Key Takeaways:

Another hack. This time was different. This is a doozy.

Why? Nomad got exploited for $190m. It was crypto's 5th-biggest hack. Ouch.

It wasn't hackers, but random folks. What happened:

A Nomad smart contract flaw was discovered. They couldn't drain the funds at once, so they tried numerous transactions. Rookie!

People noticed and copied the attack.

They just needed to discover a working transaction, substitute the other person's address with theirs, and run it.

In a two-and-a-half-hour attack, $190M was siphoned from Nomad Bridge.

Nomad is a novel approach to blockchain interoperability that leverages an optimistic mechanism to increase the security of cross-chain communication.  — nomad.xyz

This hack was permissionless, therefore anyone could participate.

After the fatal blow, people fought over the scraps.

Cross-chain bridges remain a DeFi weakness and exploit target. When they collapse, it's typically total.

$190M...gobbled.

Unbacked assets are hurting Nomad-dependent chains. Moonbeam, EVMOS, and Milkomeda's TVLs dropped.

This incident is every-man-for-himself, although numerous whitehats exploited the issue... 

But what triggered the feeding frenzy?

How did so many pick the bones?

After a normal upgrade in June, the bridge's Replica contract was initialized with a severe security issue. The  0x00 address was a trusted root, therefore all messages were valid by default.

After a botched first attempt (costing $350k in gas), the original attacker's exploit tx called process() without first 'proving' its validity.

The process() function executes all cross-chain messages and checks the merkle root of all messages (line 185).

The upgrade caused transactions with a'messages' value of 0 (invalid, according to old logic) to be read by default as 0x00, a trusted root, passing validation as 'proven'

Any process() calls were valid. In reality, a more sophisticated exploiter may have designed a contract to drain the whole bridge.

Copycat attackers simply copied/pasted the same process() function call using Etherscan, substituting their address.

The incident was a wild combination of crowdhacking, whitehat activities, and MEV-bot (Maximal Extractable Value) mayhem.

For example, 🍉🍉🍉. eth stole $4M from the bridge, but claims to be whitehat.

Others stood out for the wrong reasons. Repeat criminal Rari Capital (Artibrum) exploited over $3M in stablecoins, which moved to Tornado Cash.

The top three exploiters (with 95M between them) are:

$47M: 0x56D8B635A7C88Fd1104D23d632AF40c1C3Aac4e3

$40M: 0xBF293D5138a2a1BA407B43672643434C43827179

$8M: 0xB5C55f76f90Cc528B2609109Ca14d8d84593590E

Here's a list of all the exploiters:

The project conducted a Quantstamp audit in June; QSP-19 foreshadowed a similar problem.

The auditor's comments that "We feel the Nomad team misinterpreted the issue" speak to a troubling attitude towards security that the project's "Long-Term Security" plan appears to confirm:

Concerns were raised about the team's response time to a live, public exploit; the team's official acknowledgement came three hours later.

"Removing the Replica contract as owner" stopped the exploit, but it was too late to preserve the cash.

Closed blockchain systems are only as strong as their weakest link.

The Harmony network is in turmoil after its bridge was attacked and lost $100M in late June.

What's next for Nomad's ecosystems?

Moonbeam's TVL is now $135M, EVMOS's is $3M, and Milkomeda's is $20M.

Loss of confidence may do more damage than $190M.

Cross-chain infrastructure is difficult to secure in a new, experimental sector. Bridge attacks can pollute an entire ecosystem or more.

Nomadic liquidity has no permanent home, so consumers will always migrate in pursuit of the "next big thing" and get stung when attentiveness wanes.

DeFi still has easy prey...

Sources: rekt.news & The Milk Road.

UST depegs and LUNA crashes 99.999% in a fraction of the time it takes the Moon to orbit the Earth.

Fat Man, a Terra whistle-blower, promises to expose Do Kwon's dirty secrets and shady deals.

The Terra community has voted to relaunch Terra LUNA on a new blockchain. The Terra 2.0 Pheonix-1 blockchain went live on May 28, 2022, and people were airdropped the new LUNA, now called LUNA, while the old LUNA became LUNA Classic.

