Top Stories of the Week - 8/25

This week in the newsletter, we write about the dissolution of USDC’s Centre consortium, OpenSea removing NFT creator royalties, and a vulnerability in DeFi application Balancer.

Subscribe here and receive Galaxy's Weekly Top Stories, and more, directly to your inbox.

Centre Consortium disbands, putting Circle solely in charge of USDC

Coinbase and Circle reach new agreement to streamline operations and governance of USDC. Circle will have full responsibility and accountability as the issuer of USDC. The Centre Consortium (consisting of Circle and Coinbase), which operated as a jointly managed governing body for USDC, will cease to exist. According to the joint announcement, the new operating structure will “enhance the direct accountability of Circle as the issuer, including holding all the smart contract keys, complying with regulations on governance of reserves and enabling USDC on new blockchains.”

Circle will be launching USDC on 6 new blockchains (now confirmed to include Base, Cosmos, NEAR, Optimism, Polkadot, & Polygon) over the next two months, which would bring the total to 15 blockchains with native USDC issuance. Coinbase is also taking an equity stake in Circle so that the two companies “will have even greater strategic and economic alignment.” Coinbase and Circle will continue with their rev share agreement based on the amount of USDC held on each parties’ platforms, and under the new arrangement, they will “equally share in interest income generated from the broader distribution and usage of USDC.”

OUR TAKE:

The original plan for Centre may not have played out as intended as the Consortium failed to expand beyond the two founding members (for whatever reason). Going forward, Circle having full responsibility and accountability over USDC should be helpful for both Coinbase and Circle. Both companies are fighting their own set of regulatory battles for their primary business activities (as an exchange/custodian and as a stablecoin issuer, respectively). With these two activities likely to fall under the purview of separate regulatory agencies, it will may be simpler for all parties to manage if oversight of USDC fell under one single entity.

For Coinbase, USDC will continue to be complementary to its product suite. USDC provides Coinbase with more touchpoints to its customers, starting from their interactions on the exchange (as a base pair for trading and as an interest-bearing asset) and with interactions on-chain (facilitating deposits/withdrawals across a number or networks that native USDC operates, and through the Coinbase Wallet interface). Circle’s CCTP can also enables favorable bridging experiences for Coinbase users. For Circle, Coinbase can still serve as the main distribution/onboarding channel for USDC, and the aforementioned products will facilitate greater scale and utility. With the 6 new blockchains to be added, the demand for fee-less CCTP transfers is even greater, especially as third-party bridging solutions have yet to be established between EVM-based chains and new chains like Cosmos and Polkadot.

USDC will still feel very much like a Coinbase product and not much should change for its userseven though Coinbase is no longer part of the Centre Consortium. The separation simplifies the management of USDC, which should be helpful for legislators in their efforts to establish better operating guidelines for US crypto companies. – Charles Yu

RIP NFT Royalties

On August 17th 2023, OpenSea made the controversial decision to remove mandatory royalty fees that sellers had been mandated to pay. Starting on August 31st 2023, OpenSea will move to an optional royalty model for all new collections, thereby phasing out the 0.5% mandatory royalty fee introduced in February 2023. Alongside this, the "operator filter" on OpenSea — a tool utilized by new collections to enforce royalties by blacklisting rival marketplaces — will also be retired. After OpenSea’s decision to remove royalties, Yuga Labs, the largest NFT studio in the world, stated that the firm will gradually wind down its use of OpenSea’s Seaport marketplace smart contract by February 2024.

Since OpenSea lowered their royalty fee to 0.5% in February 2023, the number of royalty paying users on the platform decreased 83%. Now, OpenSea will have to win back users and overcome the fact that they changed their entire stance on NFT royalties over a 9-month period.

