ConsenSys

Digital asset hacks are becoming a top concern for the Web3 ecosystem. Nearly $3B have been stolen in hacks so far this year, almost double of the value lost in all of 2021. By these numbers, 2022 is set to be the biggest year in terms of crypto hacks, with exploits ranging from compromised wallets, to insecure smart contracts, and more. Unsurprisingly, security has been a big topic for decentralized autonomous organizations (DAOs) as well. 

We went out and asked some of the top DAOs, including Polygon, Moloch, and Lido, what they thought about the security of DAOs. We’ve grouped our findings under themes such as governance, treasury, and smart contracts. But first, let’s go back to the hack that led to an Ethereum hard fork in 2016.

The DAO Hack

The vulnerabilities of DAOs were exposed with the formation of the first DAO itself. If this was before your time, here’s a quick refresher on what happened: Simply called The DAO, it was formed in 2016. The idea was that investors would put money in, receive tokens and vote on projects developed by the DAO. In a month, the DAO was able to raise $150M from 11k investors.

Unfortunately, before the token sale ended, a vulnerability in the smart contract wallet was found. The team began fixing the issue, but attackers were able to exploit another bug: they made a small contribution and then requested a withdrawal with a recursive function, stealing 3.6M ETH of the 15M ETH in the treasury. The stolen ETH was worth $60M at the time.

Security Concerns for DAOs today

The DAO hack was a pivotal moment in Ethereum history and provided important lessons for the community in what not to do. Six years later, while DAOs are booming, hacks are also happening almost every month. 

Some top concerns that DAOs today have are around governance, smart contracts and treasury. Let’s do a deep dive into each topic.

Governance

Decentralized notifications is one area where we haven’t yet found a good solution. If an attacker is able to block notifications, they can also then sneak bad proposals through without a majority of the DAO noticing. 

Often a proposal requires complicated multicall transactions. These rely on expert knowledge of an ‘operator’ class. If the DAO doesn’t have a culture of auditing and analyzing the proposals, attackers can leverage it to pass proposals with complex outcomes.

Another concern for DAOs is bad configuration. If a DAO is set up incorrectly, with wrong thresholds and timelocks, it creates an opportunity for bad actors. Poorly designed incentives with black swan externalities can also undermine the token’s objective.

Spam is still a big issue for DAOs, especially on gasless sidechains, where people are not disincentivized to spam. Dropping 40k proposals on a DAO can break frontends and make it really hard to filter bad and good ones. This leads to gridlock and the possibility for invalid proposals to get through.

Decentralization can be hard to achieve, especially with small DAOs or early stage ones. DAOs, much like the blockchain that forms the basis of a DAO, are vulnerable to a governance attack, where attackers can borrow a large amount of the governance token to push through a proposal. Tron already (unsuccessfully) tried this, where some players borrowed a lot of COMP to push forward a proposal to add TUSD as an asset to Compound. While the proposal was outvoted, it shows a serious security concern, particularly for protocols with autonomous governance like Compound where the proposals, if passed, will actually change the deployed code to effectuate the change. There is also a risk of “behind the door” coalitions if the community is effectively a group of friends or even a handful of wallets. 

Member apathy is another huge security threat to a DAO – from the above mentioned lack of thorough reviews of proposals to low decentralization. DAOs are really a way to facilitate interactions between humans and technology. Humans tend to be messy, disorganized and lack focus. Technology – meaning smart contracts -= requires logic, sterile code and clarity. Systems can only account for what the creators planned for, and an active community continuously evaluating the state of the DAO is crucial. At the start of a DAO, there often will be some key figures who lead the community to a vision. However, in order to achieve decentralization, the leaders need to step away and allow others to take over. If the community too heavily relies on the leaders, it can lead to big problems.

Smart Contracts

At times, DAOs have hidden back doors and upgradability. Even if the backdoors are set up with best intentions, as escape hatches, they always need to be properly disclosed. Transparency is crucial to make sure that such a “feature” doesn’t turn into a bug. 

Some of the greatest hacks exploit the quality of code of the protocols. Today, we rely on vetting the quality of teams and making sure that the code goes through multiple audits, but that doesn’t always catch all the bugs. 

Generally early stage blockchains and bridges don’t pay attention to significant distribution of their validator sets, which leads to greater risk of key compromise.

Treasury

Treasury security is a very difficult topic and yet many projects decide on ⅔ multisig which is way too low. It does mean efficiency in execution but is easily exploitable. In general, convenience gets in the way of security a lot. 

Lack of regulation has also emerged as a security concern for DAOs. Recent action by the Commodity Futures Trading Commission against Ooki DAO has created some concerns in the community about the path that regulators might take on DAOs. The CFTC has said that it would treat DAOs as other incorporated entities in the US, and DAO members and many Web3 players are challenging this court. The biggest issue with this is that we don’t really know where DAOs fall in the regulatory world. Thankfully there are geographies such as Wyoming and Channel Islands where you can incorporate your DAO – and places such as Bermuda  that are actively exploring the topic. 

As in every part of our life, a general lack of respect for security is a threat. Members of a DAO should be deploying standard operational security via password managers, having some form of local threat detection downloaded on the computer, using cold wallets, etc.