Does LUNA deserve another chance? To answer this, or at least start a conversation about the Terra 2.0 chain's advantages and limitations, we must assess its fundamentals, ideology, and long-term vision.

Whatever the result, our analysis must be thorough and ruthless. A failure of this magnitude cannot happen again, so we must magnify every potential breaking point by 10.

Will UST and LUNA holders be compensated in full?

The obvious. First, and arguably most important, is to restore previous UST and LUNA holders' bags.

Terra 2.0 has 1,000,000,000,000 tokens to distribute.

• 25% of a community pool

• Holders of pre-attack LUNA: 35%

• 10% of aUST holders prior to attack

• Holders of LUNA after an attack: 10%

• UST holders as of the attack: 20%

Every LUNA and UST holder has been compensated according to the above proposal.

According to self-reported data, the new chain has 210.000.000 tokens and a $1.3bn marketcap. LUNC and UST alone lost $40bn. The new token must fill this gap. Since launch:

LUNA holders collectively own $1b worth of LUNA if we subtract the 25% community pool airdrop from the current market cap and assume airdropped LUNA was never sold.

At the current supply, the chain must grow 40 times to compensate holders. At the current supply, LUNA must reach $240.

LUNA needs a full-on Bull Market to make LUNC and UST holders whole.

Who knows if you'll be whole? From the time you bought to the amount and price, there are too many variables to determine if Terra can cover individual losses.

The above distribution doesn't consider individual cases. Terra didn't solve individual cases. It would have been huge.

What does LUNA offer in terms of value?

UST's marketcap peaked at $18bn, while LUNC's was $41bn. LUNC and UST drove the Terra chain's value.

After it was confirmed (again) that algorithmic stablecoins are bad, Terra 2.0 will no longer support them.

Algorithmic stablecoins contributed greatly to Terra's growth and value proposition. Terra 2.0 has no product without algorithmic stablecoins.

Terra 2.0 has an identity crisis because it has no actual product. It's like Volkswagen faking carbon emission results and then stopping car production.

A project that has already lost the trust of its users and nearly all of its value cannot survive without a clear and in-demand use case.

Do Kwon, how about him?

Oh, the Twitter-caller-poor? Who challenges crypto billionaires to break his LUNA chain? Who dissolved Terra Labs South Korea before depeg? Arrogant guy?

That's not a good image for LUNA, especially when making amends. I think he should step down and let a nicer person be Terra 2.0's frontman.

The verdict

Terra has a terrific community with an arrogant, unlikeable leader. The new LUNA chain must grow 40 times before it can start making up its losses, and even then, not everyone's losses will be covered.

I won't invest in Terra 2.0 or other algorithmic stablecoins in the near future. I won't be near any Do Kwon-related project within 100 miles. My opinion.

Can Terra 2.0 be saved? Comment below.

Dharmesh Shah co-founded HubSpot. WordPlay reached $90,000 per month in revenue without utilizing any of his wealth.

His method:

Take Advantage Of An Established Trend

Remember Wordle? Dharmesh was instantly hooked. As was the tech world.

HubSpot's co-founder noted inefficiencies in a recent My First Million episode. He wanted to play daily. Dharmesh, a tinkerer and software engineer, decided to design a word game.

He's a billionaire. How could he?

1. Wordle had limitations in his opinion;

2. Dharmesh is fundamentally a developer. He desired to start something new and increase his programming knowledge;

3. This project may serve as an excellent illustration for his son, who had begun learning about software development.

Better It Up

Building a new Wordle wasn't successful.

WordPlay lets you play with friends and family. You could challenge them and compare the results. It is a built-in growth tool.

WordPlay features:

• the capacity to follow sophisticated statistics after creating an account;

• continuous feedback on your performance;

• Outstanding domain name (wordplay.com).

Project Development

WordPlay has 9.5 million visitors and 45 million games played since February.

HubSpot co-founder credits tremendous growth to flywheel marketing, pushing the game through his own following.

Choosing an exploding specialty and making sharing easy also helped.

