Subscribe to receive an email every time a new post has been published.
All of the round data referenced below can be downloaded from here. The data is part of a project that downloads round data periodically and uploads the csv.
Smart contract bugs
The big story this week in defi world was about an exploit in OpenSea. It started with a phishing attack with a legitimate looking email from OpenSea about migrating your listings.
The contract exploited a bug in WyvernTokenTransferProxy that's been around for nearly a month. It used signature phishing attack, collecting the users signatures and using them to transfer NFTs to outside accounts.
🏴☠️ OPENSEA NFT HACK EXPLAINED THREAD 🏴☠️— isotile 🦇🔊 (@isotile) February 20, 2022
28 days ago the hacker uploads a new smart contract, he already knows well that his goal is to get as many signatures as possible
🧵 1/4 pic.twitter.com/WMD9JrrvII
I'm not going to tell you I understand all the technical details, but this is bad. It was a phishing attack, sure, but it was more sophisticated than "click here by accident and you'll send us your NFTs". OpenSea will obviously push the onus on the users who don't closely inspect email headers, but obviously something else went wrong as well.
I wrote on twitter that my bet is that OpenSea will just create a new set of NFTs, make everything right and pretend like nothing happened.
I said this as a joke but it's not so crazy! I mean, OpenSea will be happy, NFT owners that were robbed will be, pretty much everyone will be happy except scammers. Oh and those that actually believe in the promise of blockchain.
It happened before on the base layer of Ethereum. There was an exploit in a very popular Dao that held a large percentage of all Ether at the time it was noticed. The attacker got away with tens of millions worth of Ether at the time. Obviously this was bad and very embarrassing. It was especially bad because Ethereum was always planning to move to proof of stake, where the people who control the most capital have more control over the network. So if a malicious hacker had a large percent of Ether, then he could manipulate proof of stake and affect the network greatly.
So naturally the Ethereum community said let's have a do-over! Let's just change the protocol to carve out what happened. Once that precedent, it will be used again, and it has been used. It was used another 2 times in the fourth quarter of 2016 to deal with other attacks.
Stolen NFTs would obviously not require a fork of the Ethereum network, but the same principle applies. It's all made up anyway, so if OpenSea can just say "these tokens were obviously stolen, and here are replacement tokens, and lets just pretend the old ones don't exist anymore", most people will be okay with it! OpenSea is the top dog, so what they say pretty much goes at this point. And besides, who wants to help the scammers get away with it?
I'm against the idea because it just never ends. If the largest player can change the rules and ownership of an asset, what's to stop them from doing so arbitrarily in the future? The point of NFTs isn't "owning" apes. The point is there's something that you own with certainty that has an open distributed api that anyone can interact with. If that ceases to be true and not its whatever OpenSea says it is, we may as well go back to a centralized database and lose all the baggage with blockchain.
Anyway, it'll be interesting to see how this shakes out.
We had a sell-off in crypto late in the week. I believe this was at least partially caused by the talk of an OpenSea exploit.
Prediction volume started the week very low, dropped to ~25 BNB 24-hour trailing rounds, picking up slightly in the middle of the week then dropping off again. I'm not sure if it was due to network issues or just reduced interest but I did notice my bot was a bit choppy during that time.
We didn't have any crazy 100+ BNB rounds and no crazy winner payoffs. The highest successful payoff was 5.23 and some 4+ payoffs.
Winners and Losers
|Place||account||games played||won||won USD||Winnings Even Money||Average bet size|
An impressive showing for the bots! Nearly all the top 10 players this week were bots! And bet sizes were reasonable. Obviously the total amount won is pretty low historically, but in the long run this is the way to go. just consistent performance with bets that don't skew the odds too much.
Our #1 did well and obviously scaled his bet sizes a lot. His "even-money" performance as negative. This means if he had bet the same amount on every bet, he would have been down. But he bet seemingly random amounts and somehow came ahead.
Nothing else to note here, besides solid conservative performance by our top players. No more 100+ BNB bounties, but that's fine. That kind of performance is unsustainable
Let's look at the losers
|Place||from||games played||won||won USD||Winnings Even Money||Average bet size|
Our #1 loser just can't catch a break. Last week he was down 269 BNB. And this week he's down another 210 BNB. His total net loss is 682 BNB, or around $260k
The guy has conviction, much to his detriment. He throws down large and throws good money after bad. He tends to up his bet size after losing a round but if you look at his performance, it looks like his losses are actually clustered together. They're actually more likely to be random, but that's just how it appears when you look at it.
It's too bad our #1 stole all the spotlight because our #2 is quite the contender himself. Blowing 150 BNB in a week is an accomplishment, and with 277 bets means you have to stay in it, not just blow a few hands.
Well, hats off to all our losers. Without them, we wouldn't have winners.
As always, feel free to reach out with questions or comments or want my to highlight anything different on my weekly market recaps. If you like what you read and want to subscribe to receive an email when a new post is published, click here.
Good luck and bet responsibly!