Week 89: Vitalik‘s Thoughts On Possible futures for Ethereum (The Merge & The Surge), World Chain Live, TON Integrate With Axelar, & $58M MultiSig Wallet Compromise Of Radiant Capital
GM! Buidlers
In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all — we’ll explore the latest happenings in the Polygon, Solana & Base ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. And, of course, we’ll delve into the headlines about the $58M Exploit of Radiant Capital and $7.038M loss in Eigenlayer’s airdrop phishing scam.
EtherScope: Core Developments 👨💻
- Summary of Consensus layer focused protocol call (ACDC #144)
- engine_getBlobsV1 initial results: bandwidth reduced for download but increased for upload
- Pectra-devnet-4: launched; 20% offline (10% Grandine & 10% Erigon)
- Weekly testing call #9: fusaka-devnet-0 planned for ~2 weeks time & ssz-devnet-0 launched
- PeerDAS breakout #10: continuing to debug peerdas-devnet-3, unfinalized for over a week
- EOF implementers call #60: discussed ERC721 support using EXTCODE/HASCODE, EXT*CALL return codes and EOFCREATE hashing
EIP2537 BLS precompiles:
- Feedback wanted on planned EIP2537 usage & need for subgroup checks
- EIP2537 BLS breakout: discussed removing subgroup checks & precompiles are underpriced
- Proof of Stake (the Merge): single slot finality, 1 ETH staking, single secret leader election, faster transaction confirmations, 51% attack recovery, increasing quorum threshold for finality and quantum resistance
- Scaling (the Surge): data availability sampling, data compression, generalized Plasma, maturing L2 proof systems, cross-L2 interoperability and scaling L1 execution
L1 & L2 Developments
- Scroll has launched drand VRF, which provides trustless randomness on all EVM chains.
- Sui Foundation has responded to allegations about insiders selling $400 million in tokens during a recent price increase, stating that no insiders, including employees, founders, or investors, have participated in such sales.
- Felix Protocol, an on-chain financial system for Hyperliquid, has introduced feUSD
- Sonic Labs, previously known as Fantom, has published its Sonic Litepaper
- Galxe has integrated with Sei Network, described as the fastest parallel EVM Layer 1.
- TokenUnlocks has rebranded to Tokenomist.AI
- CrossFi has launched its mainnet
- Osmosis has introduced Osmosis Pay, powered by Cypher HQ.
- Towns has released a decentralized and permissionless group chat application, allowing users to create their own digital town squares.
- Pyth Network has announced that PlutoLeverage, a DeFi leveraged yield machine on Solana, is now supported by Pyth.
- Axelar announces partnership with TON Network.
- Eclipse announced the launch of its official bridge, allowing for easier transfer of assets.
- Pendle is catering to the growing demand and diverse risk appetites for Pendle BTC by introducing a new pool for pumpBTC with an expiry date of March 27, 2025.
- LayerZero has officially launched on Worldcoin’s World Chain mainnet.
- Hyperlend will list Resolv’s USR as collateral on the platform
- Penpie is expanding its real-world asset (RWA) offerings by introducing a new pool for Usual Money’s USD0++ stablecoin.
- defi.money has expanded its reach by launching on Base, currently the largest Ethereum Layer 2 network by Total Value Locked (TVL).
- Phantom rolls out the latest feature allowing users to access interactive token pages with chart and price history
- Sturdy Finance has created an AI-powered Morpho Vault Aggregator.
- YieldNest has announced a collaboration with Kinza Finance, a dedicated lending protocol.
- Moonpay collaborates with Venmo
- MIRA AMM has launched on Fuel Ignition mainnet. MIRA is open-sourced and audited by Halborn and OtterSec.
- Kraken launches kBTC, an ERC-20 token fully backed 1:1 by Bitcoin, held securely by Kraken and always verifiable onchain.
