Monthly Update: December 2023
In December, Dries joined our team as a part time software engineer and he will be helping us with the development of Revoke.cash. Dries is a long-time friend of the team, and we're very happy to have him on board. Halfway into the month, the crypto space was shaken by a number of exploits, including the Ledger Connect Kit exploit, which affected Revoke.cash as well. We've spent significant time on explaining what happened on social media.
New: The Revoke.cash Blog
We created our Learn section earlier this year in June. We created this section to help people understand more about the crypto space, wallet security and the role of Revoke.cash. This Learn section has been read by many users since we initially published it, but we were missing a place to share news and updates.
That's why we created this blog. We will use this blog to share updates about Revoke.cash, but also to share our thoughts on the crypto space and wallet security. We've retro-actively published monthly updates for the past year, and we will continue to do so going forward. We hope this helps interested users to stay up to date with what we're doing.
The Revoke.cash Team Grows
Those who have been following Revoke.cash' journey know that it started as my (Rosco) personal side project back in 2019, which turned into my full-time job in 2022. And while the project has grown a lot, most of the work in the company is still done by me alone. This includes development, marketing, support, and everything else that comes with running a company.
But starting this month, we will have more help on the development side of things. Dries, a long-time friend of the team, has joined us as a part-time software engineer. Dries will be helping us with the development of Revoke.cash, and we're very happy to have him on board.
Dries has previously done freelance work for Revoke.cash, and he was the one who created the Revoke.cash Exploit Checker, a tool that has since been used by many people to check if their wallets were affected by exploits and hacks.
Fixes and Improvements
The end of the year is always a good time to work on squashing some extra bugs, and that is exactly what we did. Among other fixes, we fixed longer-standing issues with our Avalanche integration, long-standing issues with very active wallets, and issues with certain tokens that don't properly follow token standards. We also moved our DNS to Cloudflare, which will help with caching and performance going forward.
Ledger Connect Kit Hack
On December 14th, malicious actors were able to compromise a popular library used to connect with Ledger wallets. This library was used by many applications, including SushiSwap and Revoke.cash. As soon as we were made aware of the exploit, we took our website offline and were able to remove the affected library from our website.
Most affected websites were able to move swiftly and remove the affected library. Ledger was also quick to respond and released a new version of the library that fixed the exploit. However, crypto users still lost about $600k in the exploit. We've released a full statement on our blog that explains in detail what happened, and what lessons can be learned from this event.
New Exploits
December had some more craziness up its sleeve. Only two days after the Ledger Connect Kit Hack, two even bigger exploits happened. On the 16th, users of the popular NFT marketplace NFT Trader lost close to $3m worth of NFTs, mostly bored apes. And on the 17th, users of the NFT fractionalization protocol Flooring lost close to $2m worth of NFTs. We created exploit checkers for these exploits so you can see if you're affected below.