Ledger breaks crypto, again
We stay on-chain, so you don't have to. Get ahead of the curve in 5 minutes.
Welcome to Stay on-chain! Let us sift through the noise for you, delivering only curated and actionable insight into your inbox.
In today’s edition:
Market performance
News roundup
Farms of the week
Meme of the week
Reading time: 5 min
This week, the crypto prices were reacting to various news, yet, they mostly held their ground.
Several important financial events unfolded. Inflation met expectations at 3.1% and the Fed maintained rates at 5.25-5.5%. Powell's speech had some very positive remarks such as "Our policy rate is likely at or near its peak for this tightening cycle" and "There's little basis for thinking that the economy is in a recession", which were well-received by the markets, especially by stocks. The SP500 saw a notable increase. Bitcoin instead, experienced volatility in both directions. Today, it took a hit amid negative news about multiple DeFi incidents, which we'll cover later in this edition.
The standout performer of the week is Injective's INJ, a cosmos chain optimized for finance and aiming to challenge Solana with its speed. On the flip side, the week's worst performers are LUNC and MEME, both classified as purely speculative coins.
Ledger’s security incident results in $650K stolen
Ledger owns the first spot when it comes to hardware wallets in terms of market share, which makes it a frequent target for malicious actors. After the disastrous launch of Ledger Recovery in May, the company made it back to headlines because of Ledger Connect: a tool that allows you to connect a Ledger to dApps, acting as a bridge between the hardware wallet (which remains offline) and online applications.
Reports of an exploit began around 12 pm UTC — in fact, the “Connect Wallet” modals of many popular applications that used Ledger Connect were tampered with a malicious version that redirected funds to the hacker. Popular ones are OpenSea, SushiSwap, and Revoke Cash. To date, the hacker has collected ~ $650K in stolen funds, with Tether promptly freezing their USDT tokens.
The issue was apparently resolved around 1:30 pm UTC, with an initial consensus that the hack was due to the injection of malicious code using an old employee’s GitHub account, somehow exempt from some of Ledger’s security measures.
Hacks and bugs continue to challenge DeFi
Two incidents happened in DeFi this week. One involved OKX DEX, a liquidity aggregator on the OKX chain, experiencing a private key leak that led to a loss of $2.7 million. Exploiting this leaked key, the attacker updated a deprecated smart contract, utilizing its approvals to steal the funds. Arkham Intelligence has suggested potential connections between this hacker and other exploits.
The second incident unfolded with Yearn Finance, due to a flawed multisig script, resulting in a 63% loss of funds from its treasury. Fortunately, user funds remained unaffected. The error took place during a routine fee token swap for Yearn's treasury, causing the unintended exchange of 3,794,894 lp-yCRVv2 tokens for 779,958 yvDAI tokens. The trading error triggered significant price slippage and the market swiftly arbed itself to the normal price. Yearn Finance has appealed to users who profited from the incident's price movement to return a reasonable amount to Yearn's main multisig. The losses incurred amounted to $1.4 million.
We’d like to thank Decrypted for the insights into these events.
Coinbase targets institutions
Coinbase aims to lead in serving non-U.S. institutions too. The company recently introduced spot trading for institutions outside the United States. Starting December 14, Coinbase will enable non-U.S. institutional clients to engage in spot trading for BTC-USDC and ETH-USDC pairs via API access.
In addition to that, Coinbase aspires to assist institutions in issuing assets on-chain. Under Project Diamond, Coinbase and Coinbase Asset Management have launched a smart-contract-powered platform that enables institutions to create, manage, buy, and sell digitally native assets on-chain on Base. Notably, the platform has successfully executed its first digital debt instrument, utilizing Coinbase's technology stack and it incubated Ethereum Layer 2.
Want to sell your NFTs for tax loss harvesting, but they’re illiquid? Unsellable NFTs have your back.
LandX brings agriculture on-chain
Surfing the RWA narrative, LandX is launching a platform where farmers and crypto investors can meet, claiming to offer a hedge against inflation and market volatility. Farmers can thus receive upfront capital in exchange for a legal share of their crop, while investors can buy tokens representing their share of produced crops — earning USDC rewards claimable at any time. The platform’s token, LNDX, is set to launch tomorrow.
Pudgy Penguins to conquer mainstream culture?
After appearing in more than 2,000 U.S. Walmart stores selling merchandise, the popular NFT collection marks another milestone in their roadmap by announcing Pudgy World — an open-world on-chain storytelling experience built on ZkSync’s technology. The collection saw new highs following the news, with the NFT collection touching a $25,000 floor price, up 25 times from June last year.
Kaito AI, an AI-powered search engine for Web3, has been released. It helps track narratives and crypto sentiment, transforming them into actionable insights. (No, this is not a paid ad, we just think it’s something cool).
Syntethix is ending SNX inflation
Synthetix governance has approved the SIP-2043 proposal, putting an end to SNX token inflation. As a result, Synthetix stakers will no longer need to claim weekly inflationary token rewards that were initially introduced to spur liquidity and growth. Going forward, the project plans to use trading fees collected for buybacks and burns, utilizing protocol-generated fees to acquire and reduce the supply of SNX tokens as revenue redistribution.
JPMorgan says ether will likely outperform bitcoin next year — The Block
Trump launched a new NFT collection — website
Google is updating its ads policy amid Bitcoin ETFs coming — The Block
Worldcoin is integrating with Minecraft, Reddit, Telegram, and Shopify — Tech Crunch
Rainbow Wallet launched a points campaign aiming to capture Metamask userbase by enticing an airdrop — 𝕏/rainbowdotme
Coti announced COTI V2, an Ethereum Layer 2 network focused on privacy — 𝕏/COTInetwork
Paypal’s Bitcoin volumes are starting to pick up again, possibly signaling increased retail interest — 𝕏/DaanCrypto
An essay on the intersection between Web3 and games by Colleen Sullivan.
Intents are the hottest topic of research, what are they? what issue do they solve? Here’s an overview by 0xRainandCoffee.
Have you seen Celestia’s TIA chart? It has been following a Burj Khalifa pattern recently.
explains in his article some of the reasons that might have played a part:
Idle capital? Here are a few ways to put it to work:
Seamless Protocol, a new lending market on Base that seemingly received Coinbase’s blessing. Earn 17.35% APR on your ETH, paid in SEAM.
Venus Protocol, a popular lending market on the BNB Smart Chain, offers a 39% APY for supplying your BNB tokens, paid in BNB. Mind that this is due to Binance’s launchpad, and your capital may remain locked for a few days due to full utilization.
Pact.fi, the leading DEX on Algorand, features stablecoin yields going as high as 50% APR for FUSDC/FUSDT thanks to ALGO incentives and the partnership with Folks Finance.
The above section does not provide you with financial advice. Please, do your own due diligence before investing even a penny into these protocols.
If you found this edition valuable, why not share it with a friend?
Forward this email—it's the best gift you can give us!
Thank you for reading and see you next week!
Disclosure: Authors may own crypto assets named in this newsletter. Stay on-chain is meant for informational and educational purposes only. It is not meant to serve as investment advice. Please consult your investment, tax, or legal advisor before making investment decisions.