Key Takeaways:

Another hack. This time was different. This is a doozy.

Why? Nomad got exploited for $190m. It was crypto's 5th-biggest hack. Ouch.

It wasn't hackers, but random folks. What happened:

A Nomad smart contract flaw was discovered. They couldn't drain the funds at once, so they tried numerous transactions. Rookie!

People noticed and copied the attack.

They just needed to discover a working transaction, substitute the other person's address with theirs, and run it.

In a two-and-a-half-hour attack, $190M was siphoned from Nomad Bridge.

Nomad is a novel approach to blockchain interoperability that leverages an optimistic mechanism to increase the security of cross-chain communication.  — nomad.xyz

This hack was permissionless, therefore anyone could participate.

After the fatal blow, people fought over the scraps.

Cross-chain bridges remain a DeFi weakness and exploit target. When they collapse, it's typically total.

$190M...gobbled.

Unbacked assets are hurting Nomad-dependent chains. Moonbeam, EVMOS, and Milkomeda's TVLs dropped.

This incident is every-man-for-himself, although numerous whitehats exploited the issue... 

But what triggered the feeding frenzy?

How did so many pick the bones?

After a normal upgrade in June, the bridge's Replica contract was initialized with a severe security issue. The  0x00 address was a trusted root, therefore all messages were valid by default.

After a botched first attempt (costing $350k in gas), the original attacker's exploit tx called process() without first 'proving' its validity.

The process() function executes all cross-chain messages and checks the merkle root of all messages (line 185).

The upgrade caused transactions with a'messages' value of 0 (invalid, according to old logic) to be read by default as 0x00, a trusted root, passing validation as 'proven'

Any process() calls were valid. In reality, a more sophisticated exploiter may have designed a contract to drain the whole bridge.

Copycat attackers simply copied/pasted the same process() function call using Etherscan, substituting their address.

The incident was a wild combination of crowdhacking, whitehat activities, and MEV-bot (Maximal Extractable Value) mayhem.

For example, 🍉🍉🍉. eth stole $4M from the bridge, but claims to be whitehat.

Others stood out for the wrong reasons. Repeat criminal Rari Capital (Artibrum) exploited over $3M in stablecoins, which moved to Tornado Cash.

The top three exploiters (with 95M between them) are:

$47M: 0x56D8B635A7C88Fd1104D23d632AF40c1C3Aac4e3

$40M: 0xBF293D5138a2a1BA407B43672643434C43827179

$8M: 0xB5C55f76f90Cc528B2609109Ca14d8d84593590E

Here's a list of all the exploiters:

The project conducted a Quantstamp audit in June; QSP-19 foreshadowed a similar problem.

The auditor's comments that "We feel the Nomad team misinterpreted the issue" speak to a troubling attitude towards security that the project's "Long-Term Security" plan appears to confirm:

Concerns were raised about the team's response time to a live, public exploit; the team's official acknowledgement came three hours later.

"Removing the Replica contract as owner" stopped the exploit, but it was too late to preserve the cash.

Closed blockchain systems are only as strong as their weakest link.

The Harmony network is in turmoil after its bridge was attacked and lost $100M in late June.

What's next for Nomad's ecosystems?

Moonbeam's TVL is now $135M, EVMOS's is $3M, and Milkomeda's is $20M.

Loss of confidence may do more damage than $190M.

Cross-chain infrastructure is difficult to secure in a new, experimental sector. Bridge attacks can pollute an entire ecosystem or more.

Nomadic liquidity has no permanent home, so consumers will always migrate in pursuit of the "next big thing" and get stung when attentiveness wanes.

DeFi still has easy prey...

Sources: rekt.news & The Milk Road.

Overview

Ethereum blockchain is a network of nodes that validate transactions. Any network node can be queried for blockchain data for free. To write data as a transition requires processing and writing to each network node's storage. Fee is paid in ether and is also called as gas.

We'll examine how user-initiated transactions flow across the network and into the blockchain.

Flow of transactions

• A user wishes to move some ether from one external account to another. He utilizes a cryptocurrency wallet for this (like Metamask), which is a browser extension.

• The user enters the desired transfer amount and the external account's address. He has the option to choose the transaction cost he is ready to pay.