OUR TAKE:

Royalties have always played a crucial role in the Web3 creator economy thesis. Since the dawn of NFTs, royalties have served as a compelling incentive for Web2 creators to transition to the new medium. While Web3 promises a myriad of benefits, from a business lens, royalties remain unparalleled due to their consistent on-chain revenue generation. This has not gone unnoticed. Pioneering Web3 entities, like Yuga Labs, have earned millions from NFT royalties and demonstrated a lucrative avenue for Web2 giants. The figures speak volumes: major brands such as Nike, Adidas, Gucci, Dolce & Gabbana, and Time Magazine have collectively netted over $103 million in NFT royalties from secondary sales. To put this into perspective, half of Nike’s total NFT revenue, which stands at $186 million, is derived from royalties alone.

But what if this revenue stream dries up? Any move to eliminate this consistent revenue source in a bear market could deter Web2 giants from launching NFT initiatives at all. Without notable brands buying into the Web3 creator economy thesis, the fate of NFTs lies in the hands of Web3 native brands alone. Additionally, when considering the end goal of mass adoption for Web3 products, Web2 juggernauts will presumably play a critical role through leveraging their sizable user and customer bases. It’s unclear whether traditional brands or Web2 giants will see value in NFTs if they cannot earn revenue from royalties.

If royalties do completely disappear – and that is the trend –Yuga Labs and other creators and studios may be compelled to launch their own in-house marketplaces that enforce royalties. This is an outcome we predicted last year in our report on NFT royalties and it appears we are headed in that direction. This trend of NFT ventures creating their platforms isn't new; CryptoPunks pioneered it back in June 2017. While this framework is not the current norm, entities like BAYC’s DAO and Artblocks have already set the stage with their royalty honoring marketplace aggregators in response to the no-royalty trend. It's noteworthy to mention that these marketplaces merely only force the mandatory 5%-7.5% royalty fee and do not consist of their own independent listing. Ultimately, though, we believe this is a bad outcome for users, fragmenting liquidity and effectively counteracting some of the primary benefits of building these digital collectibles on open blockchain architecture.

Yuga specifically is likely to launch their own royalty-enforcing marketplace, though they haven’t announced it yet, given that royalties are their primary revenue stream. Yuga Labs has amassed a staggering $179 million in royalties since April 2022. If they were to migrate their collections in-house, we should expect Yuga's marketplace to use their own operator filters to blacklist traditional marketplaces like OpenSea and Blur. As a result, overall trading volumes for OpenSea and Blur will decline significantly. Whatever Yuga decides on these issues will have major impact on the future of the NFT market given that that IP they own constitutes at least 38% of the total market cap of all NFTs. If Yuga establishes and normalizes royalty-centric marketplace, other leading NFT studios might emulate this, potentially sidelining traditional NFT marketplaces. - Gabe Parker

Balancer Team Urges Users to Withdraw Funds Due to a ‘Critical Vulnerability’

On Tuesday, August 22, the team behind decentralized exchange (DEX) Balancer reported a “critical vulnerability” in their code, affecting close to 300 trading pools across 8 chains. The team encouraged users to withdraw liquidity from “at risk” pools immediately. The nature of the vulnerability was not disclosed to mitigate the potential of it being exploited by a malicious actor. “This vulnerability has not been exploited, and no funds have been lost,” wrote Jeff Bennett, a software engineer at Balancer Labs, in a Balancer forum post. Details about the exploit will be released “shortly”, Bennett added, presumably once user funds are secured, and the threat of the vulnerability has been mitigated.

Bennett said that a personalized page on the DEX’s user interface has been created to help users determine whether their funds reside within one of the Balancer’s at risk pools and need to be moved immediately. Since news of the vulnerability was announced on Tuesday, over $200mn worth of assets have been withdrawn from Balancer. Also, the members of the Balancer Emergency SubDAO, which is a multi-signature wallet that can initiate emergency protection measures over the application in the event of a potential loss of funds, has voted to pause certain pools from further trading activity. Due to these measures, the Balancer team estimates that only roughly 1.4% of total value locked, roughly $10mn, remains at risk.

In January, the Balancer team reported a critical vulnerability in five pools impacting roughly $6.3mn worth of crypto assets. In March, contagion from a flash loan attack against Euler Finance, a decentralized lending platform, resulted in approximately $11.9mn worth of funds from a Balancer pool being sent to Euler at the time of the hack. In May, an issue with Balancer’s Stable Pools and Managed Pools that could only be exploited by known pool owners or governance participants was disclosed through the Balancer bug bounty program.

