the borrowed assets are bridged to a completely separate chain. This level of interconnectedness means that any irregular state change, even if socially palatable, would have near-intractable ripple effects. A "full rollback", where a portion of the recent chain history was invalidated, would be even worse. Any settled transaction, many of which have implications outside Ethereum (e.g. exchange sales, RWA redemptions, etc.) would be undone, with no way to revert the offchain half of it. So, to conclude, while Bitcoin was able to "rollback" its blockchain 15 years ago, today, the interconnected nature of Ethereum and settlement of onchain <> offchain economic transactions, make this intractable today. Technically, irregular state changes are still possible on Ethereum in cases where funds are frozen and isolated. The last time such a change was proposed, in 2018, to address a bug in Parity's multisig wallet where ~500,000 ETH were frozen (see EIP-999), it was strongly opposed by the community of the contention resulting from TheDAO.

@0xOptimus @hasufl Because FTX was insolvent and went bankrupt.

@hasufl Why would they cover the liability with ETH instead of doing it in USD like how FTX did?

If you want my serious take 1. Bybit has way more than 1.4b of revenue per year. They are good for the money and will make all customers whole. 2. It doesn't matter for ETH because Bybit will honor customers's ETH liabilities and buy back the assets on open market.

@ercwl @Bybit_Official Page 112, I believe.

@Bybit_Official Link to Chainalysis report: go.chainalysis.com/rs/503-FAP-074… Start at page 132, but the whole report overall is a worthwhile read.

If you want to understand what happens to funds after they’re stolen by North Korea/Lazarus Group, the Chainalysis 2022 report is great Step 1: Swap any ERC20s (like stETH) into ETH Step 2: Swap any ETH into BTC Step 3: Cash out BTC to cash (Chinese Renminbi) using Asian exchanges This process can take years. They are in no hurry. In 2022, it was noted how North Korea was still sitting on $55 worth of funds from hacks that happened six years earlier (2016).

@SSJ2_Spartan @austincampbell @Bybit_Official I think we already have some evidence that the security measures were, in fact, not effective.

A nation state didn’t seized control of a blockchain and redirect funds from ByBit to its own wallet. Instead, this seems to be a sophisticated attack targeting ByBit’s exchange and its underlying technical infrastructure As more details emerge, we should gain insight into the incident, including the specific security measures implemented by ByBit’s CISO and how effective they were.

The Ethereum validator set can and should return the ETH to @Bybit_Official if this is true. If we continue to allow nation state actors to steal from private entities, this is the fastest pathway to a regulatory blockade of public chains and mainstream usage, or also ETH to 0.

@TrustlessState Was it real when @bankless reported it last November? x.com/BanklessHQ/sta…

Chat is this real

@TrustlessState Wasn't this decided last year already? What's the news now? morganlewis.com/pubs/2024/12/f…

@Cointelegraph Wasn't this decided last year already? What's the news now? morganlewis.com/pubs/2024/12/f…

🚨 BREAKING: Court lifts OFAC sanctions on Tornado Cash, marking a major win for crypto privacy advocates.

@ConfuEth @dcinvestor > It is extremely difficult to get into coinbase Unless you're a 1 day old memecoin with 80% allocated to insiders 😉

@dcinvestor It is extremely difficult to get into coinbase, let alone base team. The bar is set very high.

based

@joranhonig Which code contests do you recommend? Or a good source with a list and/or announcements.

Don't go straight for bug bounties if you're new to web3 security. Try your hand at code contests first. You're much more likely to find something (good for motivation), and you can learn a ton by reading the final report once the contest closes.

@SatBalwynnorth @waqwaqattack @d_gusakov "You made it" is reserved to the day when @VitalikButerin will be on Rocket Fuel.

@waqwaqattack @d_gusakov You made it!

Can you believe I had someone from Lido on a Rocket Pool show?! Talking to @d_gusakov was really cool. He's a good guy. Check out the new episode from yesterday.