Shah enabled Google Ads on the website to test earning potential. Monthly revenue was $90,000.

That's just Google Ads. If monetization was the goal, a specialized ad network like Ezoic could double or triple the amount.

Wordle was a great buy for The New York Times at $1 million.

Unlimited everything for $19 monthly!?

Even with pretty words, no one wants to read an ugly email.

• Not Gen Z

• Not Millennials

• Not Gen X

• Not Boomers

I am a minimalist.

I like Mozart. I like avos. I love Apple.

When I hear seamlessly, effortlessly, or Apple's new adverb fluidly, my toes curl.

No email marketing tool gave me that feeling.

As a marketing consultant helping high-growth brands create marketing that doesn't feel like marketing, I've worked with every email marketing platform imaginable, including that naughty monkey and the expensive platform whose sales teams don't stop calling.

Most email marketing platforms are flawed.

1. They are overpriced.

2. They use dreadful templates.

3. They employ a poor visual designer.

4. The user experience there is awful.

5. Too many useless buttons are present. (Similar to the TV remote!)

I may have finally found the perfect email marketing tool. It creates strong flows. It helps me focus on storytelling.

It’s called Flodesk.

It’s effortless. It’s seamless. It’s fluid.

Here’s why it excites me.

Unlimited everything for $19 per month

Sends unlimited. Emails unlimited. Signups unlimited.

Most email platforms penalize success.

Pay for performance?

• $87 for 10k contacts

• $605 for 100K contacts

• $1,300+ for 200K contacts

In the 1990s, this made sense, but not now. It reminds me of when ISPs capped internet usage at 5 GB per month.

Flodesk made unlimited email for a low price a reality. Affordable, attractive email marketing isn't just for big companies.

Flodesk doesn't penalize you for growing your list. Price stays the same as lists grow.

Flodesk plans cost $38 per month, but I'll give you a 30-day trial for $19.

Amazingly strong flows

Foster different people's flows.

Email marketing isn't one-size-fits-all.

Different times require different emails.

People don't open emails because they're irrelevant, in my experience. A colder audience needs a nurturing sequence.

Flodesk automates your email funnels so top-funnel prospects fall in love with your brand and values before mid- and bottom-funnel email flows nudge them to take action.

I wish I could save more custom audience fields to further customize the experience.

Dynamic editor

Easy. Effortless.

Flodesk's editor is Apple-like.

You understand how it works almost instantly.

Like many Apple products, it's intentionally limited. No distractions. You can focus on emotional email writing.

Flodesk's inability to add inline HTML to emails is my biggest issue with larger projects. I wish I could upload HTML emails.

Simple sign-up procedures

Dream up joining.

I like how easy it is to create conversion-focused landing pages. Linkly lets you easily create 5 landing pages and A/B test messaging.

I like that you can use signup forms to ask people what they're interested in so they get relevant emails instead of mindless mass emails nobody opens.

I love how easy it is to embed in-line on a website.

Wonderful designer templates

Beautiful, connecting emails.

Flodesk has calm email templates. My designer's eye felt at rest when I received plain text emails with big impacts.

As a typography nerd, I love Flodesk's handpicked designer fonts. It gives emails a designer feel that is hard to replicate on other platforms without coding and custom font licenses.

Small adjustments can have a big impact

Details matter.

Flodesk remembers your brand colors. Flodesk automatically adds your logo and social handles to emails after signup.

Flodesk uses Zapier. This lets you send emails based on a user's action.

A bad live chat can trigger a series of emails to win back a customer.

Flodesk isn't for everyone.

Flodesk is great for Apple users like me.

Quick, easy and tasty (and dollops of parenting around food).

My wife and mom are both great mothers. They're super-efficient planners. They soak and ferment food. My 104-year-old grandfather loved fermented foods.

When I'm hungry and need something fast, I waffle to the pantry. Like most people, I like to improvise. I wish I knew these 11 hacks sooner.

1. The world's best pasta sauce only has 3 ingredients.

You watch recipe videos with prepped ingredients. In reality, prepping and washing take time. The food's taste isn't guaranteed. The raw truth at a sublime level is not talked about often.

