With USDC insolvency fears rampant, users are fleeing to safety in other stables. Not all of them are going to make it there in one piece, however.
Here's how one unlucky user paid $2,080,468.85 to receive $0.05 of USDT.
Let me be clear - fault with this is twofold.
A: the user clearly did not understand or properly set slippage
B: the router mysteriously routed a $2M trade through a dead UniswapV2 pool with $2 of liquidity
This was not a sandwich attack, MEV bot just cleaned up afterwards.
The bot paid $45 in gas and $39k in MEV bribes, netting $2.045M in profit.
This was not a particularly complex bot. Backrun, flashbots, plus the ability to unwrap 3CRV. That's it.
Equal opportunity, unequal results.
Read this. Don’t scroll away or pull back into a detached shell.
Smell the smoke. Feel the heat drawing closer. The dog lets out a whimper and you try your best to soothe him.
You are alone.
Failed by every level of authority that should have protected you.
People who now
If you’re in crypto, you should understand why.
Are you gambling on dog coins? Looking at it as an investment in a growing sector?
Or do you really understand what cryptocurrency is?
Cryptocurrency is sovereignty, written not in the ink of laws and treaties, but in ones and
2 million 3CRV slam into the pool with the force of a thousand suns, and x * y = k does its grim work.
Exactly 54182 units of USDC, worth about 5 cents, leave the contract for the second leg of the swap, where they are happily swapped into USDT, and go on to the swapper.
The pool, now hideously imbalanced, cries out for aid. An MEV bot answers the call, and gently restores the balance by exchanging 1.45 USDC for the 2M 3CRV in the pool.
If you want to learn how to write MEV bots which may or may not make $2M when someone sets 99.999% slippage, check out
@BowTiedDevil
‘s substack.
He’s the only person I’ve seen give out working code for real live arbitrages.
The unfortunate soul used the KyberSwap aggregation router to dump a large clip of 3CRV (DAI/USDC/USDT) LP token into USDT.
This is already a questionable decision since you could just withdraw the LP into USDT for 6% slippage, but maybe he got desperate.
In his haste to swap, he neglected to set his slippage correctly. Or, like, at all. He hits send.
The next actor in our story is UniswapV2 pool 0x7d36fbd3, pairing 3CRV/USDC.
This pool contained about $2 in liquidity, and had sat idle for the last 251 days.
If I had to start over as a smart contract dev today, here’s exactly what I’d do:
0. Learn to code
If you don’t know how to code, start with Python. Automate The Boring Stuff and Realpython are good, and make sure to do projects, not just guided work!
1. Do a
@PatrickAlphaC
Man down,
@ankr
protocol on BNB just suffered a governance key compromise, allowing an attacker to mint 10,000,000,000,000 aBNBc and drain the DEX pool.
The 5 stages of $OHM
1. Ohm is a rug
2. Ohm is just a ponzi shitcoin
3. Ohm is a ponzi but I’m going to degen farm it for disgusting APY
4. Ohm is either the most sophisticated cash grab ever or they may be onto something
5. Ohm is the future of finance. (3,3) until I die.
EXCUSE REMOVAL TIME
If you still haven't joined the BowTiedJungle because you:
- can't think of a niche
- don't want to make a pfp
- have no idea where to start
- don't know how to grow
I'm about to destroy all your excuses. Read on if you dare.
HOW TO FIND BUGS AND GET PAID
A big reason I got into Solidity was the Wild West feel of the blockchain security space. You vs. the blackhats in a deadly duel with billions at stake - and massive rewards for defeating them.
It's more achievable than you may think.
The value of the BowTied Jungle is in the content and the network. You can consume passively, but if you're not growing your account, you're missing out on connecting with elites in their fields.
Here's the playbook - this is exactly how I grew in the Jungle as a new anon.
If you have used FTX please download all your information and txn history NOW while the website is still up! Important in case it goes down later - you may need for class action or taxes.
Getting hired anonymously for crypto gigs is very different from traditional hiring experiences. ⬇️
Biggest change: anon gigs require a portfolio vs a resume. Founders are less concerned with “I worked here and went to school here”. They want to know “I built X Y and Z”…
HOW TO TELL IF YOU SHOULD LEARN TO CODE (before you even start)
Not everyone should become a developer. That said, people psyop themselves into thinking coding is not for them when they might actually be well suited for it. Could that be you?