Conclusion

While DAOs have evolved and matured over the years, they still face many security challenges. Hacks are painful, and we need to do better to prevent them from happening. While we may not have arrived at concrete solutions so far, some examples are noteworthy. GovernorDAO is trying to solve for governance attacks with biometric authentication of Ethereum wallets. Decentralized identifiers are also one way to ensure the uniqueness of wallet addresses.

Identifying your vulnerabilities and putting safeguards in place to manage risk is an important factor for DAOs to keep in mind. Are there other areas of concern that you have questions about or suggestions on how you’ve been able to mitigate these concerns? Let us know.

TL;DR

• NFT prices have fallen more than those of both native tokens as well as many DeFi projects. The key driver is the concentration of value in a small number of collections, exacerbated by the native token (that NFTs are denominated against) losing value. 

• The transition to new NFT use cases could come sooner rather than later. Losses incurred by investors on collectibles have been larger and more consistent. Attention may be shifting towards segments like utilities that benefit from new features on emerging marketplaces.
• Ethereum has lost notable market share to Solana and other blockchains in the last few months; increasing Solana’s share to highs of~43% in September. One reason is the scalability and low fees of other blockchains. Another is that Ethereum’s role in the NFT space may be gravitating towards more of a store-of-value.
• Competition between marketplaces is heating up. X2Y2 on Ethereum and Hadeswap on Solana are taking notable market share from leaders OpenSea and Magic Eden respectively. Emerging marketplaces battle on the basis of new pricing models, optional royalties, and lower fees.

Introduction: Global NFT Activity

The market for non-fungible tokens (NFTs) has had a rough few months alongside this year’s wider drop in asset prices. A distressed macro environment has significantly reduced on-chain activity across the crypto ecosystem, bringing down prices across the board from their 2020-21 highs as investors move down the risk curve and unwind positions.  In this report, we distill various metrics to help you understand the industry and decipher various trends through quantifiable data and insightful observation.  Weekly trade volume across arts, collectibles and gaming has been trending sideways for the second half of the year which is consistent with the price action of ETH. However, when looking at weekly sales count there is a clear deviation where gaming has trended upwards while Arts & Collectibles continued to decline since August 21, 2022.

Trade Volume

This suggests that transition to new use cases could come sooner rather than later for NFTs. Data on sales count by category shows that arts and collectibles have been gradually losing its share of sales, falling by 42% in October since July.  One explanation is that demand for collectibles is much more concentrated than for gaming; 93% of volume stemmed from NBA TopShots, whereas Sorare leads gaming at 71%. Another is that collectibles have proven far more unprofitable than other segments. Data from NonFungible shows that losses incurred by investors on collectibles have been larger and more consistent over the past few months. Investors may therefore be scoping out other NFT segments for profitable trades, such as utilities, in which features such as customized price sensitivity and specialized marketplaces could play a key role.

Price Observation

While NFTs have seen tremendous growth in the last two years, prices have fallen more than those of both native tokens as well as many DeFi projects. The reason is that the value of NFTs (a function of demand) is highly concentrated in a very small number of collections that have seen their prices (denominated in the native token) surge during the boom. But demand for buying virtual goods has started to fall in recent months as users exit the Web 3.0 economy. This has had a downward effect on NFT prices (floor price) that is exacerbated by native tokens losing value relative to US$.

Active Market Wallets

The exit from Web 3.0 and decline of users interacting with NFTs is displayed by the number of active wallet addresses. This number declined from a peak of 31k in July to roughly 12k in October. As a consequence, NFT trade volumes have declined on a weekly basis reaching $45M in the last week of October; down 17% from the beginning of the second half of the year of $54.5bn. The disparity is a consequence of high value NFTs being concentrated in a small number of wallets. Chainalysis estimated that roughly 9% of wallets held 80% of total NFT value at the start of the year. It is also worth noting that active wallets have been relatively stable in the last two months, while trading activity has continued to decline. This may indicate that we have reached a bottom in wallet activity, where remaining users are interacting with Web 3.0 but increasingly holding on to their virtual goods for the time being.

NFT Trade Volume by Chain

Despite a decline in overall trading activity, not all chains have been affected to the same degree.  Ethereum has lost notable market share to Solana and other blockchains in the last few months; increasing Solana’s share to highs of~43% in September. One reason is the scalability and low fees of other blockchains, which makes it more attractive for active traders and minting new collections. Ethereum, on the other hand, is still host to some of the highest-value NFT collections e.g. BAYC and whose role in the NFT space is speculated by some to gravitate towards more of a store-of-value. A counter to this argument is that Ethereum is progressing on its roadmap, which promises to alleviate some of the high fees and congestion that it suffered from before the Merge. The battle between chains was recently displayed when Yuga Labs, the team behind BAYC, laid out plans to leave Ethereum as well but the DAO voted against the move.

NFT Marketplace Share

There have also been a few notable developments in marketplaces. On Ethereum, the leading NFT marketplace OpenSea held 90% market share in the first half of 2022 before losing significant share to new players. The growth of X2Y2 in particular has been remarkable, reaching $1.3bn in the last 3 months and having similar share of the NFT marketplace as OpenSea.

