- Doodhwala
- Posts
- 🏧 Bitcoin ATMs are riskier thank you think
🏧 Bitcoin ATMs are riskier thank you think
PLUS: Good news for Tron is Bad news for Tron
Namaste, this is the doodhwala, the crypto newsletter that’s better than receiving an airdrop. (this is not cope 🥲)
We do a DAILY knowledge drop. 🔥
Here’s the knowledge drop for today:
🏧 $1.5 million Bitcoin hack
🥲 Tron's Bad > Good News
📈 StarkNet Strikes
🛠 Best FREE tools for DeFi
🍼 Bitcoin NFTs have a HOME
🏧 Bitcoin ATMs are riskier thank you think
Bitcoin ATMs.
They’re that big orange box in airports and malls in European countries that people use less and take pictures of more.
When I was a kid, this is how I thought ATMs worked 👇
Lol, just kidding. 🤣
But Bitcoin ATMs are hella vulnerable to hacks.
This week, a Bitcoin ATM maker – General Bytes – suffered a hack worth:
🟠 56 Bitcoin = $1.5 million 💰.
Compared to most hacks in 2023, this seems puny 🤏:
Euler Finance hack → $200 million
Balancer hack → $12 million
Angle hack → $17 million
But the BIG difference is – the Bitcoin ATM hack wasn’t an ❎ on-chain exploit or ❎ a hacker dropping a malicious link on a Discord server. Nah fam, that would be too big-brained.
It was a straight up ✅ Software Attack ✅, which led to:
→ crypto drain
→ users’ password theft
→ API keys compromised
🙈
And this is how it happened:
General Bytes sells these ☝️ kinda ATMs to customers for 💰 $3,500 to $7,200 💰 per ATM.
They also have software to manage these ATMs called – the crypto application servers (CAS).
Bruh, they could’ve at least come up with a cool name for this software, something like – Mega Interface Linking Kernel [MILK]. Idk what kernel means tho. 🤣
Here’s how it works:
General Bytes sells the Bitcoin ATMs to customers
Customers download CAS to manage all their Bitcoin ATMs from one location.
CAS uses Digital Ocean as their cloud hosting provider to store + manage customer data
P A U S E
Wtf is a cloud hosting provider?
Cloud hosting is like hosting an application on a ton of computers connected to the cloud through the internet, instead of just one tiny device.
With all this ☝️ centralized vulnerabilities in place, the hacker’s went 🤤
Here’s what the hacker did:
1️⃣ Identify: Identified the software CAS that was connected to the Digital Ocean
2️⃣ Upload: Uploaded a shady AF Java application on the application servers
3️⃣ Access: Access the ATM’s funds + shut off 2-factor authentication
4️⃣ Steal: Moved the 56 Bitcoin from the hot wallet
The reason this was so simple was because General Bytes had something called a:
0-day vulnerability.
Tf is a 0-day vulnerability?
“0-day" is describes a recently discovered security flaw that hackers can use to attack systems. The term "0-day" means the developer just learned of the flaw – and they have “0 days” to fix it.
Getting hacked by a 0-day vulnerability is the same as saying, “I failed in the exam because I didn’t know Chapter 3 was included.” 😭
General Bytes simply DID NOT KNOW its Bitcoin ATM software [CAS] was:
discoverable
traceable to Digital Ocean
vulnerable to lead hot wallet and customer data
So, there were like ‘F it, we’re safe.’
But this is not the first time General Bytes has been hacked BY THE EXACT SAME PROBLEM!
Back in August 2022 [before the FTX shitshow when I had an SBF action figure on my desk] General Bytes was hacked for $16,000. 🤣
And what did the hacker do?
1️⃣ Identified a vulnerability in the CAS
2️⃣ Changed their role to admin
3️⃣ Take out $16,000
💀
Even the headlines are the exact same 🤣
What’s even more alarming – these ☝️ problems were:
first discovered in 2020
hacked for $16,000 in August 2022
hacked for the second time for $1.5 million in March 2023
🙈
Doodhwala’s take:
Yeah, Bitcoin ATMs have a TON of possible problems:
The physical kiosks can be hacked
The software can be exploited
The wallets can be infiltrated
The doodh can be spoiled
So many things can go crazy.