Smart Contract Review: $GMX token from
@GMX_IO
GMX is a decentralized perpetuals exchange, live on Arbitrum and Avalanche. $GMX is their governance and utility token, and accrues a cut of the platform fees. I'll be referencing the Arbitrum deployment:
1/12
[Interim Update of User Swap Incident]
At 4am UTC, our team was alerted to a trade that encountered an unusually low return on the user’s swap.
Our team is working hard to resolve this unfortunate matter.
Summarized details below ⬇️
Whoever wins the balajis BTC bet, take note of how quickly escrow smart contracts to execute the bet are popping up.
You can have trustless settlement of a multimillion dollar bet rigged up in less than 2 hours. Do you understand the power of smart contracts now?
@LodestarFinance
on Arbitrum has just been exploited 🚨
The situation is still developing and post-mortem is still ongoing, but it looks like the entire protocol has been drained so far. That would represent a $6.9M loss.
What the BowTiedJungle is not:
- a follow-for-follow farm
- guaranteed cross promotions
- a free ride
- an illuminati
What the BowTiedJungle is:
- an audience for your first few pieces of content
- a powerful network
- equal opportunity
- unequal results
If you are generally
“Ahh man it must be nice”
No bro, it’s fucking horrible. It’s hard, it sucks, it’s a constant struggle, but guess what bro, it’s worth it.
People don’t understand obsession and doing whatever it takes.
It’s why they don’t ever break beyond normal, mediocre results.
Zero-Knowledge cryptography is hard to wrap your brain around. Lucky for you, I just dropped the most accessible overview of ZK I've ever seen - and WHY it's going to be so important.
Check out the guest post on
@BowTiedBull
's Substack!
This was my first post as BowTiedPickle. When the Jungle started I was fat, depressed and living paycheck-to-paycheck.
I took action on the Jungle's resources. Now I'm in the best shape of my life, earning WiFi money, and I have hope for the future.
An intro for the jungle:
- early 20s
- job that pays the bills
- background in chemical engineering
I’m mostly lurking and trying to work on the NGMI basics like fitness and second income stream. I plan to try some contributions to the jungle and see what niche there is!
To be clear: the issue is not ledger hardware wallets, the issue is in the adapter which lets websites connect to the hard wallet.
Someone was able to push malicious code containing a wallet drainer to that package, so you are only vulnerable if you visit websites and sign txns.
🚨 We've detected a potential supply chain attack on ledgerconnect kit 🚨
The attacker injected a wallet draining payload into the popular NPM package.
This currently affects a couple of popular dapps including but not limited to
How to break into Solidity development in 5 simple steps:
0: LEARN TO CODE 👨💻
If you’re not comfortable programming, break out Python and learn. You don’t want to mess with gas and smart contracts if you can’t already write simple logic.
1: LEARN BASIC SOLIDITY ⚙️
My
This is my first winter since I got down to a healthy bodyfat % and I was not prepared for how much colder it is vs. blubber mode
I would become physically violent for a bowl of hot soup rn
If you are not putting in hours on WiFi money every week you are NGMI.
Yes, you. You, personally, are not going to make it.
Times have changed. The days of milking a cushy 9-5 and taking the kids to Disney every year are over. The middle class is vanishing.
The Jungle has a lot of niches filled already, but there’s still tons of niches that need filling.
In no particular order, here’s a long list of niches I can think of right now.⬇️
So you’re seeing a bunch of tweets about the two year anniversary of the BowTiedJungle and have no idea what’s going on?
Here’s your intro to the jungle, and how to join the most unique network on the internet.
🚨ANNOUNCEMENT🚨
The inaugural Jungle Hackathon will take place from 9/2-9/4!
Come sharpen your skills, learn from the Jungle's finest, and build up that portfolio!
Please RT for awareness. Join the Discord below to sign up and find the latest information!
🚨Attention all crypto developers: you can now submit your info if you're interested in working with me.
I have pushed 1000s of $$ of work to multiple anons by this point, either paid by me or hired by my rec. PickleCo needs shippers, will you join me?
I firmly believe everyone needs to hack together a little Python script once in their life. Even if you never touch it again, you'll have seen behind the curtain. Code isn't a black box of magic - it's all built by people, and it can be understood by people. Including you.
