February was all about hacks, with mind-blowing news of both current and past hacks peppered throughout the month. The DAO ($11 billion), Bitfinex ($4.5 billion), Optimism ($2 million), OpenSea ($1.7 million) and Coinbase ($0.45 million) - the list of entities involved made for a who's who of crypto. A thriller-worthy social engineering attack was attempted and exposed, while 'spoofing' of fake tokens continued rampant in Ethereum.

All this occurred amidst a backdrop of turbulence globally. Canada froze protesters' financial accounts, leading at least one crypto critic to change his mind. War broke out between Russia and Ukraine - leading to the first-ever instance of a government asking for donations in crypto.

This month, we call for level heads to prevail and hope for peace to find us all.

'Spoof' Tokens on Etherscan

While nothing new, fake or 'spoof' tokens made to look as if they are sent from well-known addresses have become more rampant in recent times. In this article we go over what these are, covering:

• What is meant by 'spoofing'
• How to detect it
• How to avoid it

FEATURE

NFT Page

An early release of NFT pages was quickly found by the community. More to come!

FEATURE

Gas Tracker Estimated Costs

The Gas Tracker now includes live USD estimates of popular transactions.

Ex-Crypto CEO Likely Stole $11 Billion of Ether from The DAO

Journalist Laura Shin astounded the world by naming Toby Hoenisch, the former CEO of TenX, as the person behind the infamous DAO hack.

forbes.com

Alleged Conspiracy to Launder $4.5B in Stolen Cryptocurrency

Two were arrested for attempting to launder cryptocurrency stolen from a 2016 hack of Bitfinex. One of them had given a talk on social engineering.

justice.gov

Coinbase's "Largest-Ever Bug Bounty"

After a successful Super Bowl ad, a whitehat hacker found a Coinbase bug that attackers could have used to sell coins without owning them.

twitter.com/Tree_of_Alpha

Attacking an Ethereum L2 with Unbridled Optimism

Whitehat hacker "Saurik", known for his work on an App Store alternative, reported a critical issue allowing attackers to replicate money on-chain.

saurik.com

OpenSea Users Phish Attacked

32 users were tricked into signing fake messages allowing an attacker to sell their NFTs. Mass panic ensued as Etherscan was under maintenance.

coindesk.com

Understanding Rollup Economics from First Principles

A framework for understanding the various parties co-existing in a rollup system and for guiding discussions on fees and economic designs.

twitter.com/barnabemonnot

Learning More About Cryptography from the Ground Up

For those interested to delve into cryptography from scratch, this Twitter thread provides useful sources (and free links!). Use this link for the basics.

twitter.com/dystopiabreaker

Extremely Thorough Social Engineering Scam Attempt

A chilling story of an extremely elaborate attempt to phish using fake token approvals. Always verify no matter how much you trust!

twitter.com/thomasg_eth

What if Wallets Understood Your Transactions?

A cool site that better 'explains' to users their contract interactions, similar to Transaction Actions on Etherscan, with an open-source library on the way.

twitter.com/m1guelpf

Transaction: Farewell Message of an MEV Competitor

The user apebot.eth left a farewell message of respect for a fellow MEV searcher, including their bot implementation. The latter responded in kind.

Address: NFT That Takes Up a Whole Block to Mint

...from respect to vanity. Vanity Blocks lives up to its name, requiring a minter of its NFT to spend the entire gas limit of a block to mint it.

Questions received last month:

Can I disconnect my wallet from dApps to prevent token exploits?
Simply disconnecting your wallet from dApps such as OpenSea or Uniswap is not enough. If you've given them access to spend your tokens, you'll need to revoke these using tools such as Etherscan's Token Approvals feature.

What does the "at risk" line in Token Approvals feature refer to?
It refers to the total USD value of ERC-20 tokens in an address's balance plus the total number of NFT approvals that are susceptible to exploits should an approved contract be compromised.

Confused with some terms in this newsletter?
Remember to check the Etherscan glossary!

Looking for a job in crypto? Check out these roles below:

Internship Program at Nethermind | Remote

Full Stack JavaScript Developer at æternity blockchain | Remote

Back-End Engineer (NodeJS) at ZKX | Remote

Quantitative Trading Strategy Developer at Gadze Finance | Remote

POLL

'Spoof' Tokens

Learn more about how token transfers can be 'spoofed' on Etherscan and stand to win $10 in ETH.