• Wallet makes use of this data, signs it with the user's private key, and writes it to an Ethereum node. Services such as Infura offer APIs that enable writing data to nodes. One of these services is used by Metamask. An example transaction is shown below. Notice the “to” address and value fields.

var rawTxn = {
    nonce: web3.toHex(txnCount),
    gasPrice: web3.toHex(100000000000),
    gasLimit: web3.toHex(140000),
    to: '0x633296baebc20f33ac2e1c1b105d7cd1f6a0718b',
    value: web3.toHex(0),
    data: '0xcc9ab24952616d6100000000000000000000000000000000000000000000000000000000'
};

• The transaction is written to the target Ethereum node's local TRANSACTION POOL. It informed surrounding nodes of the new transaction, and those nodes reciprocated. Eventually, this transaction is received by and written to each node's local TRANSACTION pool.

• The miner who finds the following block first adds pending transactions (with a higher gas cost) from the nearby TRANSACTION POOL to the block.

• The transactions written to the new block are verified by other network nodes.

• A block is added to the main blockchain after there is consensus and it is determined to be genuine. The local blockchain is updated with the new node by additional nodes as well.

• Block mining begins again next.

The image above shows how transactions go via the network and what's needed to submit them to the main block chain.

References

ethereum.org/transactions How Ethereum transactions function, their data structure, and how to send them via app. ethereum.org

Trigger warning — Andrew Tate is running a genius marketing campaign

Andrew Tate is a 2022 internet celebrity.

Kickboxing world champion became rich playboy with controversial views on gender roles.

Andrew's get-rich-quick scheme isn't new. His social media popularity is impressive.

He’s currently running one of the most genius marketing campaigns in history.

He pulls society's pendulum away from diversity and inclusion and toward diversion and exclusion. He's unstoppable.

Here’s everything you need to know about Andrew Tate. And how he’s playing chess while the world plays checkers.

Cobra Tate is the name he goes by.

American-born, English-raised entrepreneur Andrew Tate lives in Romania.

Romania? Says Andrew,

“I prefer a country in which corruption is available to everyone.”

Andrew was a professional kickboxer with the ring moniker Cobra before starting Hustlers University.

Before that, he liked chess and worshipped his father.

Emory Andrew Tate III is named after his grandmaster chess player father.

Emory was the first black-American chess champion. He was military, martial arts-trained, and multilingual. A superhuman.

He lived in his car to make ends meet.

Andrew and Tristan relocated to England with their mother when their parents split.

It was there that Andrew began his climb toward becoming one of the internet’s greatest villains.

Andrew fell in love with kickboxing.

Andrew spent his 20s as a professional kickboxer and reality TV star, featuring on Big Brother UK and The Ultimate Traveller.

These 3 incidents, along with a chip on his shoulder, foreshadowed Andrews' social media breakthrough.

• Chess

• Combat sports

• Reality television

A dangerous trio.

Andrew started making money online after quitting kickboxing in 2017 due to an eye issue.

Andrew didn't suddenly become popular.

Andrew's web work started going viral in 2022.

Due to his contentious views on patriarchy and gender norms, he's labeled the King of Toxic Masculinity. His most contentious views (trigger warning):

• “Women are intrinsically lazy.”

• “Female promiscuity is disgusting.”

• “Women shouldn’t drive cars or fly planes.”

• “A lot of the world’s problems would be solved if women had their body count tattooed on their foreheads.”

Andrew's two main beliefs are:

1. “These are my personal opinions based on my experiences.”

2. “I believe men are better at some things and women are better at some things. We are not equal.”

Andrew intentionally offends.

Andrew's thoughts began circulating online in 2022.

In July 2022, he was one of the most Googled humans, surpassing:

• Joe Biden

• Donald Trump

• Kim Kardashian

Andrews' rise is a mystery since no one can censure or suppress him. This is largely because Andrew nor his team post his clips.

But more on that later.

Andrew's path to wealth.

Andrew Tate is a self-made millionaire. His morality is uncertain.

Andrew and Tristan needed money soon after retiring from kickboxing.

“I owed some money to some dangerous people. I had $70K and needed $100K to stay alive.”

Andrews lost $20K on roulette at a local casino.

Andrew had one week to make $50,000, so he started planning. Andrew locked himself in a chamber like Thomas Edison to solve an energy dilemma.

He listed his assets.

• Physical strength (but couldn’t fight)

• a BMW (worth around $20K)

• Intelligence (but no outlet)

A lightbulb.

He had an epiphany after viewing a webcam ad. He sought aid from women, ironically. His 5 international girlfriends are assets.

Then, a lightbulb.

Andrew and Tristan messaged and flew 7 women to a posh restaurant. Selling desperation masked as opportunity, Andrew pitched his master plan:

A webcam business — with a 50/50 revenue split.

5 women left.

2 stayed.

Andrew Tate, a broke kickboxer, became Top G, Cobra Tate.