How to approve transactions ✨SAFELY✨
What does a smart contract interaction using every security best practice actually look like? Here's an example (with pictures) 👇
Before WiFi money, I lived in scurrying, rodent-like fear of losing my job.
I had no savings. Even a late paycheck would have put me in trouble.
If I lost my job today I could survive on WiFi money. Every dollar you earn online is a bill you don’t have to worry about.
“Why don’t they just get rid of MEV?”
Because it’s an incredibly difficult problem that defies simple solutions (ie. the ones you see on Twitter).
Here’s why it’s not that easy to get rid of.
Consider the following:
- Ethereum is a state machine
- Processing transactions moves
Tbh I’m pretty surprised that there haven’t been more crypto devs come out of the jungle. I only know of 6 or 7, myself included, that are actually out there getting paid to ship things., and I’m the only practicing smart contract dev.
The field is ripe for harvest, anon.
Fat Loss, many of you struggle with this, many of you just need a simple system & make this a reality soon than you think, but longer than you want, that's life
Here is a thread, follow this advice and you will lose 1-2lbs of fat a week, potentially 2% or so of body fat a month
You know it just occurred to me that the racist coin meta may actually be a smart long horizon play.
Hear me out here. You see, blockchain transactions never go away. That means the IRS can comb your transaction history to see if you owe back taxes at ANY point in the future.
You need to earn money from your own effort, just once.
Not a W2 paycheck where you get paid for greasing someone else’s wheel. Something you did yourself, with your own powers and abilities.
Even if it’s only $50, when that money hits your account you will never be the same.
The arrest of the Tornado Cash dev is not the first shot in the war on privacy - that's been going on for a long time. But it is a flashpoint.
It sets a precedent - you can be jailed, retroactively, for the actions of users you do not control, by writing open source code.
Just ran across an extremely valuable resource you will want to bookmark:
Audit firm
@coinspect
has put together a detailed analysis and mainnet fork test suite for some 30 smart contract hacks.
Are you serious about making WiFi money or breaking into a developer job?
If so, you need to be tracking your time.
Without tracking, you'll struggle to make accurate estimates, and could be spending more time than you think.
I personally log my time in Notion, here's how...
Being anonymous is an incredible equalizer. I work with people who I trust and respect, and I’ve never seen their faces or heard their voice.
There is no way to discriminate on race, sex, creed, religion or anything else.
You will be judged by your words and actions alone.
People always ask me if they should learn JavaScript before they learn Solidity.
The short answer: no
The long answer: there are three reasons someone might ask this. One, they think JS is prerequisite to Solidity. Two, they think JS will help them learn Solidity. Three, they
Jungle anons have helped me start my crypto dev work, get a 20% raise at the day job, unfat myself, fix lingering physical issues, and much more.
You name it, there’s an anon who can help.
Even if you don't "join" the jungle, the jungle represents an easy way to identify a network of generally smart individuals with actionable advice
I've used info from
@BowTiedOpossum
to spin up now TWO IRL local businesses and one of them is actually doing ok
I've also used
@vutran54
Thanks for the postmortem! It’s an unfortunate incident to be sure, hope the space as a whole can learn and improve swap UI to better avoid cases like this.
Deeply ironic that the DeFi Ed substack’s guest post virginity went to a pickle 👀
Srsly though, I’ve got a lot of good alpha in this post. Give it a read and you’ll understand DEX architecture better than 90% of users. 👇
Took one last poke at the tokens sent to the $ARB token contract and saw one transfer that stood out.
This anon *almost* fumbled a 3500 ARB bag by sending it to the contract. But. He did a test transfer first.
Be wise like 0x0eb11. Test transfer before sending the whole wad.
A lot of people have made a BowTied account and given up a week after their intro tweet.
I know this because they often tag me in that intro tweet.
Your slacking is not as invisible as you think it is.
No joke, without the jungle I’d be missing rent payments rn. This is a literally life changing opportunity, don’t let it pass you by. Seize the moment!
The Bow Tied Jungle is a once in a lifetime opportunity
From learning to networking and building businesses, this community is gold
The system has fucked us our whole lives but now we have the opportunity to level up exponentially.. don’t sleep on it
“I’m trying to learn Solidity”
When’s the last time you:
- opened the Solidity docs
- wrote a line of solidity
- looked at a live protocol’s code
- read a deep dive article
If the answer isn’t within three days to all of those you’re not seriously trying.
