![\"Altcoins](\"https:\/\/www.valuewalk.com\/wp-content\/uploads\/2022\/08\/Altcoins-768x493.png\" "\\"Altcoins")
\n <\/div>\nThe most recent in a series of DeFi<\/a> hacks happened less than 36 hours ago to the Nomad project. The ambitious dApp promised cross-chain interoperability with \u201cincreased safety\u201c, giving developers the option to \u201csecurely build cross-chain applications (or xApps) and bridge assets between chains\u201d. It was namely this feature that got exploited, letting hackers and allegedly random users on public Discord servers drain over $190 million worth of cryptocurrencies through the project\u2019s bridging Smart Contract in what is dubbed as the \u201cFirst Decentralized Robbery\u201c.<\/p>\n \t<\/p>\n Get The Full Series in PDF<\/p>\n Get the entire 10-part series on Charlie Munger in PDF. Save it to your desktop, read it on your tablet, or email to your colleagues.<\/p>\n<\/div>\n <\/p>\n Q2 2022 hedge fund letters, conferences and more<\/strong><\/em><\/a><\/p>\n \u00a0<\/p>\n Statar Capital Is Still Enjoying A Healthy YTD Return Despite June Setbacks [Exclusive]<\/p>\n Our Analyst Team at BestBrokers<\/span><\/a> started looking into Blockchain data, related to the hack, in the first hours after the news broke. Our goal was to build the timeline of what happened and diagnose the repercussions. We identified the first 4 hack transactions occurring on 1 August at 21:32:31 UTC, draining the Smart Contract of 100 Bitcoins each. This continued until all 1028 BTC were siphoned off within less than an hour. The hackers then proceeded to divert all 22,880 Ethers, then moved on to the over $107M worth of stablecoins and finally started diverting the altcoins, supported by the project, until there was nothing left in the contract.<\/p>\n This event logically dragged crypto prices down but unlike the established cryptocurrencies<\/a> (BTC and ETH) and stablecoins, some altcoins that were involved suffered as much as 94% decline. Our team got a deeper look into the most affected cryptocurrencies \u2013 CARD.STARTER (CARDS), Charli3 (C3), Covalent (CQT), IAGON (IAG), and GeroWallet (GERO):<\/p>\n Just a few days after the cross-chain messaging protocol, Nomad, announced the participants in their $22.4 million seed round of April 2022, again highlighting the importance of security, the company went from hero to zero \u2013 literally. On 2 August the company reported the latest DeFi hack which led to the company\u2019s entire capital being drained. The interesting part is that the whole event could be witnessed live on Twitter, as crypto influencers were reporting as the hack went on.<\/p>\n The hackers took advantage of a wrongly-initialized merkle root, used in cryptocurrencies to ensure that data blocks sent through a peer-to-peer network are whole and unaltered. Nomad\u2019s bridging Smart Contract<\/a> in its current version was initialized with the 0x0 merkle root, effectively auto-proving any transaction message to be valid.<\/p>\n The ironic part is that allegedly a similar vulnerability to the one that just got exploited was highlighted in a Security Audit Report done by Quantstamp on 6\/6\/2022. It can be found under \u201cQSP-19 Proving With An Empty Leaf\u201d on page 7 of the still publicly available report and is deemed as \u201cLow Risk\u201d. By the update under the recommendation it is evident that the Nomad team have been made aware of the vulnerability and even responded to Quantstamp\u2019s suggestion with \u201cWe consider it to be effectively impossible to find the preimage of the empty leaf\u201d. The auditors\u2019 comment is reading \u201cWe believe the Nomad team has misunderstood the issue.\u201d The issue in the audit highlighted the possibility for some invalid transactions to be validated unrightfully. What happened in the hack was that due to a wrongly-set merkle root (the number used to \u201cprove\u201d valid transactions) in Nomad\u2019s current Smart Contract ALL transactions were in essence auto-validated.<\/p>\n An interesting aspect of this particular vulnerability is the fact that in order to exploit it, anyone could just copy the initial hacker\u2019s transaction calldata (the data you pass to a Smart Contract) and just modify the destination wallet address to their own. That way it was just a matter of Copy-Pasting the original transaction for anyone to start draining Nomad\u2019s Smart Contract. It is reported that at some point after the original hackers took out all BTC, ETH and part of the stablecoins the hack was touted on some public Discord servers. This is believed to be done by the hackers in order to cover their tracks and soon after random users started joining in on the loot, turning this into the First Decentralized Robbery.<\/p>\n This included some Whitehats that did so just in order to save part of the funds from getting into the wrong hands. They pledged they would return the funds later.<\/p>\n All of the altcoins involved in the heist took serious damage. Despite the great losses, some of them saw strong recoveries with CQT price going from -57% to -26% compared to the pre-hack levels. On the other hand C3 (-93%) has a long way to recover as their prices recovered to -54% at some point but dropped again to -86% currently.\u201cWhen such significant drops occur, the way back proves to be way too hard for most of the affected assets. Although cryptocurrencies are more volatile and cannot be just written off, the most suffering coins from this hack will most probably have a hard time getting back to previous levels.\u201d<\/em> \u2013 comments Alan Goldberg, analyst at BestBrokers.<\/p>\n![\"Charlie](\"https:\/\/www.valuewalk.com\/wp-content\/uploads\/2017\/06\/Warren-Buffet-Charlie-Munger-ValueWalk-compound-interest.jpg\")
\n<\/div>\n<\/div>\n<\/div>\n![\"invest](\"https:\/\/valuewalkpremium.com\/wp-content\/uploads\/2021\/12\/invest_1639495597-1024x678.jpg\")
Statar Capital generated a net return of 0.21% for June, bringing its year-to-date return to 23.72% for 2022. Since its inception, the commodity fund has generated a return of 352.88%. Statar Capital has $3.5 billion in assets under management. The fund reported a daily correlation of -0.04 to the S&P 500 and 0.04 to the Read More<\/a><\/div>\n![\"Altcoins](\"https:\/\/www.valuewalk.com\/wp-content\/uploads\/2022\/08\/Altcoins.png\")
<\/a><\/p>\nWhat Happened?<\/span><\/h2>\n
The Writing Was On The Wall?<\/span><\/h2>\n
The First Decentralized Robbery<\/span><\/h2>\n