X2Y2’s popularity surged after its so-called “vampire attack” in February, whereby the marketplace airdropped its token to OpenSea users and offered high staking yields on the pre-condition that they list their NFTs on the platform. While the token price tanked in the following months, many users stuck with the marketplace for its optional royalties and low trading fees; 0.5% vs. OpenSea’s 2.5%.

This ties into the notion of OpenSea facing increased competitive pressure from specialized marketplaces, who are beginning to unbundle its services. The platform’s initial success lay in standardizing the trading of all NFT segments (where PFPs and collectibles dominate), but this is being challenged as new use cases and token standards emerge.
On Solana, marketplace volumes continue to be dominated by Magic Eden, accounting for 85% volumes in the last 30 days. The platform raised $130m at a $1.6bn valuation back in June, when its share of Solana-based NFT transaction volume was estimated at 92%. Despite being the clear leader, Magic Eden has started to lose share as the battle for the second-largest marketplace intensifies. Hadeswap in particular has established itself as the second largest marketplace in the past 3 weeks.

Hadeswap is a fork of the Ethereum-based Sudoswap that uses bonding price curves instead of the open auction pricing model used by most leading marketplaces. The design mimics that of an AMM, where users act as liquidity providers for an NFT and prices are set by a mathematical formula rather than the bid/ask model. For developers, this allows more flexibility on designing price sensitivity of assets which may be particularly useful as NFTs grow their use cases in gaming, utilities, and metaverse projects.

Data also indicates that the mechanism disincentivizes wash trading, whereby traders mimic activity by buying/selling a collection between themselves to spread misinformation about the popularity of an NFT. Wash trading has become cheaper as marketplaces move towards optional royalties and lower platform fees. But in an AMM model like Hadeswap, traders also incur LP fees which may render wash trading a lot more expensive. As shown below, wash trades represent a significantly larger portion of overall trades on Magic Eden than on Hadeswap.

Unique Buyer & Seller Activity

Another indicator of NFT market activity is the unique number of buyers and sellers. While the number of participants on both sides of the trade have been decreasing, recent months have been flat. In 1Q22 there was clearer support for NFT prices as shown by the positive gap between buyers and sellers. Tough macro conditions in the second half of the year led to more users selling NFTs and this gap closing, putting increased pressure on prices as a result. The last few weeks have seen a small but consistent increase in the number of buyers over sellers with overall activity remaining mostly stable since August.

Primary & Secondary Market Activity

Finally, we note that the volume of primary listings has tanked from a peak $370m in May to about $755k in October, with secondary listings similarly declining. The result is that liquidity for NFTs is becoming more fragmented across marketplaces, as creators list infrequently and on fewer exchanges. This disproportionately affects NFT aggregators like Gem and Genie, who provide best execution for users across NFT marketplaces. Demand for their services has stalled as creators choose single platforms to list while secondary activity becomes limited. Gem’s market share has declined from over 20% in June to less than 5% currently.

Conclusion

The NFT market has slowed down considerably over the past months putting an end to the hype that drove virtual goods into the mainstream in 2021. Despite activity plummeting, there are notable signs of some nearterm stability. Meanwhile low fees, new features, and specialized pricing models are opening up the competitive landscape and shifting activity to other chains. While a recovery is unlikely until a rebound in the broader macro environment, the NFT market is evolving quickly as new use cases and token standards emerge.

TL;DR

1. The crypto market has been stable in October relative to the broader macro environment. As a result, we are seeing a convergence in volatility of ETH and equities which may point to a decoupling of crypto and traditional markets.
   
2. TVL remained at ~$70B throughout the month despite a series of high-profile hacks (Binance and Mango Markets) and SBF’s controversial proposal for DeFi regulation.
   
3. Activity on DEXs continued to decline but predominantly affected Uniswap, putting a dent in its dominance. Lending protocols are seeing a fall in outstanding debt, along with a fall in stablecoins in circulation.

The price of ETH has hovered around $1300 for the majority of the month following a post-Merge dip. Prices have since increased to ~$1600 in line with a broader market recovery ahead of the November meeting of the Federal Open Market Committee (FOMC). A notable trend is the decline in 30-day realized volatility of ETH and BTC over the month, while similar volatility in equities has increased amidst poor quarterly earnings. This could indicate a potential decoupling between crypto and equities markets.

In decentralized finance (DeFi), market caps of the top 100 tokens increased relative to ETH, before reverting at the end of the month. The reason is that ETH has seen more amplified price swings in the Merge period, which is causing similar swings in the market cap of DeFi tokens relative to ETH. As we analyze in the following sections, DeFi activity has not fundamentally changed in the past month but there are signs of stability.

DeFi/ETH Market Cap Ratio

Total value locked (TVL) in DeFi has remained relatively stable over the past month at around $70B. This is below 2021 highs of $230B but nevertheless represents an 11% increase from the summer months. TVL seemed to be unaffected by a series of adverse events this month including high profile exploits and uncertainty around regulation. A possible reason is that the majority of users that would have left the ecosystem during the downturn have been washed out, leaving a remaining portion of power users in DeFi that are stickier and less affected by macro conditions.