🇮🇳 INDIA, Polkadot is here! 🇮🇳
Polkadot is dropping a B – B – C:
⚫️ Big⚪️ Blockchain⚫️ Conference
(wait, what did you think? 👀)
Polkadot NOW India is a conference with the thriving Polkdot community building 🔥 stuff. It'll have people like:
Gautham Dhameja, director at Parity Technologies
Kasper Mai Jorgensen, ex-CFO Web3 Foundation
Anton Khvorov CEO, Nova Wallet
And of course, you can catch your doodhwala bois there repping the Indian community as well.
👀 Polkadot NOW 🇮🇳
📍 Bangalore, India
🗓️ April 1-2
🥲 Good News and Bad News For This Blockchain
Tron.
Yes, its our favourite Disney movie (especially the second part)
But we aren’t talking about that. (unfortunately 🥲)
We are talking about Tron, the blockchain, created by Justin Sun (this dude). 👇
Damn, dude looks like he’s about to drop a new album with his boy band. 🔥
Tron is a blockchain that has been DOMINATING lately, in terms of Daily Active Users (DAUs).
It is beating some of the top dawgs like:
BNB Chain → 1.2 million DAUs
Ethereum → 350k DAUs
Bitcoin → 535k DAUs
Tron, currently, has a daily active user base of 1.5 million users! 🤯
Now, it has been hit with two new updates that might either bring the Tron momentum down OR take it up to doodhwala-level heights. 😉
Let’s start with the…
😇 GOOD NEWS
You can now send USDT on Telegram. 🔥
Just like how you can send money through WhatsApp using UPI…
…you can now do the same on Telegram chat with crypto.
And now you can also fall for crypto scams FASTER on Telegram. 😅
This is great news!
Telegram has 55 million DAILY users. 🚀
Now all of them will have access to crypto wallets just through their chats. (That’s mass onboarding)
But how does it affect TRON? 🤨
Well, all these payments will be processed on the TRON network, sending the transaction activity to the moon.
😨 BAD NEWS
SEC just announced charges on the founder, Justin Sun. 😬
For what?
You pick:
Fraud
Market Manipulation
Selling and Airdropping unregistered securities
Included in these charges are both his companies, Tron Foundation and BitTorrent.
Yup, our boy also runs BitTorrent, the tool we use to build our own personal movie collection. 😑
So, according to the charges, “Sun tried to artificially inflate TRX's trading volume through the wash trading scheme”
He is accused of asking his employees to engage in more than 600,000 wash trades of TRX between two crypto asset trading platform accounts he controlled. (Noooo Sunny Boy! 😭)
Bruh, is this why Tron’s daily activity is increasing faster than Balaji’s Twitter following after the million-dollar bet?
This news already seems to have affected the Tron community.
The price of the native token, TRX, has dropped by almost 13% since the news came out. 📉
The Tron blockchain has been praised for its recent innovations and partnerships but this news just throws a big fat wet blanket over it.
Do you think this bad news will ruin all the good work from before? 🥲
It certainly seems that way, rn.
Either the community disassociates themselves from Sun to save the project or he pulls a miracle out of his rich butt. 💰💰💰
What do y’all think?
📈 Chaach and Charts: StarkNet Strikes!
Ethereum L2s have got people buzzing more than the IPL this year!
Why is no one talking about Sam Curran’s 18.5 CRORE move to Kings XI Punjab…
… and only talking about:
Polygon taking web3 gaming by storm
Arbitrum rolling out its $ARB token
Optimism still being optimistic
But amongst all the L2 buzz, Starkware’s StarkNet has been the silent killer. 🤫
When it comes to Daily Active Users (DAUs), it's been poppin’ off!
🗓 January 1, 2023 → Less than 4k DAUs
🗓 March 21, 2021 → Over 24k DAUs 🤯
What even is a StarkNet? 🤨
No, it’s not a net used to catch Tony Starks.
