Key Takeaways:

Another hack. This time was different. This is a doozy.

Why? Nomad got exploited for $190m. It was crypto's 5th-biggest hack. Ouch.

It wasn't hackers, but random folks. What happened:

A Nomad smart contract flaw was discovered. They couldn't drain the funds at once, so they tried numerous transactions. Rookie!

People noticed and copied the attack.

They just needed to discover a working transaction, substitute the other person's address with theirs, and run it.

In a two-and-a-half-hour attack, $190M was siphoned from Nomad Bridge.

Nomad is a novel approach to blockchain interoperability that leverages an optimistic mechanism to increase the security of cross-chain communication.  — nomad.xyz

This hack was permissionless, therefore anyone could participate.

After the fatal blow, people fought over the scraps.

Cross-chain bridges remain a DeFi weakness and exploit target. When they collapse, it's typically total.

$190M...gobbled.

Unbacked assets are hurting Nomad-dependent chains. Moonbeam, EVMOS, and Milkomeda's TVLs dropped.

This incident is every-man-for-himself, although numerous whitehats exploited the issue... 

But what triggered the feeding frenzy?

How did so many pick the bones?

After a normal upgrade in June, the bridge's Replica contract was initialized with a severe security issue. The  0x00 address was a trusted root, therefore all messages were valid by default.

After a botched first attempt (costing $350k in gas), the original attacker's exploit tx called process() without first 'proving' its validity.

The process() function executes all cross-chain messages and checks the merkle root of all messages (line 185).

The upgrade caused transactions with a'messages' value of 0 (invalid, according to old logic) to be read by default as 0x00, a trusted root, passing validation as 'proven'

Any process() calls were valid. In reality, a more sophisticated exploiter may have designed a contract to drain the whole bridge.

Copycat attackers simply copied/pasted the same process() function call using Etherscan, substituting their address.

The incident was a wild combination of crowdhacking, whitehat activities, and MEV-bot (Maximal Extractable Value) mayhem.

For example, 🍉🍉🍉. eth stole $4M from the bridge, but claims to be whitehat.

Others stood out for the wrong reasons. Repeat criminal Rari Capital (Artibrum) exploited over $3M in stablecoins, which moved to Tornado Cash.

The top three exploiters (with 95M between them) are:

$47M: 0x56D8B635A7C88Fd1104D23d632AF40c1C3Aac4e3

$40M: 0xBF293D5138a2a1BA407B43672643434C43827179

$8M: 0xB5C55f76f90Cc528B2609109Ca14d8d84593590E

Here's a list of all the exploiters:

The project conducted a Quantstamp audit in June; QSP-19 foreshadowed a similar problem.

The auditor's comments that "We feel the Nomad team misinterpreted the issue" speak to a troubling attitude towards security that the project's "Long-Term Security" plan appears to confirm:

Concerns were raised about the team's response time to a live, public exploit; the team's official acknowledgement came three hours later.

"Removing the Replica contract as owner" stopped the exploit, but it was too late to preserve the cash.

Closed blockchain systems are only as strong as their weakest link.

The Harmony network is in turmoil after its bridge was attacked and lost $100M in late June.

What's next for Nomad's ecosystems?

Moonbeam's TVL is now $135M, EVMOS's is $3M, and Milkomeda's is $20M.

Loss of confidence may do more damage than $190M.

Cross-chain infrastructure is difficult to secure in a new, experimental sector. Bridge attacks can pollute an entire ecosystem or more.

Nomadic liquidity has no permanent home, so consumers will always migrate in pursuit of the "next big thing" and get stung when attentiveness wanes.

DeFi still has easy prey...

Sources: rekt.news & The Milk Road.

It’s only a loss if you sell, right?

Nayib Bukele proclaimed himself “the world’s coolest dictator”.

His jokes aren't clear.

El Salvador's 43rd president self-proclaimed “CEO of El Salvador” couldn't be less presidential.

His thin jeans, aviator sunglasses, and baseball caps like a cartel lord.

He's popular, though.

Bukele won 53% of the vote by fighting violent crime and opposition party corruption.

El Salvador's 6.4 million inhabitants are riding the cryptocurrency volatility wave.

They were powerless.

Their autocratic leader, a former Yamaha Motors salesperson and Bitcoin believer, wants to help 70% unbanked locals.

He intended to give the citizens a way to save money and cut the country's $200 million remittance cost.

Transfer and deposit costs.

This makes logical sense when the president’s theatrics don’t blind you.

El Salvador's Bukele revealed plans to make bitcoin legal tender.

Remittances total $5.9 billion (23%) of the country's expenses.

Anything that reduces costs could boost the economy.