Among the exploits was the manipulation of Solana-based Mango Markets. $114M was lost through a smart contract protocol loophole which saw malicious actors manipulate the native MNGO token. Meanwhile, Binance’s cross-chain bridge was attacked for a whopping $570M after a vulnerability enabled the hacker to withdraw 2M BNB tokens. Binance was able to limit 80-90% of the losses by pausing the network and coordinating with validators; a result of Binance Smart Chain being more centralized which has historically been viewed as controversial by the crypto community.

On the regulatory side, Sam Bankman-Fried (SBF), founder of centralized exchange FTX and trading firm Alameda Research, came under fire for his proposals on DeFi regulation. SBF suggested that front-end DeFi interfaces should follow know-your-customer (KYC) obligations, which would require many popular protocols to, at the very least, link to centralized entities to perform the checks.

Volume on decentralized exchanges (DEXs) fell 10% over the past month to $51B, but predominantly affected the leading exchange Uniswap. Share of volumes on Uniswap grew from 36% to 61% between May and August as users rapidly left smaller exchanges during the downturn. Activity in October, however, saw volume shares picking up on exchanges like Dodo and Curve, with Uniswap dropping to 57%. This could be a sign of confidence among DeFi users who are sticking to more specialized exchanges.

A similar observation can be made when comparing DEXs to their centralized counterparts. DEX to CEX volume saw an uplift in October to about 12%. This indicates that volume on centralized exchanges fell more than that on DEXs, which reiterates the notion of remaining users in DeFi more likely sticking with the ecosystem. 

In line with Uniswap dominating exchange volumes, it also leads monthly protocol revenue, at $33.5M in October. This represents 69% of the total $44.5M across protocols, up from 64% in September. Interestingly, Uniswap grew its share of revenue despite losing share in volume, which indicates that smaller exchanges struggled to translate their growing share of volumes into revenue for users and token holders. This is most likely a result of a difference in fee structures, e.g. Curve charges as little as 0.04% on pool fees vs. Uniswap’s 0.3%.

Net added liquidities in DEX liquidity pools have been rather muted in the last month with a few exceptions of liquidity leaving the ecosystem around mid-October. These outflows were consistent with a price drop in ETH at the time. Similarly, inflows picked up at the end of the month ahead of the FMOC November meeting. Overall, net added liquidities have been more stable than in previous months alongside stability in ETH prices.

The amount of DAI outstanding on the leading DeFi lending protocol MakerDAO has decreased from $6.4B to $5.8B over the month of October. Lending activity is largely a function of idle capital and interest rates, which makes it strongly related to broader monetary policy. Tightening throughout 2022 has spurred a large outflow of capital towards government treasuries, where yields on short-term debt reached 3.7%. Meanwhile yields on stablecoins in leading DeFi protocols range between 0.7-1.5%, which is driving investors out of DeFi and into traditional financial markets. As such, we have seen a decrease in the amount stablecoins in circulation, including DAI. Theoretically, the difference in yields should be arbitraged away, but high friction between crypto and fiat is likely making the process less worthwhile for investors. Especially as uncertainty still exists around future monetary policy decisions.

1-Month Treasury Rate

Overall, activity across DeFi is showing signs of stabilizing. A large portion of capital has been washed out as a result of the broader macro environment, and remaining users appear to be less sensitive to adverse events. Despite total trade volumes falling, activity on smaller exchanges has picked up slightly and liquidity is entering pools on the back of an uptick in ETH prices. Looking forward, the question remains whether the further increase in rates announced at the November FMOC will put a larger dent in the ecosystem.

---

Cryptofunds, market makers, and trading desks can interact with these DeFi protocols with MetaMask Institutional

MetaMask Institutional offers unrivalled access to the DeFi ecosystem without compromising on institution-required security, operational efficiency, or compliance. We enable funds to trade, stake, borrow, lend, invest, and interact with over 17,000 DeFi protocols and applications.

---

Found this research useful? Connect with the ConsenSys Cryptoeconomic Research team at [email protected]

---

Disclaimer: ConsenSys Software Inc. is not a registered or licensed advisor or broker.  This report is for general informational purposes only.  It does not constitute or contain any individual investment advice and is made without any regard to the recipient’s objectives, financial situation, or means.  It is not an offer to buy or sell, or a solicitation of any offer to buy, any token or other investment, nor is it intended to be used for marketing purposes to anyone in any jurisdiction.  ConsenSys does not intend for any person or entity to rely on any facts, opinions, or ideas, and any financial or economic commentary expressed in this report may not be relied upon.  ConsenSys makes no representations as to the accuracy, completeness, or timeliness of the information or opinions in this report and, along with its employees, does not assume any responsibility for any loss to any person or entity that may result from any act or omission based upon this report. This report is subject to correction, completion, and amendment without notice; however, ConsenSys has no obligation to do so. 

New York, NY, November 9, 2022 — Today, ConsenSys announced that users of MetaMask, the world’s leading Web3 self-custodial wallet, will now be able to bridge across multiple networks within the Portfolio dapp through a new feature called MetaMask Bridges. With the beta release of MetaMask Bridges, users can find a bridge for their needs using either the recommended bridge or comparing all the options available by price and speed estimates; tokens can then be transferred from one network to another in just a few clicks. In addition, all bridges available on the Portfolio dapp have been curated for security and decentralization.

