I, Degen

This week we have a bunch of weekly news updates. Then we deep dive into the upcoming Ethereum merge and the rippling effects of the OFAC Tornado Cash sanctions on Ethereum censorship resistance.

Show Notes

I, Degen - E12: Ethereum Fights to Remain Censorship Resistant - 8/24/2022

Listen at: idegen.fm
Contact us: @idegenfm

Intro
Welcome to I, Degen - Each week, we track down and explore the most exciting crypto stories. Hacks, mysteries, exploits, and anything that feeds our crypto curiosity. We dig in, cutting through the misinformation and hype in search of a signal in the noise.


Episode Summary
This week we have a bunch of weekly news updates. Then we take a deep dive into the upcoming Ethereum merge and rippling effects on Ethereum protocol level censorship from the OFAC Tornado Cash sanctions.


I,Degen - Weekly Stories
1.The Chicago Mercantile Exchange (CME) Group will launch Ethereum option contracts on its platform on September 12. The company announced that it’s waiting for regulatory review, and if approved, these new investment products will join its ETH futures and mini futures contracts.

2.Alleged Russian Money Launderer Extradited from the Netherlands to U.S.

According to court documents, Dubnikov and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the United States and abroad. Specifically, Dubnikov and his accomplices laundered ransom payments extracted from victims of Ryuk ransomware attacks.
3.Reaper Farm Yield Aggregator Owned

4.TikTok monitoring all keyboard inputs and taps

When you open any link on the TikTok iOS app, it’s opened inside their in-app browser. While interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click.
5.Wrench Attack - 3 men targeted an Indian realtor they knew held bitcoin and abducted him while posing as sellers of a plot of land. They tortured him for 3 hours until he gave them 8 BTC. - [r/CryptoCurrency post]

  • Victim was not hurt, according to his wife
  • The suspect was caught using a trap to lure them back to the kidnapping spot Note: These attacks are rare but often receive much media attention. Nonetheless, it’s essential to be aware. Often, you see comments like, “yeah, this is why you keep your crypto a secret!”, which happened on the Reddit post. However, is that advice practical for 'mainstream adoption?
6.Hackers steal crypto from Bitcoin ATMs by exploiting zero-day bug - via Bleepingcomputer, August 20, 2022

Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers.When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers.The attacker was able to create an admin user remotely via CAS administrative interface via a URL call on the page that is used for the default installation on the server and creating the first administration user. This vulnerability has been present in CAS software since version December 2020. General Bytes Official Advisory
7.iOS VPNS have leaked traffic for years, Proton CEO says.

  • Apple notified more than two years ago
  • claim/issue: any connections established BEFORE activating the VPN are not tunneled
  • janky trick that may or may not fully work: Turn on your VPN, then turn on airplane mode off and on.
8.U.S. Lawmaker Questions Treasury Over Tornado Cash Sanctions August 23, 2022 via CryptoBriefing.com

Rep. Tom Emmer (R-MN) raised questions over the decision to sanction Tornado Cash in a letter sent to the Treasury Department today.Emmer called the ban of a “neutral, open-source, decentralized technology” a “divergence” from historical precedent.Among other things, Emmer asked what recourse law-abiding users of Tornado Cash may have to claim funds trapped in the protocol.


I, Degen - Deep Dive - The Merge & Ethereum censorship in a post-sanctioned TC world.
What is the merge TLDR?

The Merge represents the joining of the existing execution layer of Ethereum (the Mainnet we use today) with its new proof-of-stake consensus layer, the Beacon Chain. It eliminates the need for energy-intensive mining and instead secures the network using staked ETH. A truly exciting step in realizing the Ethereum vision – more scalability, security, and sustainability.
- https://ethereum.org/en/upgrades/merge/

What's the problem? OFAC Tornado Cash sanctions fallout continues.

Ethermine, the largest Ethereum pool, has refused to pack Tornado Cash-related transactions into blocks in the past week. Several pool technicians also confirmed the news and said it was the first time in history.
— @WUBLOCKCHAIN AUGUST 20, 2022 - https://t.co/XLC3ZjddLR

Individual miners can refuse to include whatever they want, but it has little effect; the transaction just gets into the next block. Need a 51% attack (so, reverting blocks and not just excluding txs) to fully prevent txs from being included.
— @VitalikButerin August 19, 2022

The Case for Social Slashing <-- Best dive in Ethereum Censorship via OFAC

So, what’s the issue here?Well, one of the absolute core purposes for blockchains such as Ethereum is to provide neutrality and censorship resistance. That’s why we tolerate that the system is slow and expensive to use at times—because of these unique qualities. A threat to censorship resistance is a threat to the system’s raison d’être.
Other censorship & merge-related stuff Centralized censorship of privacy protocols outside of Tornado Cash

Recently, FTX froze a user account who sent coins to @aztecnetwork’s zkmoney. According to FTX, Aztec Connect - Aztec network / zk money has been identified as a mixing service, which is a high-risk activity prohibited by FTX.
I, Degen - Personal Hack Attempt of the Week
Zak: Just more Pig Butchering Telegram DM scams Hunt’s mom: email scams to get her coins

E12 References & other links
Reminder - US law enforcement can legally use stingrays and does not require a probable cause warrant

If you’re interested in this, check out Season 1, Episode 3 of Truth and Power on Netflix.
Daniel Rigmaiden- a brilliant, young scam artist turned whistleblower-evades the FBI for months after being accused of filing fraudulent tax claims and illegally collecting hundreds of thousands of dollars from the IRS. After being tracked down and arrested by the feds, Daniel becomes convinced his location was identified through illicit means.
Show image courtesy of 3AC on OpenSea

We do our best to report accurately on the topics we discuss, but we’re not always going to get everything right. Please comment here or reach out to us @idegenfm with corrections or comments!



What is I, Degen?

Welcome! I, Degen is a podcast about crypto technology, security, and culture. With a healthy balance of enthusiasm and skepticism, we cut through the misinformation and hype in search of a signal in the noise. Our weekly round-up will keep you updated on the latest in crypto hacks and security. With our open-source audio audits, we interview founders and hackers to surface relevant info about how to stay safe in crypto land.