Sometimes a radical recipe comes along that's so easy and tasty, you're dumbfounded. The Classic Italian Cook Book has a pasta recipe.

One 28-ounce can of whole, peeled tomatoes, one medium peeled onion, and 5 tablespoons of butter. And salt to taste.

Combine everything in a single pot and simmer for 45 minutes, uncovered. Stir occasionally. Toss the onion halves after 45 minutes and pour the sauce over pasta. Finish!

This simple recipe fights our deepest fears.

Salt to taste! Customized to perfection, no frills.

2. Reheating rice with ice. Magical.

Most of the world eats rice. I was raised in south India. My grandfather farmed rice in the Cauvery river delta.

The problem with rice With growing kids, you can't cook just enough. Leftovers are a norm. Microwaves help most people. Ice cubes are the frosting.

Before reheating rice in the microwave, add an ice cube. The ice will steam the rice, making it fluffy and delicious again.

3. Pineapple leaf 

if it comes off easy, it is ripe enough to cut. No rethinking.

My daughter loves pineapples like her dad. One daddy task is cutting them. Sharing immediate results is therapeutic.

Timing the cut has been the most annoying part over the years. The pineapple leaf tip reveals the fruitiness inside. Always loved it.

4. Magic knife words (rolling and curling)

Cutting hand: Roll the blade's back, not its tip, to cut.

Other hand: If you can’t see your finger tips, you can’t cut them. So curl your fingers.

I dislike that schools don't teach financial literacy or cutting skills.

My wife and I used scissors differently for 25 years. We both used the thumb. My index finger, her middle. We googled the difference when I noticed it and laughed. She's right.

This video teaches knifing skills:

5. Best advice about heat

If it's done in the pan, it's overdone on the plate.

This simple advice stands out when we worry about ingredients and proportions.

6. The truth about pasta water

Pasta water should be sea-salty.

Properly seasoning food separates good from great. Salt depends is a good line.

Want delicious pasta? Well, then kind of a lot, to be perfectly honest.

7. Clean as you go

Clean blender as you go by blending water and dish soap.

I find clean as you go easier than clean afterwords. This easy tip is gold.

8. Clean as you go (bis)

Microwave a bowl of water, vinegar, and a toothpick for 5 minutes.

2 cups water, 2 tablespoons vinegar, and a toothpick to prevent overflow.

5-minute microwave. Let the steam work for another 2 minutes. Sponge-off dirt and food. Simple.

9 and 10. Tools,tools, tools

Immersion blender and pressure cooker save time and money.

Narrative: I experienced fatherly pride. My middle-schooler loves science. We discussed boiling. I spoke. Water doesn't need 100°C to boil. She looked confused. 100 degrees assume something. The world around the water is a normal room. Changing water pressure affects its boiling point. This saves energy. Pressure cooker magic.

I captivated her. She's into science and sustainable living.

Whistling is a subliminal form of self-expression when done right. Pressure cookers remind me of simple pleasures.

Your handiness depends on your home tools. Immersion blenders are great for pre- and post-cooking. It eliminates chopping and washing. Second to the dishwasher, in my opinion.

11. One pepper is plenty

A story I share with my daughters.

Once, everyone thought about spice (not spicy). More valuable than silk. One of the three mighty oceans was named after a source country. Columbus sailed the wrong way and found America. The explorer called the natives after reaching his spice destination.

It was pre-internet days. His Google wasn't working.

My younger daughter listens in awe. Strong roots. Image cast. She can contextualize one of the ocean names.

I struggle with spices in daily life. Combinations are mind-boggling. I have more spices than Columbus. Flavor explosion has repercussions. You must closely follow the recipe without guarantees. Best aha. Double down on one spice and move on. If you like it, it's great.

I naturally gravitate towards cumin soups, fennel dishes, mint rice, oregano pasta, basil thai curry and cardamom pudding.

Variety enhances life. Each of my dishes is unique.

To each their own comfort food and nostalgic memories.

Happy living!