The country’s unbanked population is staggering. Here’s the data by % of people who either have a bank account (Blue) or a mobile money account (Black).

According to Bukele, 46% of the population has downloaded the Chivo Bitcoin Wallet.

In 2021, 36% of El Salvadorans had bank accounts.

Large rural countries like Kenya seem to have resolved their unbanked dilemma.

An economy surfaced where village locals would sell, trade and store network minutes and data as a store of value.

Kenyan phone networks realized unbanked people needed a safe way to accumulate wealth and have an emergency fund.

96% of Kenyans utilize M-PESA, which doesn't require a bank account.

The software involves human agents who hang out with cash and a phone.

These people are like ATMs.

You offer them cash to deposit money in your mobile money account or withdraw cash.

In a country with a faulty banking system, cash availability and a safe place to deposit it are important.

William Jack and Tavneet Suri found that M-PESA brought 194,000 Kenyan households out of poverty by making transactions cheaper and creating a safe store of value.

2016 Science paper

Mobile money, a service that allows monetary value to be stored on a mobile phone and sent to other users via text messages, has been adopted by most Kenyan households. We estimate that access to the Kenyan mobile money system M-PESA increased per capita consumption levels and lifted 194,000 households, or 2% of Kenyan households, out of poverty.

The impacts, which are more pronounced for female-headed households, appear to be driven by changes in financial behaviour — in particular, increased financial resilience and saving. Mobile money has therefore increased the efficiency of the allocation of consumption over time while allowing a more efficient allocation of labour, resulting in a meaningful reduction of poverty in Kenya.

Currently, El Salvador has 2,301 Bitcoin.

At publication, it's worth $44 million. That remains 41% of Bukele's original $105.6 million.

Unknown if the country has sold Bitcoin, but Bukeles keeps purchasing the dip.

It's still falling.

This might be a fantastic move for the impoverished country over the next five years, if they can live economically till Bitcoin's price recovers.

The evidence demonstrates that a store of value pulls individuals out of poverty, but others say Bitcoin is premature.

You may regard it as an aggressive endeavor to front run the next wave of adoption, offering El Salvador a financial upside.

Too much NFT, Discord, and shitposting.

How do you choose?

How do you recruit more members to join your NFT project?

In 2021, a successful NFT project required:

• Monkey/ape artwork

• Twitter and Discord bot-filled

• Roadmap overpromise

• Goal was quick cash.

2022 and the years after will change that.

These are 6 Rules for a Strong NFT Community in 2022:

THINK LONG TERM

This relates to roadmap planning. Hype and dumb luck may drive NFT projects (ahem, goblins) but rarely will your project soar.

Instead, consider sustainability.

Plan your roadmap based on your team's abilities.

Do what you're already doing, but with NFTs, make it bigger and better.

You shouldn't copy a project's roadmap just because it was profitable.

This will lead to over-promising, team burnout, and an RUG NFT project.

OFFER VALUE

Building a great community starts with giving.

Why are musicians popular?

Because they offer entertainment for everyone, a random person becomes a fan, and more fans become a cult.

That's how you should approach your community.

TEAM UP

A great team helps.

An NFT project could have 3 or 2 people.

Credibility trumps team size.

Make sure your team can answer community questions, resolve issues, and constantly attend to them.

Don't overwork and burn out.

Your community will be able to recognize that you are trying too hard and give up on the project.

BUILD A GREAT PRODUCT

Bored Ape Yacht Club altered the NFT space.

Cryptopunks transformed NFTs.

Many others did, including Okay Bears.

What made them that way?

Because they answered a key question.

What is my NFT supposed to be?

Before planning art, this question must be answered.

NFTs can't be just jpegs.

What does it represent?

Is it a Metaverse-ready project?

What blockchain are you going to be using and why?

Set some ground rules for yourself. This helps your project's direction.

These questions will help you and your team set a direction for blockchain, NFT, and Web3 technology.

EDUCATE ON WEB3

The more the team learns about Web3 technology, the more they can offer their community.

Think tokens, metaverse, cross-chain interoperability and more.

BUILD A GREAT COMMUNITY

Several projects mistreat their communities.

They treat their community like "customers" and try to sell them NFT.

Providing Whitelists and giveaways aren't your only community-building options.

Think bigger.

Consider them family and friends, not wallets.

Consider them fans.

These are some tips to start your NFT project.

Open to ideas or acquisitions

Failure is an unavoidable aspect of life, yet many recoil at the word.

I've worked on unrelated startup projects. This is a list of products I developed (often as the tech lead or co-founder) and why they failed to launch.