In the same way that physical bridges connect two locations, blockchain bridges help to foster interoperability between different blockchains. This has led to over 60 bridges with different security, trust, and risk profiles being created. Users who look for flights or hotels probably use an aggregator to compare prices and recommendations. MetaMask Bridges is an extension of the logic that provides users with the best bridges to ensure that funds and tokens move safely from one chain to another. 

“The growth in bridging solutions and usage has led to choice overload for users; MetaMask Bridges solves this by providing a single, easy-to-use interface for bridging through the MetaMask Portfolio Dapp,” said Angela Potter, Product Manager for MetaMask Bridges. 

MetaMask Bridges will support popular EVM Compatible Chains during the beta, such as Ethereum, Avalanche, BSC, and Polygon, and allow for 1:1  bridging transfers of ETH/WETH, common stablecoins, and native gas tokens. The bridges available on the platform have and will constantly be vetted for security, high liquidity, and reliability standards. They include Connext, Hop, Celer cBridge, and Polygon Bridge.

The MetaMask Bridges interface will be housed on the Portfolio Dapp, launched last month in beta. The Portfolio Dapp allows users to aggregate their assets across multiple accounts and networks. Available to both Extension and Mobile users, anyone can add an offline wallet or hardware wallet using the “watch any wallet” feature and name them to their liking, plus a toggle to the NFT page where users can get a holistic view of their digital art collection and other utility NFTs on Ethereum and Polygon.

How does MetaMask Bridges work

MetaMask Bridges allows users to enter their desired starting network, the destination network, and the token they want to bridge and compare options across multiple providers. Bridge providers are integrated into two layers: bridge aggregators and individual bridges. In addition, MetaMask integrates directly with Socket and LI.FI, which allows us to quickly search routes from several bridges for a better user experience. MetaMask supports a curated set of bridges that tick strong boxes for security and decentralization. This is an initial scope for the beta launch, but the MetaMask team will continue to evaluate other bridges and consider them for integration. 

The beta version will allow users to bridge up to $10,000 per transfer and provide a better and easier-to-use experience for users looking to go across chains. MetaMask is not adding additional fees while this feature is in beta, but users can expect new functionalities and improvements over the next few months. 

As the leading self-custodial wallet, MetaMask acts as a digital authority manager and portal for Web3 — only permitting websites and apps to access data that a user consents to. With the addition of MetaMask Bridges, MetaMask is creating safe spaces to ensure users can feel comfortable and confident while moving tokens from one chain to another by abstracting away the complexities of the bridging ecosystem in an easy-to-use way.  

Media contact: [email protected] 

ABOUT CONSENSYS

ConsenSys is a leading Ethereum and decentralized protocols software company. We enable developers, enterprises, and people worldwide to build next-generation applications, launch modern financial infrastructure, and access the decentralized web. Our product suite, composed of Infura, Quorum, Codefi, MetaMask, MetaMask Institutional, Truffle, Diligence and our NFT platform, serves millions of users, supports billions of blockchain-based queries for our clients, and has handled billions of dollars in digital assets. Ethereum is the largest programmable blockchain in the world, leading in business adoption, developer community, and DeFi activity. On this trusted, open-source foundation, we are building the digital economy of tomorrow. To explore our products and solutions, visit https://consensys.net/.

ConsenSys Software Inc. respectfully submits this letter in response to the U.S. Department of the Treasury’s request for comment on the responsible development of digital assets, dated September 19, 2022. Below, we discuss how certain technological innovations are anticipated to mitigate the risk of financial crime pertaining to digital assets, specifically the theft of private keys through phishing, malicious smart contracts, and compromised front-end user interfaces. As the Treasury Department works on legislative and regulatory proposals, we encourage policymakers across government to pay attention to the innovation in the programmable blockchain ecosystem, especially with respect to how developers are working towards technical solutions to financial crime risks.  

We view this comment letter as an invitation to converse further regarding the ongoing development of Ethereum and other programmable blockchain ecosystems. We hope to engage with you in greater depth on the summarized points set forth below. We appreciate the opportunity to collaborate with you on the important task of bolstering innovation while mitigating the risks that new technologies may present. 

1. Background on ConsenSys Software Inc. and its flagship offering, MetaMask

ConsenSys was founded in 2016 after the launch of the Ethereum protocol with the goal of facilitating decentralization through the development of blockchain-based computing platforms. We believe that, through decentralized networks like Ethereum, we can innovate and achieve like never before. We have dedicated our people, products, and resources to help drive this evolution.

ConsenSys is the leading Ethereum software company. Ethereum is the largest programmable blockchain in the world, leading in developer community, user activity, and business adoption. ConsenSys enables developers, enterprises, and people worldwide to build and use next-generation applications, launch modern financial infrastructure, and access the decentralized web. Our software suite, composed of MetaMask, Infura, Quorum, Truffle, Codefi, and Diligence, is used by millions and supports billions of blockchain calls.

MetaMask specifically is one of the most broadly used unhosted wallets in the world by both Web3 developers and users. It is open source software that can be downloaded from the Apple or Google app stores and run locally as either a mobile application or a browser extension. The software is maintained by a development team at ConsenSys and also supported by a global community of developers and designers who wish to democratize access to the decentralized web.   