- World Chain (OP Stack rollup) open to public
- Fuel Ignition (FuelVM) live, UTXO based
- Ephemery testnet incentives for genesis validators, infrastructure & client implementations
- dGEN1 (mobile device): runs ethOS, ships 2025, pre-order via mint on Base
- Towns: gated group chats using River & Base
EIPs
- EIP7788: Dynamic target blob count
- Informational EIP7790: Parameter recommendations for controlled gas limit increase strategy
ERCs
RIPs
• RIP7789: Cross rollup contingent transactions
EcoExpansions: Beyond Ethereum 🚀
Base
- Ethereum scaling solution Base has slashed on-chain tx costs by 90%
- cbBTC is coming soon on BIMA
- Defi.Money is now live on Base
- The Base research team just published a POC for the cross-L2 call standard RIP-7755
- Multi-collateral feature of BSX is now LIVE on Base
Polygon
- Agrotoken collaborated with Polygon to transform agribusiness with agricultural commodity tokenization.
- Immutable zkEVM is now open to all developers!
- 87% of prediction market TVL ($172m) is on Polygon PoS
Solana
- Solana is introducing shipyard
- Argentina’s first solana community is now live
- Nansen AI just added Solana support
- Introducing Neon EVM: Solana Network extension
Hackathons, Workshops, CTFs & Events
- Oct 25–27 — ETHSydney hackathon
- Nov 12–15 — Devcon 7 — Southeast Asia (Bangkok)
- Nov 15–17 — ETHGlobal Bangkok hackathon
- Dec 6–8 — ETHIndia hackathon
Updates on Development Kits & Tools
- OpenZeppelin Contracts v5.1: adds P256 & RSA signature validation; MerkleTree, CircularBuffer & Heap data structures; StorageSlot, ReentrancyGuardTransient & SlotDerivation utilities; updated Arrays, Base64, CREATE2, Strings & Math
- Echidna v2.2.5: adds Cancun support, warns if an assert isn’t hit in assert mode, adds cheat codes and collects coverage during deployment
- Nethermind v1.29.1: improved memory usage on Linux and improved OP Stack sync
- Teku v24.10.2: hotfix for v24.10.x preventing startup on Windows
- Besu v24.10.0: adds support for blobs in multiple transactions to engine_getBlobsV1 and Ephemery testnet support
- Prysm v5.1.2: hotfix for v5.1.1 to recover from panic; v5.1.1: experimental state enabled by default and adds IDONTWANT support
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
- Deep Dive into Chainlink Architecture
- Deep dive into what Coinshift is all about
- State of Crypto by cdixon.eth
- A look into the current DePIN market & ecosystem
- How do blockchain oracle works
Articles
- Guide to invariant testing using Recon Builder for scaffolding a Foundry project
- Pcaversaccio white hat frontrunning: Bash script using Foundry cast & chisel to secure funds from compromised wallets
- What Made QuillAudits The Star of CoinFest Bali?
- What Went Down with QuillAudits at KBW Blockchain Week?
- Behind the Scenes with QuillAudits at Token2049 Singapore
- 20 Lessons for Crypto Founders by Imran Khan
Research Papers
- An Exposition of Pathfinding Strategies Within Lightning Network Clients
- Optimal MEV Extraction Using Absolute Commitments
- The Writing is on the Wall: Analyzing the Boom of Inscriptions and its Impact on EVM-compatible Blockchains
Watch🎥
Web3 Security
Articles
- Unraveling the $24K Fire Token Exploit: A Detailed Analysis
- Decoding Shezmu’s $4.9 Million Exploit
- Decoding How The Banana Gun Went Bananas: $3M Exploit
- Decoding What Went Wrong with Bedrock: $2M Exploit
- Yet Again? Decoding How Radiant Capital Got Hacked of $58M
Research Papers
- Airdrops: Giving Money Away Is Harder Than It Seems
- Cross-Rollup MEV: Non-Atomic Arbitrage Across L2 Blockchains
- Deep Smart Contract Intent Detection
- Blockchain-based AI Methods for Managing Industrial IoT: Recent Developments, Integration Challenges and Opportunities
- Tapioka DAO got exploited for 38M worth $TAP token
- Eigen Layer X account hacked: Led to over 7M lost in Airdrop Phishing Scam
- Ambient Finance’s frontend has been compromised
- Radiant Capital Got Exploited for 58M due to 3/11 keys of multi-sig wallet compromise
Hacks and Scams 🚨
Radiant Capital
Loss ~ $58M
- The attacker gained control of 3 out of 11 signers; just enough to carry out the hack. Contracts on both Arbitrum & BSC are affected.
