The Shake: June 26, 2022
A publication on Handshake and the DWeb. Towards a New Internet.
Handshake, by the numbers
On the continued weaknesses of DeFi Frontends
This week, four DeFi projects (Convex, Ribbon, DeFi Saver, and Allbridge) experienced a DNS hijack attack due to a hacked customer support agent at Namecheap. Once domains were in control of the hackers, the attack involved replacing smart contract addresses with malicious contract addresses that share the same last four characters and could drain user funds.
The hijack was quickly identified and Namecheap promptly responded by locking the targeted domains. Ironically, while Namecheap took a lot of heat for this, they remain out front as the most proactive registrar aiming to address the underlying problem having just detailed their plan for decentralized SLDs last week.
The problem is not isolated to a single CS agent at a single registrar. All ICANN registrars with any human access are a threat. And all crypto sites remain a target. This most recent attack comes roughly six months after GoDaddy employees were the subject of a social engineering scheme to transfer domains of six crypto companies to hackers.
The crypto community has collectively learned the importance of removing reliance on centralized custodians for financial assets — not your keys, not your coins. It’s time we all get equally educated on DNS and learn the importance of removing reliance on centralized registrars for our domains — not your keys, not your names.
These financial protocols now manage billions of dollars in user funds. It’s simply too much at stake to not invest in more resilient web stacks. At the same time, Handshake tooling needs to get simpler and easier in order to better onboard these communities.
DeFi needs the DWeb now more than ever.
This Week in Handshake
¹ HSD V4 Upgrade to the new version of HSD. With this week’s release, the space required to run a Handshake full node (and Bob Wallet) is greatly reduced. Urkel Tree Compaction reduces size by over 90%. Read the full release notes here. Thank you to all the developers and code reviewers that contributed to this release.
² dSLDs Namebase announced Aaron Oxborrow as the newest hire to assist with building towards fully decentralized domains on top of Handshake TLDs. Aaron previously has built tools for DNS (domain.io) and ENS (ens.tools), and has been an active contributor to HNS discussions around dSLDs.
³ Namecheap Get domain names from 100+ Handshake TLDs newly added to the Namecheap registrar. This wave of additions is part of a transition of TLDs from the Gateway registrar, and so includes popular names like .c, .tx, .sats, and more.
⁴ Short Stories on DNS and why we need Handshake peer-to-peer domains. Unfortunately, this week’s DNS hijacking news was all too predictable. Twenty four hours prior, the first story in the series was precisely that — a cautionary tale of a compromised customer support rep at a domain registrar. Sigh.
Handshake nodes around the globe
Around the DWeb
SSL Decryption A point of conversation amidst the U.S. Supreme Court’s decision to overturn Roe vs Wade is SSL decryption of healthcare sites for end users on corporate devices.
DYDX DeFi derivatives project moves from Ethereum L2 to its own Cosmos-based chain. We have increasingly different approaches to DeFi across Ethereum, Ethereum L2, competing L1s, and application-specific chains so that the interoperability on any one network yields diminishing returns. This is ultimately why a universal namespace built on-top of an existing chain isn’t long-term viable, and why Handshake’s standalone design is the most modular root anchor for a heterogenous web.
Full Calendar curated by GetDWeb + Friends. There’s an email address for submissions if Handshake community members would like to suggest an event to be listed.
Subscribe for weekly updates on Handshake and the Decentralized Web.