Starknet is a ZK-Rollup that operates as an L2 network over Ethereum, enabling any dApp to achieve super scalability without compromising on security or composability.
Why is it going off tho?
🎙 Increased awareness of the strength of the chain in recent conferences.
🟣 Their partner chain’s, Immutable X, recent partnership with Polygon.
💰 More importantly, whispers of an airdrop.
What do y’all think the reason is? (REPLY and let us know)
🛠 Resourcewala: Best tools for DeFi
We all know how absolutely VITAL doodhwala is when it comes to finding alpha.
Only top-tier premium doodh served here 😉
But we have to admit, there are some other (secret) tools that we use to find this alpha.
And today, we are REVEALING IT ALL! 🚀
Today’s resource is all about how you can milk DeFi to your advantage.📈
All the tools you need to be a DeFi alpha hunter. 🔥
P.S.- They are absolutely FREE! 💰
👉 Monitor GameFi Stats
👉 Monitor Whale Wallets
👉 Monitor TVL on Different Chains
👉 Track Your Portfolio Automatically
And so much more!
So, let’s milk these tools, shall we?
🥛 Into the Doodhverse: Hackers + Influencers
Your one-stop-shop place to get busy with the cool doodhs.
🎙️ Influencers → GOOD and BAD
This past week, one influencer made a million-dollar bet, and 9 other influencers were served with a billion-dollar fine. That’s right, we’re talking about Balaji’s Bitcoin BET, and BitBoy and Co.’s lawsuit by FTX investors.
Plus: How does BitBoy actually make his money? [hint: it’s not just YouTube 👀]
🔐 Security! Security! Where are you?
See, security is a big F-ing deal. But most of us (esp the doodhwala) don’t know the first thing about how to audit smart contracts or how hacks happen in the first place.
That’s why we’re talking to a BIG 🧠 BRAINED auditor about ☝️.
We’re chatting with Indranil Roy, CTO of CredShields, a smart contract auditing company on Twitter Spaces (pls Elon, don’t rug us! 🙏)
👌 Hacks and DeFi!
Unlike the paisawala influencers, the doodhwala loves the builders and the protocols. That’s why we’re partnering with not 1 but 2 🔥 events happening in the next few weeks:
1️⃣ State of DeFi – an IRL event hosted by the dYdX Foundation and GravityX Capital on what’s happening in the world of DeFi rn.
2️⃣ HackIT Sapiens – an IRL student hackathon [the biggest in Rajasthan] with hackers building cool products in – ED-tech, AR-VR, AI-ML, doodh making, and Blockchain and web3.
🍼 Doodhshots: A new marketplace for Bitcoin NFTs
🦊 Institutionalized: MetaMask Institutional has introduced a new staking marketplace to give institutional users access to solo Ethereum staking.
💒 Crypto Saviour: The number of eNaira crypto wallets in Nigeria has jumped more than 12-fold to 13 million since October, amid cash shortages in the country.
👟 NFT Sneakers: The luxury fashion brand, Balmain, drops 130 limited edition Unicorn sneakers that come with identical NFT kicks designed by Space Runners.
🖼 Physical Art: In a new announcement by IRS, they are set to treat NFTs as Physical Art and tax them accordingly. Great news or Meh news?
🪄 Magic Ordinals: Magic Eden has launched its own marketplace for Bitcoin Ordinals with these Bitcoin NFTs rising at a phenomenal rate in the past few months.
🤣 Milky Meme Of The Day
Lmao why is this so true! 😭
— Doodhwala 🇮🇳 (@DoodhwalaDaily)
3:26 PM • Mar 22, 2023
How are you liking the doodhwala |
That’s all for today bhaiyo aur bheno! Naale Sigona! Aakash "Dahi Cheeni" Athawasya & Arvind "Doodh Peda" Krishna
Yo! Our legal and financial advisors (aka our good ol’ conscience) have asked us to add this boring disclaimer.None of what you read here is financial advice. We aren’t here to get you to buy or sell a crypto. We’re only here to tell you what’s up in crypto today and make you laugh. So, if you screwed up on a trade, that’s on you G. Stay safe in the markets.