Ok, but how was the AWS infrastructure compromised? This appears to be the crux of the entire article.
AWS is very hard to break if you are using the IAM roles properly and avoiding manual secret management. If the only thing that can even sign a JWT is a very specific blessed EC2 instance that has exclusive access to KMS, your attack surface is nearly zero by comparison to a similar setup where administrators use email or Discord to communicate API credentials.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-role...
The protocol around using an HSM is just as important as the machine itself. It seems like some of us are going to be speed running PCI-DSS the hard way.
They used KMS to sign the minting operation, but they didn't "take" the key, AWS KMS doesn't let you extract keys.
There's no shortcut to MPC/multisig with 3+ keyholders.
A step by step breakdown of the attack Step 1. Gaining Access to Resolv’s AWS KMS Environment
They also had a smart contract which didn't do some proper checks, but the hack was only possible with the stolen private key. Whoever held the private key was able to mint a lot of money, unchecked.
So there was a traditional hack at the core of this heist, not just a smart contract exploit.
In EU countries, you can't now buy a car with cash. You have to buy a bearer's check from your bank, which is expensive, requires that both parties have a brick and mortar bank, and doesn't work cross-border. Stablecoins solve this.
Your money is safe with us. We promise. With lot less oversight than most other solutions for holding money...
As long as you burn as much electricity as Andorra does in a week just to make a transaction, you're probably a cryptocurrency. And that's their sole benefit it seems.
It's not like I forgo a lock on my front door just because my windows are made of glass.
Blockchain with central authority is the worst of both worlds.
"Only" ?!!! Poor thing.
Yeah $25m is only little but could still be useful
You can criticize their design, but you can't have a dude burning a CD-ROM every time someone wants some coins.
Yes, it's a pain to operate, but if the alternative is "the bad guys get all of our money", then it can be worth it.
.
It seems to me that their initial value is 1usd per token (or some other fiat I guess) and that's also the roof of their value: they kinda guarantee that they won't become more valuable than that.
They are less usable than fiat: more businesses accept fiat than crypto, especially weird and small coins like all stable coins are.
There isn't really a floor to their value, as demonstrated here.
I see plenty of downsides of owning one of these coins, but not a single upside?
Yet people apparently do buy them, so what is the upside? There must surely be something that's good about them?
So why use stablecoins and not use cash? When you want to quickly convert to/from a token (60 second not 6 days), but for a short period have a stable value. Or you want to avoid banks.
I.e. trading, gambling, drug deals, money laundering, etc.
The main use is just having something dollar-like that you can move around easily. That’s useful outside the US, but also for plenty of people inside the US depending on what they’re doing; especially businesses that have a hard time getting or keeping normal banking (cough gambling, porn, weed cough).
They’re handy inside crypto since you can move in/out of other assets without touching a bank. And sometimes you can earn yield on them, which is part of the appeal (with the usual “this can blow up” caveats).
Also, there’s a reason every company wants to launch one: if you control the stablecoin, you get the float and the rails. That’s a pretty nice business if people actually use it.
If you already have solid access to USD and don’t care about that flexibility, they’re less compelling.
But yeah, not risk-free at all (depegs, issuer risk, etc). And honestly there probably isn’t much real need for dozens of slightly different stables beyond the business incentives.
That... Actually makes sense.. Which is a rare feat for crypto!
But obviously...things happen. Just like cash is usually relatively non-volatile, but financial crashes happen.
then probably mix them via different methods
then sell them via OTC-style swap platforms like fixedfloat / changelly etc
> Trump Administration Likely to Un-ban Bitcoin Mixers, Dept. of Treasury Says They are “Not Unlawful”
I also dont mind the whole chain coming together to vote to reverse the transaction.
I also dont mind a bunch of people being unhappy with that and forking.
While I am happy to celebrate dumb crypto stuff, this isn't a situation where someone's code was "exploited." Their code was stupid, relying only on an off-chain private key to allow the minting of tokens. Their security was just also bad.
Now, as to why the SEC hasn’t regulated crypto out of existence.. I refer you to dementia Don
The contract relied on the key to mint new tokens. The hacker gained access to the key (through AWS) and with it minted as much as they'd like. It is certainly a valid take that a contract that only required the private key to mint an unlimited amount of the token isn't a good one, but you don't exploit someone's front door lock by grabbing the key from under the welcome mat.
