Story One

A hack with a twist

On May 22nd, the leading DEX on the SUI blockchain tweeted that it had detected an incident leading to the loss of $223 million in user funds. So far, just another successful exploit by a hacker. Shortly after draining the liquidity pools, the hacker began bridging their funds to Ethereum in an attempt to launder them. As a result of this massive exploit, memecoins dumped — including the supposedly stable coin USDC, which suddenly was stable at 0.

After $60 million had been moved off SUI, the validators collectively decided to simply freeze the funds, leaving the hackers unable to access the money they had stolen. Can they do that? Yes, they could. As it turns out, SUI is structured to give validators the right to exempt transactions from specific wallets in extreme circumstances as long as a broad consensus is reached.

CT is split in the reaction to this. Some point to the positive effect of saving $160 million worth of user funds from being drained, while others worry that the power to freeze might not always be used for such noble causes.

Cetus has suspended operations and initiated a governance vote to decide the fate of the frozen funds. So far, 90% are in favor of distributing them back to the victims.

Takeaway: The lesson here is that the social layer can trump the technical. If people decide to act against the decentralization maxime, not much you can do.

Story Two

Money as a social construct

Remember when you first learned about fractional reserve banking? I was about 24 and just got started in crypto. What blew my mind back then was that banks just create money out of nothing. Well, it’s not nothing, in the end it’s trust.

Ironically, in crypto the main propaganda is to get away from trust, to create trust-less money, rejecting the idea that money is just a social construct. Bitcoin started as an attempt, but it accumulated mainly in the hands of Michael Saylor and corporations seeking PR coverage (see ).

Most memecoins follow a similar pattern of accumulation. But what if there was money that didn’t follow this path? That’s what promises: a project by Gnosis that just launched its V2. In essence, everyone on there mints one token per hour. Through agreements with others to use these tokens, they gain value. This enables the creation of circles of trust, allowing trust to scale beyond the bonds of people you know.

Takeaway: Finally, an interesting social monetary experiment. Will it work? Who knows, but at least it’s an attempt to do something different than all these PVP coins.

Story Three

EIP 7702 adoption is going great

It’s especially going great if your hobby is draining people’s wallets. While Ethereum’s recent Pectra upgrade focused on improving UX, it also made it easier for criminals to drain people with even less clicks.

The proposal in question is EIP7702, which introduced account abstraction, a buzzword of last year. Once implemented, this allows wallets to behave like smart contracts, giving them the ability to, for example, batch transactions (avoiding getting stuck in approve & confirm loops), sponsor gas fees, and use passkeys.

Unfortunately, over 60% of delegations authorize contracts to act on behalf of wallet users that aren’t in the interest of the user, as Wintermute, a crypto trading firm, has found. They dubbed these contracts Crime Enjoyer as they’re all versions of the same copy-pasta code that sweeps wallets if keys are leaked and sends the funds to the deployer.

One user lost $150,000 this way to a supposed batch transaction. Wintermute commented they found this trend "". 

Takeaway: Wallets should step up to make it clearer what users are signing when they hand over control. What’s more, we should all think about the fact that all technological improvements will also end up in the hands of our adversaries.

Fact of the week: Speaking of constructs, did you know that the lifetime of reinforced concrete is about 50 - 100 years? That's because after a while, the steel inside starts rusting, breaking up the concrete from the inside. Fun prospect if you're living in a city built from concrete 50 years ago. To learn more You might never look at concrete bridges the same again.

Naomi for CoinJar

UK residents: Don’t invest unless you’re prepared to lose all the money you invest. This is a high‑risk investment and you should not expect to be protected if something goes wrong. Take 2 minutes to learn more: .

Cryptoassets traded on CoinJar UK Limited are largely unregulated in the UK, and you are unable to access the Financial Service Compensation Scheme or the Financial Ombudsman Service. We use third party banking, safekeeping and payment providers, and the failure of any of these providers could also lead to a loss of your assets. We recommend you obtain financial advice before making a decision to use your credit card to purchase cryptoassets or to invest in cryptoassets. Capital Gains Tax may be payable on profits.​​

CoinJar’s digital currency exchange services are operated in Australia by CoinJar Australia Pty Ltd ACN 648 570 807, a registered digital currency exchange provider with AUSTRAC; and in the United Kingdom by CoinJar UK Limited (company number 8905988), registered by the Financial Conduct Authority as a Cryptoasset Exchange Provider and Custodian Wallet Provider in the United Kingdom under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, as amended (Firm Reference No. 928767).

EU residents: Please remember past performance is not a reliable indicator of future results. Don’t invest unless you’re prepared to lose all the money you invest. Due to the nature, complexity and volatility of crypto, it may be perceived to be a high‑risk investment. There are no government or central bank guarantees in the event something goes wrong with your investment. CoinJar Europe Limited (CRO 720832) is registered as a VASP and supervised by the Central Bank of Ireland (Registration number C496731) for Anti-Money Laundering and Countering the Financing of Terrorism purposes only. CoinJar Europe Limited (CRO 720832) is registered as a VASP and supervised by the Central Bank of Ireland (Registration number C496731) for Anti-Money Laundering and Countering the Financing of Terrorism purposes only.