Chess Bet (Betting)

As a chess player who plays 5 games a day and has an ELO rating of 2100, I tried to design a chess engine to rival stockfish and Houdini.

While constructing my chess engine, my cofounder asked me about building a p2p chess betting app. Chess Bet. There couldn't be a better time.

Two people in different locations could play a staked game. The winner got 90% of the bet and we got 10%. The business strategy was clear, but our mini-launch was unusual.

People started employing the same cheat engines I mentioned, causing user churn and defaming our product.

It was the first programming problem I couldn't solve after building a cheat detection system based on player move strengths and prior games. Chess.com, the most famous online chess software, still suffers from this.

We decided to pivot because we needed an expensive betting license.

We relaunched as Chess MVP after deciding to focus on chess learning. A platform for teachers to create chess puzzles and teach content. Several chess students used our product, but the target market was too tiny.

We chose to quit rather than persevere or pivot.

BodaCare (Insure Tech)

‘BodaBoda’ in Swahili means Motorcycle. My Dad approached me in 2019 (when I was working for a health tech business) about establishing an Insurtech/fintech solution for motorbike riders to pay for insurance using SNPL.

We teamed up with an underwriter to market motorcycle insurance. Once they had enough premiums, they'd get an insurance sticker in the mail. We made it better by splitting the cover in two, making it more reasonable for motorcyclists struggling with lump-sum premiums.

Lack of capital and changing customer behavior forced us to close, with 100 motorcyclists paying 0.5 USD every day. Our unit econ didn't make sense, and CAC and retention capital only dug us deeper.

Circle (Social Networking)

Having learned from both product failures, I began to understand what worked and what didn't. While reading through Instagram, an idea struck me.

Suppose social media weren't virtual.

Imagine meeting someone on your way home. Like-minded person

People were excited about social occasions after covid restrictions were eased. Anything to escape. I just built a university student-popular experiences startup. Again, there couldn't be a better time.

I started the Android app. I launched it on Google Beta and oh my! 200 people joined in two days.

It works by signaling if people are in a given place and allowing users to IM in hopes of meeting up in near real-time. Playstore couldn't deploy the app despite its success in beta for unknown reasons. I appealed unsuccessfully.

My infrastructure quickly lost users because I lacked funding.

In conclusion

This essay contains many failures, some of which might have been avoided and others not, but they were crucial learning points in my startup path.

If you liked any idea, I have the source code on Github.

Happy reading until then!

Failures inspire young developers

Jason citron created many products.

These products flopped.

Microsoft offered $10 billion for one of these products.

He rejected the offer since he was so confident in his success.

Let’s find out how he built a product that is currently valued at $15 billion.

Early in his youth, Jason began learning to code.

Jason's father taught him programming and IT.

His father wanted to help him earn money when he needed it.

Jason created video games and websites in high school.

Jason realized early on that his IT and programming skills could make him money.

Jason's parents misjudged his aptitude for programming.

Jason frequented online programming communities.

He looked for web developers. He created websites for those people.

His parents suspected Jason sold drugs online. When he said he used programming to make money, they were shocked.

They helped him set up a PayPal account.

Florida higher education to study video game creation

Jason never attended an expensive university.

He studied game design in Florida.

“Higher Education is an interesting part of society… When I work with people, the school they went to never comes up… only thing that matters is what can you do…At the end of the day, the beauty of silicon valley is that if you have a great idea and you can bring it to the life, you can convince a total stranger to give you money and join your project… This notion that you have to go to a great school didn’t end up being a thing for me.”

Jason's life was altered by Steve Jobs' keynote address.

After graduating, Jason joined an incubator.

Jason created a video-dating site first.

Bad idea.

Nobody wanted to use it when it was released, so they shut it down.

He made a multiplayer game.

It was released on Bebo. 10,000 people played it.

When Steve Jobs unveiled the Apple app store, he stopped playing.

The introduction of the app store resembled that of a new gaming console.

Jason's life altered after Steve Jobs' 2008 address.

“Whenever a new video game console is launched, that’s the opportunity for a new video game studio to get started, it’s because there aren’t too many games available…When a new PlayStation comes out, since it’s a new system, there’s only a handful of titles available… If you can be a launch title you can get a lot of distribution.”

Apple's app store provided a chance to start a video game company.

They released an app after 5 months of work.

Aurora Feint is the game.

Jason believed 1000 players in a week would be wonderful. A thousand players joined in the first hour.

Over time, Aurora Feints' game didn't gain traction. They don't make enough money to keep playing.

They could only make enough for one month.

Instead of buying video games, buy technology

Jason saw that they established a leaderboard, chat rooms, and multiplayer capabilities and believed other developers would want to use these.