The business model was simple — yet sad.

Andrew's girlfriends moved in with him and spoke online for 15+ hours a day. Andrew handled ads and equipment as the women posed.

Andrew eventually took over their keyboards, believing he knew what men wanted more than women.

Andrew detailed on the Full Send Podcast how he emotionally manipulated men for millions. They sold houses, automobiles, and life savings to fuel their companionship addiction.

When asked if he felt bad, Andrew said,

“F*ck no.“

Andrew and Tristan wiped off debts, hired workers, and diversified.

Tristan supervised OnlyFans models.

Andrew bought Romanian casinos and MMA league RXF (Real Xtreme Fighting).

Pandemic struck suddenly.

Andrew couldn't run his 2 businesses without a plan. Another easy moneymaker.

He banked on Hustlers University.

The actual cause of Andrew's ubiquity.

On a Your Mom’s House episode Andrew's 4 main revenue sources:

1. Hustler’s University

2. Owning casinos in Romania

3. Owning 10% of the Romanian MMA league “RXF”

4. “The War Room” — a society of rich and powerful men

When the pandemic hit, 3/4 became inoperable.

So he expanded Hustlers University.

But what is Hustler’s University?

Andrew says Hustlers University teaches 18 wealth-building tactics online. Examples:

• Real estate

• Copywriting

• Amazon FBA

• Dropshipping

• Flipping Cryptos

How to swiftly become wealthy.

Lessons are imprecise, rudimentary, and macro-focused, say reviews. Invest wisely, etc. Everything is free online.

You pay for community. One unique income stream.

The only money-making mechanism that keeps the course from being a scam.

The truth is, many of Andrew’s students are actually making money. Maybe not from the free YouTube knowledge Andrew and his professors teach in the course, but through Hustler’s University’s affiliate program.

Affiliates earn 10% commission for each new student = $5.

Students can earn $10 for each new referral in the first two months.

Andrew earns $50 per membership per month.

This affiliate program isn’t anything special — in fact, it’s on the lower end of affiliate payouts. Normally, it wouldn’t be very lucrative.

But it has one secret weapon— Andrew and his viral opinions.

Andrew is viral. Andrew went on a media tour in January 2022 after appearing on Your Mom's House.

• The Full Send Podcast

• The Fresh & Fit Podcast

• “BFFs” by Barstool Sports

And many, many more…

He chatted with Twitch streamers. Hustlers University wanted more controversy (and clips).

Here’s the strategy behind Hustler’s University that has (allegedly) earned students upwards of $10K per month:

1. Make a social media profile with Andrew Tates' name and photo.

2. Post any of the online videos of Andrews that have gone viral.

3. Include a referral link in your bio.

Effectively simple.

Andrew's controversy attracts additional students. More student clips circulate as more join. Andrew's students earn more and promote the product as he goes viral.

A brilliant plan that's functioning.

At the beginning of his media tour, Hustler’s University had 5,000 students. 6 months in, and he now has over 100,000.

One income stream generates $5 million every month.

Andrew's approach is not new.

But it is different.

In the early 2010s, Tai Lopez dominated the internet.

His viral video showed his house.

“Here in my garage. Just bought this new Lamborghini.”

Tais' marketing focused on intellect, not strength, power, and wealth to attract women.

How reading quicker leads to financial freedom in 67 steps.

Years later, it was revealed that Tai Lopez rented the mansion and Lamborghini as a marketing ploy to build social proof. Meanwhile, he was living in his friend’s trailer.

Faked success is an old tactic.

Andrew is doing something similar. But with one major distinction.

Andrew outsources his virality — making him nearly impossible to cancel.

In 2022, authorities searched Andrews' estate over human trafficking suspicions. Investigation continues despite withdrawn charges.

Andrew's divisive nature would normally get him fired. Andrew's enterprises and celebrity don't rely on social media.

He doesn't promote or pay for ads. Instead, he encourages his students and anyone wishing to get rich quick to advertise his work.

Because everything goes through his affiliate program. Old saying:

“All publicity is good publicity.”

Final thoughts: it’s ok to feel triggered.

Tate is divisive.

His emotionally charged words are human nature. Andrews created the controversy.

It's non-personal.

His opinions are those of one person. Not world nor generational opinion.

Briefly:

• It's easy to understand why Andrews' face is ubiquitous. Money.

• The world wide web is a chessboard. Misdirection is part of it.

• It’s not personal, it’s business.

• Controversy sells

Sometimes understanding the ‘why’, can help you deal with the ‘what.’