🚨New scam alert! 🚨
Been seeing a rash of these messages where someone claims to have some USDT stuck in their wallet, and they need you to help them get it out. Critically, they then tell you their seed phrase.
This is a TRAP…
I started to learn about crypto about two years ago.
Since then I’ve deployed contracts which handled millions of dollars, become an auditor, and had my own code audited.
What could you achieve in two years if you started now?
Don’t put all your eggs in one basket, anon.
Split your funds into multiple wallets, and limit the actions you perform from each based on their purpose. Don’t forget to manage your approvals too!
The year is 2035. You run the last OFAC non-compliant Ethereum node in the US.
A motion sensor chimes. You take a long pull from the jar, crisp moonshine burning your throat. Your grandpappy hid from the revenue men in these hills, long ago.
Some things just run in the family.
If you don’t know how to code - learn Python
- Useful for almost literally anything
- No BS syntax
- Enormous knowledge base
- Well-maintained libraries for everything
- Convenient lingua franca to communicate with ChatGPT
If any of you used that voicecel site it’s probably a good time to talk to your loved ones about the capabilities of AI voices and how to verify that it’s actually you talking to them on the phone.
Deadly serious here, that attack vector is only just getting started. You think
If you’re a BowTied anon and you’re not benefiting from the jungle, you are the source of the problem.
There is enough free alpha for you to turn your life around without ever posting a tweet. That’s not saying anything about the network and connections.
Deployer key compromised or inside job, it deployed an attack contract, changed the upgradeable aBNBc contract to the malicious implementation, then called the 0x3b3a5522 function to mint 10,000,000,000 tokens to his wallet.
I went from zero professional development experience to handling hundreds of thousands of dollars through my smart contracts within a year.
Want to know how you can do it too? Join the academy 👇
The Academy now includes a module by Smart Contract dev
@BowTiedPickle
Pickle replaced his full-time income within 6 months, working as a software developer in crypto
Learn about the dev career paths & how to avoid pitfalls in this 1 hour presentation
Okay, ChatGPT just obliterates any excuse you have to not learn to code. I conversed with it for 5 minutes and I have a snippet of Python code that could probably send a well-formed token approval transaction to mainnet right now. It tells you how to use it, too.
An intro for the jungle:
- early 20s
- job that pays the bills
- background in chemical engineering
I’m mostly lurking and trying to work on the NGMI basics like fitness and second income stream. I plan to try some contributions to the jungle and see what niche there is!
Can’t think of a niche to join the jungle? There’s no shame in your niche being “determined beginner”. Make a handle, start applying people’s content, and report back.
I’ve never seen a community celebrate wins like this. You post a W and 100s of anons will celebrate with you.
The important takeaway is that this hack, impacting over $600k, occurred because a *FORMER EMPLOYEE* got phished, and he still had credentials to publish packages.
This is clown tier security practice from a supposed industry leader.
FINAL TIMELINE AND UPDATE TO CUSTOMERS:
4:49pm CET:
Ledger Connect Kit genuine version 1.1.8 is being propagated now automatically. We recommend waiting 24 hours until using the Ledger Connect Kit again.
The investigation continues, here is the timeline of what we know about
If you got caught up in the USDC panic onchain, it would be wise to do a postmortem and understand the changes in your situation.
I did my fair share of emergency rebalancing that day, and in hindsight I made some mistakes and found things to improve on.
#1
. Not getting into
“If we’re still single at 35 we’ll get married” pacts are out
“If I’m still working a W2 at 35 you are legally allowed to throw me off a building” pacts are in
Btw, do you know the secret to successfully learning something?
Actually STARTING.
People are out here talking about how they’re “trying to become a developer ” when they don’t even have vscode downloaded. You are not a serious person.
Seeing a lot of people starting to just not tip. They're allegedly down so bad they can't afford an extra $15, yet they still choose to indulge themselves.
Disgusting behavior. 30% tip minimum or don't go out. Stiffing wait staff is peak NGMI energy.
The bull run is well underway. The best time to learn the ins and outs was 6 months ago, but it’s not too late for you to dive in.
Want to become a smart contract developer? I went from 0 to getting paid in less than 6 months. Do this course and get after it.