OUR TAKE:

Hacks and exploits of decentralized finance (DeFi) protocols are commonplace. Since the explosion of innovation and interest in DeFi in the summer of 2020, often referred to as “DeFi Summer,” billions have been stolen by hackers from DeFi users. In the first half of 2023 alone, blockchain security firm PeckShield reports that $480mn has had stolen through DeFi-related exploits, though this is down from $2.5bn during the first half of 2022.

DeFi hacks are also not isolated to smart contract based financial applications and services that are unaudited or new. Balancer V2 has been live since May 2021 and the protocol code audited by multiple blockchain security firms including Certora, OpenZeppelin, Trail of Bits, and ABKD. Outside of Balancer, other major and longstanding DeFi apps that have been hacked in recent months include Curve and Yearn.finance.

Unexpected and unforeseen loopholes in smart contract code are seemingly unavoidable in DeFi, which is why most DeFi apps today rely on fail-safe mechanisms like multi-sig wallets to shut down the operations of an application in the event of an exploit and lucrative bug bounty programs financed by deep-pocketed VCs and project investors. Battletested DeFi apps like Balancer, though not immune to vulnerabilities, are supported by a development team that has nailed down a relatively smooth process to address failures through well-timed, well-communicated disclosures to their users and the members of the Balancer Emergency SubDAO.

The evolution of many DeFi apps and services to become more effective at handling vulnerabilities in code has also inevitably led to higher levels of centralization and weaker guarantees of censorship resistance. Code that can be upgraded and shut down in response to a malicious hacker may also be influenced in response to a court order or change in law. Therefore, it is important for DeFi users and developers to once again consider the value proposition of DeFi and the limits to a DeFi application’s code complexity before some levels of decentralization must be sacrificed for the sake of security. - Christine Kim

Charts of the Week

ZkSync Era maintained daily profit margins exceeding the revenue weighted average margin of leading Optimistic rollups (Base, Optimism, and Arbitrum) through its first four months post mainnet launch. However, Optimistic rollups began churning out healthier margins than that of zkSync since late July. From late March, the weighted average daily margin of Optimism, Arbitrum, and Base has been 21%; compared to zkSync Era’s 41%.

While both rollups pay costs to post data to Layer 1 (L1), ZK rollups carry additional costs to verify proofs. Only a monthly basis, zkSync Era has paid 1.4x to 1.82x more to post data to L1 than it has to verify proofs. Since launch, the rollup has paid a total of $8.1 million to verify proofs, and $12.5 million to post data to L1.

On August 21 Base achieved a daily Transaction Per Second (TPS) count of 15.87, pushing its 7-day SMA to 8.9 TPS. At the current level, Base’s rolling average TPS is level with Optimism’s all-time high and is 48% below Arbitrum’s high of 17.23 TPS.

Friend.Tech played a strong hand in driving Base TPS on August 21. On this day the application was responsible for more than 524,000 transactions, accounting for 38% of all Base activity. Cumulatively, Friend.Tech users have transacted on the platform 2.02 million times (as of August 23) since it launched on August 10.

Tornado Cash 30-day net flows (deposits less withdrawals) fell into negative territory – that is, more value is leaving the protocol than is entering it – in the wake of the recent court ruling deeming Tornado Cash a punishable associating and the arrest of Roman Storm.

Other News

• Coinbase outlines decentralization plan for Base with fault proofs and OP client diversity

• DEX aggregator 1inch goes live on Coinbase's Base network

• Tornado Cash's Storm arrested by FBI, Semenov added to sanctions list

• USDC launching on Polygon PoS, Base and Polkadot blockchains

• Solana Pay integrates with Shopify for digital dollar currency payments

• Fidelity-backed EDX selects Anchorage Digital for clearinghouse custody

• OpenSea ends support for BNB Smart Chain

• Offchain Labs says Arbitrum wasn't down for an hour, despite transaction issues

• Aave V3 is now live on Base

• Bitstamp to stop Ether staking in U.S. amid regulatory scrutiny