WhiteboardCrypto Newsletter - June 7

Welcome back to this week's edition of our WhiteboardCrypto Newsletter!

Fun Fact: Ross Ulbricht, the founder of the defunct Silk Road darkweb marketplace, sold items he used in prison (and before), for $1.8m. Learn more here.

Lazarus Group got sloppy

BitMEX researchers foiled one of many phishing attempts by North Korea’s Lazarus Group. The group posed as NFT marketplace collaborators in an attempt to sneak malicious JavaScript past an employee. Their sloppy op exposed some big blunders: an open Supabase database, telltale tracking code, and—most damning—a (likely) real IP address traced to Jiaxing, China. BitMEX's sleuthing also revealed a split within the group: low-skilled phishers in one, with elite hackers in another.

Learn more here.

EIP-7702 may have problems

Wintermute raised the alarm over Ethereum’s recent Pectra upgrade. In particular, EIP-7702, which lets wallets temporarily grant permissions so they function more like smart contracts, managing and moving funds. While this boosts convenience—think batching, spending caps, and gas sponsorship—it’s also a playground for scammers. Over 90% of 7702 use cases so far are by lazy crooks copy-pasting shady “CrimeEnjoyor” contracts to auto-drain wallets with leaked private keys. This code type is known as a sweeper, as it automatically scans transactions coming to compromised addresses. If you use these features, be careful to always make sure you know what it is you’re agreeing to.

Learn more here.

Is transparency really the best?

Simple answer: it depends on the use case.

Detailed answer: On decentralized platforms like Hyperliquid, anyone can see the transactions that are put into the queue, even before they are completed. This leaves room for manipulation of the price by people sticking transactions in before or after others. This is particularly problematic when using a platform that has leverage - when you borrow funds to trade with - and thus can be liquidated if the balance of actual vs borrowed assets gets too out of whack.

Crypto natives have often touted transparency as key to the “trustlessness” of the blockchain - we don’t have to trust someone has what they say they have, because we can verify it ourselves by looking at the blockchain data. But that can actually be a problem for people who are making large trades, and thus are more likely to get liquidated by malicious traders. Binance founder CZ has called for ‘dark pools’ - decentralized exchange platforms that have private transaction queues, which would solve this problem but of course would also eliminate transparency.

Learn more here.

Circle IPO soars

Circle is the business that co-created the USDC stablecoin, and they launched on the US stock exchange this week in an initial public offering. The launch price of the IPO was $31 a share, but it has since gone up to over $110 a share as of time of writing. This means the company raised about $1.1 billion. That’s a wild launch, and shows just how much the public is interested in stablecoins even if they aren’t interested in crypto-native ownership of them.

Learn more here.

Thanks for reading and I hope you learned something!

- Theodore