Security is critical for MetaMask to be a powerful and reliable tool for both developers and users. Its code has been audited by security experts and independent researchers, and the audit reports are publicly available. The MetaMask team at ConsenSys sponsors a bug bounty program that rewards volunteers who report vulnerabilities so they may be patched. We are also investing in novel research and development into new security technologies with applications far beyond our ecosystem, such as LavaMoat. Further, the MetaMask team has extensive educational materials and FAQs drafted to guide MetaMask users through smart and safe use of the wallet. ConsenSys has also partnered with Phishfort, a third party anti-phishing solution, so that phishing threats against MetaMask users are identified and taken down.

Despite our ongoing commitment to the security of MetaMask users, scammers and other online  criminals continue to target users through a variety of schemes. MetaMask developers and Ethereum developers more broadly recognize these threats and believe it is important to mitigate them not only through vigorous law enforcement but also through technology. Below, we briefly explain one way in which the community is addressing financial crime risk through innovation.   

2. Accounts on Ethereum

Blockchain allows someone to participate in peer-to-peer transactions or a digital community with no central authority acting as gatekeeper. But that system requires such users to take responsibility for themselves in all respects. The private key is the technical representation of that self-responsibility, and from that private key arises a meaningful degree of financial crime risk.  

Ethereum was designed with two types of accounts: externally owned accounts (“EOAs”) and smart contract accounts. EOAs are what one controls with unhosted wallet software, which is best understood as a user interface that permits you to access and execute transactions using your account. Smart contracts are software programs that exist on the blockchain data structure and function according to their programming. Both types of accounts can receive, hold, and send Ethereum tokens (“ETH”) and both can interact with smart contract accounts. Currently, all transitions on today’s Ethereum must commence from an EOA, in part because only EOAs can pay transaction fees (referred to as “gas”).

It is the EOA which presents most financial crime risks. Each EOA can hold tokens and has an address that is recognized by the Ethereum network and determined by a unique public-private key pair. That key pair is how an account holder signs and sends cryptographically secure transactions which move tokens from that account to others. What allows the account holder and only the account holder to send the ETH in their account is possession of the account’s private key. It is that private key that signs transactions, and the network can use the account’s public address to confirm that it was indeed the account holder who authorized the transaction.  

The important takeaway is that Ethereum was designed for a user’s account and a user’s private key to be the same thing. In other words, what holds a user’s tokens is practically indistinguishable from the user’s password. The obvious implication of that choice is that whoever holds the private key, whether the account holder, another person, or even multiple people, can control the account itself. This has given rise to various problems, including making account holders the targets of financial crime.  

3. Financial Crime Targeting Ethereum Users 

Because knowing someone’s private key means being able to access anything held in their account, private keys have been a major target of criminals and other bad actors. Their schemes take a few common forms, discussed below.

Phishing

As the owner and operator of MetaMask, ConsenSys receives reports of phishing attempts. MetaMask users are targeted on social media and via email by phishers looking to defraud the users into sharing their private keys or their secret recovery phrases (the 12 or 24 word-long recovery passwords that are derivations of the alphanumeric private key). Currently, around 80% of all customer complaint tickets that MetaMask receives through its customer support channel are users reporting phishers.  

While the technical innovations discussed below are expected to meaningfully mitigate these types of attacks, several other approaches to this problem are worth pursuing. First, social media platforms that are feeding grounds for predatory phishers should invest more time and attention to eliminating this type of predatory behavior, particularly where these scams are being launched through paid advertising campaigns to the benefit of these platforms. If you are capable and willing to police the content of speech on your website, you can be rightfully expected to take seriously the explicitly illegal scams that use your platform to target your users. Second, regulators and law enforcement could collaborate more closely with the industry to facilitate the reporting, investigation of, and disruption of large, organized phishing scams. Third, the blockchain ecosystem should create off-chain tools that push back against the tide of online predators. Indeed, this approach is already being taken in a number of forms, including the project “MobyMask”, which is the brainchild of a MetaMask developer. This platform would allow users to report Twitter phishing bots by Twitter handle to create a shared database that would be updated in an accountable and transparent way. The database would serve as a peer-to-peer anti-phishing database that could be integrated into Web3 user interfaces for the purpose of warning users, or could be relied upon by law enforcement. While the project is still in proof-of-concept phase, it is an example of the initiative of the blockchain developer community to tackle and solve problems facing the space through innovation.

These schemes include spoofed communications from the “MetaMask Security Team” warning the account holder that, without verifying his account by inputting his secret recovery phrase into a spoofed MetaMask website, his account will be frozen. Others involve a user allowing a hacker to access their device under the guise of providing customer support, which gives the hacker the opportunity to steal a private key or other password. The result of these schemes is the criminal gaining control of the user’s private key or secret recovery phrase, which allows the criminal to access that account through a different user interface and transfer any account holdings to an account that only the criminal controls.  Because of the nature of blockchain transactions, such transfers cannot be reversed unless the criminal decides to transfer the tokens back or gives up the private key to his account.  