They opted to sell the prior game's technology.

OpenFeint.

Assisting other game developers

They had no money in the bank to create everything needed to make the technology user-friendly.

Jason and Daniel designed a website saying:

“If you’re making a video game and want to have a drop in multiplayer support, you can use our system”

TechCrunch covered their website launch, and they gained a few hundred mailing list subscribers.

They raised seed funding with the mailing list.

Nearly all iPhone game developers started adopting the Open Feint logo.

“It was pretty wild… It was really like a whole social platform for people to play with their friends.”

What kind of a business model was it?

OpenFeint originally planned to make the software free for all games. As the game gained popularity, they demanded payment.

They later concluded it wasn't a good business concept.

It became free eventually.

Acquired for $104 million

Open Feint's users and employees grew tremendously.

GREE bought OpenFeint for $104 million in April 2011.

GREE initially committed to helping Jason and his team build a fantastic company.

Three or four months after the acquisition, Jason recognized they had a different vision.

He quit.

Jason's Original Vision for the iPad

Jason focused on distribution in 2012 to help businesses stand out.

The iPad market and user base were growing tremendously.

Jason said the iPad may replace mobile gadgets.

iPad gamers behaved differently than mobile gamers.

People sat longer and experienced more using an iPad.

“The idea I had was what if we built a gaming business that was more like traditional video games but played on tablets as opposed to some kind of mobile game that I’ve been doing before.”

Unexpected insight after researching the video game industry

Jason learned from studying the gaming industry that long-standing companies had advantages beyond a single release.

Previously, long-standing video game firms had their own distribution system. This distribution strategy could buffer time between successful titles.

Sony, Microsoft, and Valve all have gaming consoles and online stores.

So he built a distribution system.

He created a group chat app for gamers.

He envisioned a team-based multiplayer game with text and voice interaction.

His objective was to develop a communication network, release more games, and start a game distribution business.

Remaking the video game League of Legends

Jason and his crew reimagined a League of Legends game mode for 12-inch glass.

They adapted the game for tablets.

League of Legends was PC-only.

So they rebuilt it.

They overhauled the game and included native mobile experiences to stand out.

Hammer and Chisel was the company's name.

18 people worked on the game.

The game was funded. The game took 2.5 years to make.

Was the game a success?

July 2014 marked the game's release. The team's hopes were dashed.

Critics initially praised the game.

Initial installation was widespread.

The game failed.

As time passed, the team realized iPad gaming wouldn't increase much and mobile would win.

Jason was given a fresh idea by Stan Vishnevskiy.

Stan Vishnevskiy was a corporate engineer.

He told Jason about his plan to design a communication app without a game.

This concept seeded modern strife.

“The insight that he really had was to put a couple of dots together… we’re seeing our customers communicating around our own game with all these different apps and also ourselves when we’re playing on PC… We should solve that problem directly rather than needing to build a new game…we should start making it on PC.”

So began Discord.

Online socializing with pals was the newest trend.

Jason grew up playing video games with his friends.

He never played outside.

Jason had many great moments playing video games with his closest buddy, wife, and brother.

Discord was about providing a location for you and your group to speak and hang out.

Like a private cafe, bedroom, or living room.

Discord was developed for you and your friends on computers and phones.

You can quickly call your buddies during a game to conduct a conference call. Put the call on speaker and talk while playing.

Discord wanted to give every player a unique experience. Because coordinating across apps was a headache.

The entire team started concentrating on Discord.

Jason decided Hammer and Chisel would focus on their chat app.

Jason didn't want to make a video game.

How Discord attracted the appropriate attention

During the first five months, the entire team worked on the game and got feedback from friends.

This ensures product improvement. As a result, some teammates' buddies started utilizing Discord.

The team knew it would become something, but the result was buggy. App occasionally crashed.

Jason persuaded a gamer friend to write on Reddit about the software.

New people would find Discord. Why not?

Reddit users discovered Discord and 50 started using it frequently.

Discord was launched.

Rejecting the $10 billion acquisition proposal

Discord has increased in recent years.

It sends billions of messages.

Discord's users aren't tracked. They're privacy-focused.

Purchase offer

Covid boosted Discord's user base.

Weekly, billions of messages were transmitted.

Microsoft offered $10 billion for Discord in 2021.

Jason sold Open Feint for $104m in 2011.

This time, he believed in the product so much that he rejected Microsoft's offer.

“I was talking to some people in the team about which way we could go… The good thing was that most of the team wanted to continue building.”

Last time, Discord was valued at $15 billion.

Discord raised money on March 12, 2022.

The $15 billion corporation raised $500 million in 2021.