- The attacker used the multisig to transfer ownership to their contract, upgrading the implementation, and then proceeded to drain funds. A frontend attack could be a possibility, though it remains speculative for now.
- On 0xd97b93f633aee356d992b49193e60a571b8c466bf46aaf072368f975dc11841c tx, the attack started with a transaction involving over $303K in USDC, $451K in BUSDT, 160 BTCB, 220.6 wBETH, 8469 wBNB, and 470.4 ETH, all drained from Radiant pools. These assets were transferred to the attacker’s wallet (0x0629b1048298AE9deff0F4100A31967Fb3f98962).
- Attacker’s addresses:
0x911215CF312a64C128817Af3c24B9fDF66B7Ac95
0x9c5939AAC4f65A0eA233E657507C7b54acDE2841
0x0629b1048298AE9deff0F4100A31967Fb3f98962
0x97a05beCc2e7891D07F382457Cd5d57FD242e4e8
0x8B75E47976C3C500D0148463931717001F620887
0xA0e768A68ba1BFffb9F4366dfC8D9195EE7217d1
0x579145D6d1F26a460d9BDD3040C37517dac379ac
- Attacker’s contract:
0x921B00Fa38911337aeD702Fb4857877c1aca1141
0x57ba8957ed2ff2e7AE38F4935451E81Ce1eEFbf5
0xf0c0a1a19886791c2dd6af71307496b1e16aa232
- The contracts currently in danger are:
0xF4B1486DD74D07706052A33d31d7c0AAFD0659E1 (Arbitrum)
0xd50Cf00b6e600Dd036Ba8eF475677d816d6c4281 (BSC)
0x30798cFe2CCa822321ceed7e6085e633aAbC492F (Base)
0xA950974f64aA33f27F6C5e017eEE93BF7588ED07 (ETH)
To know more about the hack, read the analysis.
EigenLayer
Loss ~ $7.038M
- EigenLayer X account got hacked. The attacker posted a fake airdrop phishing scam link.
- Over $7,089,107 ($7.089M) has been lost since then. One of the example is an address 0x84b748A811BbdD520c26feD111B3F1F6cCf42E43 losing $800K worth of mETH after signing a permit phishing signature, an hour ago.
- The victim likely signed a transaction (using the permit function, which allows for token approvals without the need for a separate on-chain approval) giving the attacker permission to spend or transfer their tokens.
- Many victim’s funds were stolen away in the same way. Here are a list of attackers addresses:
0x0000db5c8B030ae20308ac975898E09741e70000 currently holds $21,078.59
0xaA862F977d6916A1e89E856FC11Fd99a2F2fAbF8 holds $6,854,375.78
0xFC4EAA4ac84D00f1C5854113581F881b42b4A745 $68,190.23
0x000037bB05B2CeF17c6469f4BcDb198826Ce0000 holds $129,708.00
0x0000553F880fFA3728b290e04E819053A3590000
0xcF59d5Da8F3120ADb060f2bBeA5b5762FEbDa396 holds $15,754.40
- List of contract addresses:
0x9a9BC7d92f554bD54791783389d2246884020e60
0xed0e416e0fEEA5b484ba5c95d375545AC2b60572
To know the full details, read this detailed analysis