While it might sound ridiculous for a hacker to return stolen proceeds, there are a growing number of instances in which, after a hack has been noticed and the movement of the stolen funds is under surveillance, a hacker has decided to turn “white hat” and return some or even all of the stolen funds. This is because surveillance of transactions on the public blockchain has become so reliable and accessible due to current blockchain analytics software that completely absconding with funds stolen on-chain is incredibly difficult, even when a hacker uses mixing and tumbling smart contracts.   

Malicious Smart Contracts

Sophisticated criminals can deploy malicious smart contracts that will result in a user losing his tokens after interacting with it. They come in two general varieties. First, certain contracts require the user to grant  the authority to move tokens sitting in the user’s account. This is a risk to users because, while some contracts require the user to grant narrowly tailored approvals to leverage their functionality, some smart contracts require broad approval, up to and including control over all tokens in their wallet for whatever purpose. While some of these contracts are simply irresponsibly written, some are purposefully malicious.  

The criminal who deploys a malicious contract often socially engineers user interaction through email or social media. In one example from February 2022, a criminal sent a phishing email to users of the NFT website OpenSea. Spoofing a “community update” notice, the email instructed the user to move his NFTs to a new OpenSea smart contract. If a user clicked on the “Get Started” link in the phishing email, linked his wallet to the scam website, and approved the requisite transaction, the user would soon discover that the contract was actually programmed to send all of his NFTs to the scammer’s wallet instead of a OpenSea address.   

The second general type of malicious contract involves depositing tokens into a contract. A malicious deposit contract either ultimately restricts your ability to withdraw your original tokens, or it immediately sends the tokens to the scammer’s wallet. In either instance, the scammer generally entices users to deposit tokens in exchange for a reward or service that never materializes.    

Blockchain developers and other service providers are currently grappling with how to address the problem of malicious contracts from an industry best practices perspective. MetaMask, for one, is considering solutions that can be integrated into the MetaMask interface to warn users whenever a smart contract is asking for unlimited authority over their wallet. In addition, the market integrity firm Solidus Labs recently announced a tool that assists with detection and avoidance of smart contract scams on Ethereum and other programmable blockchains. U.S. policymakers would do well to learn more about these efforts and how the federal government could support them.

Compromised User Interfaces

Criminals and other bad actors are also targeting private keys by deploying spoofed front-end user interfaces. These interfaces are designed to record an account holder’s password, private key, or secret recovery phrase, which the criminal will thereafter use to steal the account holder’s funds.  

A prominent example of this technique was demonstrated by the North Korean group known as “BlueNoroff.” That group penetrated a company’s computer system and used company user credentials to collect configuration files that pertained to, among other things, certain employees’ MetaMask wallets.  When the hackers believed they found a high-value target, they monitored that target’s computer activity, including keystrokes, for days or weeks before taking action. That action involved tampering with the MetaMask Chrome extension code stored on the target’s local computer. That hacked MetaMask wallet allowed the hackers to change the recipient address and the amount sent in one of the target’s transactions, resulting in all of the target’s funds being sent to the hacker’s address.   

In another scam, a phisher bought Google ads to entice Ethereum users to visit a fake MetaMask website where they could download a malicious Google Chrome extension. Once downloaded and installed, the extension prompted the user to create an Ethereum account or import an existing one using a secret recovery phrase. If the user chose to create a new account, the extension would direct the user to the real MetaMask website (metamask.io), but if the user chose to import an account, presumably one with tokens in it, the extension would direct the user to a fake website that prompted the user to enter the secret recovery phrase associated with the account. The scammer would use that phrase to move all the tokens from that account into the scammer’s account.   

* * *

Given the growing and complex ecosystem of permissionless blockchains, composable smart contracts, and user-friendly web-based interfaces, end users today largely have to trust the contracts and web interfaces to be honest, secure, and reliable. There is a role for the government in undergirding this trust. First, public/private collaboration could help establish strong cyber security standards that better protect users from bad actors. Second, law enforcement could vigorously investigate and prosecute perpetrators of online scams like those summarized above. Third, for-profit software developers that materially misrepresent the functionality or security of their interfaces when marketing them to the public might receive more scrutiny from consumer protection authorities such as the Federal Trade Commission.   

But meaningful mitigation measures need not come from regulation or envelope-pushing enforcement. Blockchain developers care deeply about these problems and understand that, if permissionless, programmable blockchains are going to improve the lives of billions of people, the technology itself needs to evolve. With respect to private key-targeting scams, the Ethereum community has already been formulating one possible technical solution.

4. Mitigating Financial Crime Through Account Abstraction

The scams we see today often successfully target Ethereum users in large part because an account and a private key are essentially one and the same. An account is fully compromised when someone steals the private key. Ethereum community developers have since 2016 considered ways to separate the account from the private key, whereby having the latter stolen did not necessarily mean that the former would be also. This concept has been referred to as account abstraction.

The goal of account abstraction is to move from having two types of accounts, EOA and contract, to a single account type. That account type not only would have the necessary elements to serve as a user’s wallet but also would be programmable like a smart contract, adding a new degree of transaction execution functionality. The effect of having “account contracts” would be to change the method in which a transaction is signed. Today, transactions must be signed using the private key tied to the account. With account contracts, the method of signature could be programmed to be anything, abandoning the one-size-fits all signature method of today. With the parallel protocol improvement of allowing contracts to pay Ethereum gas fees to validators (which they cannot currently do), users could introduce safeguards to ensure they do not immediately lose their account if they are phished or interact with a malicious contract. There are a number of safeguards which the community already recognizes as possible improvements.

