The Dip - Amazon Supporting Avalanche, and How to Take Control of Your Crypto Wallet | Issue #5
A Look into This Week's Latest Crypto News and Security Tips
Amazon Supporting Avalanche
Crazy news for the Avalanche and crypto community. Yesterday, Jan 11, Avalanche announced a partnership with Amazon, bringing scalable blockchain solutions to enterprises and governments.
This will be made possible through Amazon Web Services (AWS), which now supports Avalanche-based nodes, infrastructure, and Dapps. This is Amazon’s first time integrating blockchain technology into AWS, the world’s top web service with over a million daily active users.
“Critically, Avalanche node operators can run in AWS GovCloud (an isolated AWS region designed specifcially for US regualted workloads) for FedRAMP compliance use cases — a vital capability and a pre-requisite for enterprises and governments”
- Avalanche
Before now, I never gave Avalanche much attention. I respected them as a top layer-1, but I was always more attracted to the “sexier” options, like ETH, SOL, etc. However, Avalanche has shown they are here to stay and have clearly earned investors’ respect with a ~25% intraday increase following the announcement. Great Stuff.
Within four months, Google launched a Solana validator node, JP Morgan used Polygon for its first-ever Defi trade, and Amazon integrated Avalanche into its AWS infrastructure. 2023 is looking to be the year of mainstream blockchain integration, the stepping stone of mainstream adoption.
“At AWS, we are all about bringing the most cutting-edge technologies to builders, no matter if they sit in a multi-million-dollar enterprise, a government office, or a dorm. The new capabilities brought by Avalanche enable us to do just that”
- Howard Wright, VP and Global Head of Startups, AWS
How to Take Control of Your Crypto Wallet
Due to the decentralized nature of blockchain technology, it’s rare for “hacks” to occur on base network layers — mainly referring to the big boys (or girls) like ETH, BSC, ADA, etc. However, protocols on these network layers get exploited constantly due to faulty code, bridge exploits, flash loan-funded attacks, etc. Although these events cause massive losses, they are still few and far between compared to the number of phishing attacks happening daily.
Phishing attacks in Web3 are a little different than in Web2. Traditionally, phishing attacks aim to steal login info, credit card credentials, etc. But in Web3, the target is your wallet and its assets. For example, last week, I covered a story where CryptoNovo, a well-known personality in the Web3 community, was potentially phished and signed a transaction granting allowance to his wallet. As you would assume, this resulted in various high-value NFTs being stolen, such as CryptoPunks, Clones, etc.
If you are active in the cryptoverse or have been for the past few years, you have signed an allowance. This is the nature of the blockchain and is how we interact with protocols. This means we, as users, must conduct constant maintenance and audits of our wallets and assets, which I know we all do, right? :P
When using dapps like Uniswap or OpenSea you have to grant them permission to spend your tokens and NFTs. This is called an allowance. If you don't revoke these allowances, the dapp can spend your tokens forever. Take back control by revoking your allowances.
- Revoke.cash
Yes, this is my shill for Revoke.cash. This is, unfortunately, not sponsored, but I love their product and believe everyone should use a service similar to this for wallet maintenance. According to the FAQ on the Revoke.cash website, when using the revoke feature, you “set the allowance to 0 (for ERC20 tokens) or "false" (for NFTs),” therefore disconnecting the allowance with the corresponding asset. You can verify that Revoke.cash is revoking the allowance by clicking "Edit Permission" (for ERC20 allowances) or the "data" tab (for NFTs) in MetaMask.
The following is a snapshot of the platform’s new UI. If you already use revoke.cash but prefer the old UI, you can still access it through the official links in their Discord server.
Before you use Revoke.cash, there are things you need to know. First, there are trade-offs when revoking allowances. For example, let’s say you are an avid user of Uniswap, the biggest and most widely trusted swap protocol in the space. If you were to revoke allowance from Uniswap but then decide to use the platform afterward, you would have to sign another transaction granting allowance to swap tokens. For you NFT MFers, the following is an example you can better relate to.
“If you have active listings on OpenSea you need to keep the allowances in order for the listings to remain active.”
- Revoke.cash
Therefore, when it comes to trusted protocols like Uniswap, it may be better or more convenient to leave it as is. The transactions you need to be wary of are those connected to newly launched, untrusted, and unfamiliar smart contracts.
Second, when revoking NFTs or tokens, nothing happens to the underlying assets. This applies to both deposited and staked assets.
Tokens will stay deposited, and you will still be able to withdraw them. However, if you want to add more tokens to your deposited position, you will need to grant an allowance again.
Revoke.cash
Lastly, even if you have a hardware wallet, you are NOT safe from malicious allowances. Yes, hardware wallets are fantastic for protecting private keys. However, private keys are NOT necessary to steal assets when dealing with allowances. This is why constant maintenance of allowances is imperative to your overall wallet security.
For a combo wombo, check out last week’s post, where I walk you through a simple wallet structure to diversify risk among your assets.
Good read!