AUDIT COLLATERAL

“My bet is that the one where they burn the coins is probably going to be worth more because there's not like 4 million Bitcoin getting massively dumped on everyone's head. So, yeah, I think it's kind of a no-win situation unfortunately, because it does challenge the founding myth of Bitcoin a little bit. But ultimately, it's a strong social consensus that's protecting you.”

“The other kind of weak point here was that the KelpDAO team used, like, a one-of-one DVN, which means that you're just relying on the LayerZero Labs core infrastructure. If they had used a DVN set that required two-of-three or something like this with different independent operators, it would have been this much harder for North Korea to compromise each of these independent organizations. Using a one-of-one implementation was not the right choice.”

“North Korea is really upping its game. The sophistication of these attacks is getting quite alarming. Starting with the Drift hack and now this rsETH one, as the postmortems have come out, we've learned how deep these penetrations are into these organizations. They were able to basically forge a message, take all of the backing of the rsETH on Ethereum, and then they moved it out to various places.”

“North Korea not having $65 million in that money going back to users, like the outcome is unambiguously good. Anyone in that position, like, I think if you were on the Arbitrum Security Council, you may feel some type of way philosophically or something, but you have this, like, fix everything button. Are you really not gonna push it because of philosophy? Of course, you're gonna solve the problem if you can.”

“It's pretty challenging to map out this whole dependency graph of, you know, you're just a depositor and Aave ETH. It's, on the face of it, it seems like it should be a very safe asset, but you're actually exposed, through a couple layers of intermediation to, you know, a one-of-one DVN bridge. That's something where I think we can do a lot better. Once we are mapping out all these dependencies, this can become kind of an open source resource for everyone.”

“We need sort of like independent risk ratings within DeFi. Right now, there's like an incentive problem with the managers of these risk curators. Basically the ones who are optimizing for growth and revenue are the same ones that are underwriting the risks of the collateral that are being onboarded. We should adopt the exact same sort of methodology as S&P and Moody's that they have in TradFi.”