First, one could program an account contract to only send transactions if a subset of a group of potential signers agreed to the transaction. This functionality is essentially the process of using a multi-signature (or “multi-sig”) contract today, but it would be more convenient because the process of each signer confirming the transaction would not require separate gas-requiring transactions. As any security-conscious blockchain user will tell you, multi-signature wallets are leaps and bounds more secure than single-signature wallets. If it is not already, it will in short order be professional malpractice to operate a company’s treasury, a fund, or another account holding considerable funds without that account requiring multiple signatures.  

Not only does the multi-sig process prevent a single threat actor from stealing a key that allows them access to funds, but it also supports fraud monitoring. Specifically, every signer has the opportunity to review the transaction to ensure it is safe, especially with respect to any account or contract the account intends to interact with. Impetuous or otherwise careless interactions with suspicious contracts may thereby be avoided more than they are with a single signer.  

Second, account abstraction would allow users to move away from the one-size-fits-all application of the Elliptic Curve Digital Signature Algorithm for encrypting transactions. It would allow users to choose a simpler, less expensive signature scheme for certain low-value, low-risk transactions. Alternatively, it would allow users to change the scheme to one that is stronger, including those that are quantum resistant, if that ever becomes necessary. Because alternative cryptographic measures would be accommodated, it is believed to be possible to even leverage the encryption protecting the storage on a mobile device, allowing users to rely on their smartphones to serve as hardware wallets. 

Third, account abstraction would actually allow someone who had their private key or secret recovery phrase stolen not only to prevent any of their tokens from being stolen as a result but also to replace that private key with an uncompromised one (referred to as “key rotation”). This is accomplished through “social recovery.” An account wallet programmed with social recovery functionality could use a single key to approve a transaction, but it would also be associated with three or more “guardians” that could, when called upon, approve the changing of that key. Those guardians could be other people, like friends and family members, other devices like an alternative account that the account holder safeguards, or entities that offer guardianship for free or as a paid service.  

Social recovery wallets would guard against theft in a couple of ways. First, they could include a separate address that would serve as a “vault” for the account holder’s tokens. The user’s tokens can be deposited into the vault quickly, but any transaction to remove them takes a period of time, for instance a week, to execute. Should the user get hacked and lose his private key, any transaction that the hacker would perform to steal the user’s funds would be delayed for one week. During that delay, the user and the guardians would be able to intervene by canceling the illicit transaction and rotating the private key. A second safeguard would be a daily limit on the amount of funds that could be removed from the wallet absent approval of the guardians. While a hacker could steal a portion of an account holder’s funds, the first illicit transfer would put the user and/or the guardians on notice, permitting them to prevent the theft from going any further. 

5. Security and Blockchain Adoption Go Hand-in-Hand

The Ethereum community is working on account abstraction to improve user experience as much as it is a method to bolster security. It is widely recognized that the current system, which is entirely dependent on public-private key pairs and is thus highly vulnerable to user predation, faces a real challenge to achieving its aim of scaling to billions of people with ease. Aside from key compromise through financial crime, the risk of loss of funds due to losing a private key is simply too high. Further, the account holder user experience needs to improve to make it more intuitive and to pull a lot of the complicated technology behind the scenes where it would not confuse or intimidate the typical user.  

The key point is that security and user experience go hand-in-hand, and this drives the Ethereum community to make the changes that ultimately will mitigate risks associated with financial crime. The innate incentive for the Ethereum community to improve security should give pause to any well meaning regulator who might otherwise think the sole solution lies with new statutes, federal rules, or administrative guidance.  

6. Building and Implementing Account Abstraction

Between 2016 and today, there have been a number of Ethereum Improvement Proposals (“EIPs”) put forth by the Ethereum developer community that involve different strategic approaches to achieving a separation of account from signing method. These are still in the discussion phase, and there is no reliable way to estimate when a solution might be ready for implementation. Given the tremendous amount of preparation and care that went into the transition from proof of work to proof of stake consensus, it is reasonable to assume that any Ethereum improvement process relating to account abstraction could take years. Aside from the time it would take to implement such a change, current plans would not lower fees on Ethereum, which remain a limiting factor on ecosystem growth.  

For these reasons, it has been argued that account abstraction will be a solution embraced more quickly and effectively by layer 2 protocols. These protocols, while young, already exist today, and operate as a technology that leverages the security that Ethereum provides while offering lower fees and higher transaction throughput. So-called “smart wallets” relating to two layer 2 protocols are already on the market. The most prominent of which is Argent, which offers a wealth of educational materials that discuss account abstraction in a comprehensive but accessible manner. A second major smart wallet is Loopring. These projects are among those at the forefront of this exciting and crucial wave of innovation that appears likely to revolutionize programmable blockchains and fundamentally change crypto’s financial crime landscape.

Respectfully Submitted,

CONSENSYS SOFTWARE INC.

by:

William C. Hughes