- The Sleuth
- Posts
- PayPal Joins Visa On Solana, Deeper Bitcoin Liquidity For Solana & More
PayPal Joins Visa On Solana, Deeper Bitcoin Liquidity For Solana & More
Also: How attackathons can redefine security audits.
Welcome back!
This is J264G and this week I’ve got these titbits for you:
Payments Ecosystem: PayPal USD (PYUSD) is now available on Solana.
Bitcoin Liquidity: 21co launches 21BTC, bringing native Bitcoin to Solana.
DeSoc App: Is pump.fun slowly turning into Solana’s main DeSoc platform?
It seems as if crypto is increasingly taking centre stage.
Jobs not done, though ⬇️
Crypto needs to stay weird enough and long enough to disrupt the big tech incumbents.
— toly 🇺🇸| bip-420 (@aeyakovenko)
8:25 PM • May 29, 2024
Now, let’s jump right into this week’s newsletter!
Click on any underlined heading/hyperlink to learn more.
Spotlight
Attackathons
A couple of weeks ago I discussed crypto security in general, and insider threats in particular.
The general premise was that crypto projects need to significantly enhance their security to safeguard funds from both external and internal threat actors.
An initiative that might help accelerate security adoption and development are attackathons — a term coined by Immunefi.
Immunefi is excited to announce that we've joined forces with @fuel_network to launch the $1.3M Attackathon - the largest competition series in history!
🎯 The Fuel Attackathon Education Period Starts on June 3rd
🎯 The Fuel Attackathon Hunting Period Starts on June 17thLearn… x.com/i/web/status/1…
— Immunefi (@immunefi)
4:16 PM • May 31, 2024
The operational framework of attackathons is pretty simple:
Phase 1: Participating crypto projects — systems, protocols, and apps — are presented.
Phase 2: Next, registered ethical hackers, security researchers, and developers get a deep dive into the crypto project they’ve selected to pen test.
Phase 3: Then, the rules of engagement are presented, and the security professionals are onboarded to a structured environment which allows them to discover and report vulnerabilities.
Phase 4: The vulnerability reports are reviewed by a panel of experts, who validate the findings and determine the severity of the issues. Afterwards, rewards and bounties are distributed based on the impact and significance of the reported vulnerabilities.
Phase 5: Finally, participating crypto projects extend offers for invite-only programmes to registered security professionals who have made a name for themselves during the attackathon. In these programmes, further rewards, bounties, and job offers are up for grabs.
As such, attackathons have several benefits.
But most importantly, they redefine what a security audit can be.
Traditionally, a security audit involves one or two security auditors poring over code and writing a report, which helps the contracting crypto project weed out vulnerabilities. If substantial funds are available, this process might be repeated every time the codebase changes or major releases go live.
This approach, however, gives a false sense of security.
That's mainly because most auditing firms have the same perspective and expertise. Attackathons, however, bring together ethical hackers, security researchers, and developers from various backgrounds — allowing for a diverse set of perspectives and expertise. This supercharges unique problem-solving approaches, which can lead to the uncovering of issues that may have been overlooked by internal teams or more established auditing firms. By harnessing a global talent pool, attackathons can thus significantly enhance the robustness of crypto systems, protocols, and apps.
Moreover, attackathons provide an educational platform for both participants and crypto projects. For participants, these events offer hands-on experiences with cutting-edge technologies and real-world security challenges. They also provide an opportunity to engage with and learn from other security experts in the field. For crypto projects, the feedback from these events is invaluable, offering insights into trends, vulnerabilities, and areas for improvement. This collaborative learning environment helps to advance the field of crypto security as a whole.
Attackathons also help build a culture of transparency and trust within the crypto community. By publicly acknowledging the contributions of ethical hackers, security researchers, and developers — and rewarding them for their efforts — crypto projects can demonstrate their commitment to security and their willingness to engage openly. This transparency can enhance the reputation of the crypto projects involved, fostering trust among users, investors, and other stakeholders.
Obviously, attackathons are only one of many innovations in the crypto security space.
.@coinbase@kraken@circle and other cryptocurrency heavy hitters are among the founding members of @Crypto_ISAC, a group formed to guard against cyberthreats and exploits.
@MarcHochstein reports
— CoinDesk (@CoinDesk)
1:01 PM • May 29, 2024
But we need as many shots on goal as possible to safeguard our digital future, and community-driven initiatives such as attackathons are always worth pursuing.
The only question that remains: When will the first Solana attackathon take place?
Chart Of The Week
The @solana (fee) economy is growing.
— Token Terminal (@tokenterminal)
1:05 PM • May 30, 2024
News Bites
Payment Ecosystem: PayPal USD (PYUSD) is now available on Solana. The financial technology company chose to expand to Solana due to the network's cost-effectiveness, high throughput and speed of settlement, and token extensions — which allow for better compliance. With the help of PYUSD, merchants, businesses, and individuals will benefit from more frictionless merchant payments, p2p payments, cross-border payments, and remittance. And most importantly, PYUSD enables PayPal to serve as a new, more robust fiat-to-crypto on/off-ramp. If you're a developer, here's how to get involved with PYUSD.
Payments with @PayPal USD on Solana are as easy as a tap — just check out this demo with @phantom mobile and Solana Pay 👻
— Solana (@solana)
3:14 PM • May 29, 2024
Omnichain Messaging: LayerZero went live on Solana — unlocking omnichain messaging with Ethereum, Arbitrum, Optimism, Base, BNB Chain, Avalanche, and Polygon. This, however, is just the start, as support for an additional 60+ blockchains will be rolled out soon.
1/ LayerZero is live on Solana.
— LayerZero Labs (@LayerZero_Labs)
5:01 PM • May 29, 2024
Bitcoin Liquidity: 21co just launched 21BTC, bringing Bitcoin to Solana. 21BTC is native to Solana, 100% backed by BTC, and doesn't rely on a lock-and-mint technology — enabling better security and true self-custody.
DeSoc App: The pump.fun team recently added livestreaming to the platform. While everyone is still searching for Solana's first true DeSoc play, pump.fun might just be the social app we're looking for.
Derivatives Exchange: You may know Mango or Drift. Now, there's a new perpetual futures DEX in town: Adrena. Some of the platform's benefits include 100x leverage, 0% slippage, 100% revenue share, and an open-source codebase.
Caught In 4K
Visa ✅
Stripe ✅
PayPal ✅
WorldPay ✅
Grab ✅
______ ⏳Commerce is happening on Solana
— Austin Federa | 🇺🇸 (@Austin_Federa)
2:19 PM • Jun 1, 2024
Weekly Take
It’s all shipping. Every time I talk to anyone from eth I get 100 different solutions that are all in proposal stage. Like 10 years of roadmap for any single problem. Whats definitely shipping in the next 8 weeks, that’s what matters.
— toly 🇺🇸| bip-420 (@aeyakovenko)
9:16 PM • Jun 1, 2024
Keks & Giggles
There is something incredibly hilarious about Ethereum being like 10 years into development and having to ask its own community what they can tell newcomers it does
— Gwart (@GwartyGwart)
11:52 PM • May 28, 2024
And that's a wrap!
If you'd like to reach me, respond to this newsletter or reach out to me on 𝕏.
Talk soon!
DISCLAIMER
None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Please be careful and do your own research. Lastly, please be advised that we discuss products and services from our partners from which our team members may hold tokens/equity.