Notes of the week
March 20th 2022
Make $10M in 1 year in the crypto
My current ideas
Start a Crypto Security company. Gather a group of engineers, focus on finding bugs in crypto contracts and crypto products. When you find one, disclose it to the proper team and collect the bug bounty. Day in and day out be hunting for bugs and establishing yourselves as one of the best teams at finding loopholes, bugs, and crypto gotchas. Each month do significant PR on how great your team is at saving projects, companies, the crypto universe incredible sums of money. Wait for a big, well-funded crypto company to have a dire need for a better security team — and sell. I suspect OpenSea would have gladly acquired a company in the security space in the 50-100M range (in stock) right after their fundraise.
Start a crypto company. Raise money. Hire 10 engineers and 2 designers. Spend 9 months learning and building stuff in crypto — as in the engineers don’t need to know anything about cryptocurrency at the start. You don’t need a business model. Spend the 9 months learning the ins and outs of the crypto universe, how to code in Solidity, how to avoid some of the common hacks and bugs. Sell the company to a much larger / better-funded company. Effectively selling the team for 1-5M per person.
I see this as a repeat of the hype and demand for “social” companies in 2009-2012. Anything social was valuable in part because the big companies were trying to play catch-up and understand social. To win with this idea you need to be a real deal maker — as CEO you need to be starting the coffee meeting tour immediately with potential buyers / VC / Industry experts — not to sell -- but to understand the needs of the bigger companies.
Collect a small team of engineers that every day tries to hack every crypto contract. New contracts and contract updates are frequently released. There is just so much code there are bound to be bugs. And bugs mean there is a way to exploit the contract and make off with crypto. I find the question as to if this is ethical interesting — as surely it is exploiting an unintentional loophole. yet, crypto communities often say “code is law” — so the bug is fair game?
So far, it has largely been “good” hackers that find these problems and alert the project (and get a small payout). I’m genuinely curious why the “bad” hackers aren’t out in force. Is it too hard to turn the ill-gotten gains into actual cash? Is bug-finding actually incredibly difficult and rare? It would seem the money is so significant it would be worth the attempt.
I think the time horizon for this to succeed is probably 2-3 years — but with a payout in crypto > 100M.
A few recent “opportunities”:
This is a good thread about the recent OpenSea “hack”. The short version is, OpenSea created a situation in which old auctions were still valid — so if your current auction for your NFT was canceled — the old auction (with the old, lower buy now price) was valid. And then when OpenSea told their users how to “fix” the situation — this actually made things worse — because crypto transactions are based on which block is mined first — and you can skip the line if you pay a lot. So — if Jeff wants to stop the sale of his NFT at the low price, but Mary wants to buy at the low price, Mary can pay the low price + enough money to move her transaction to execute first — now it is Mary’s NFT!
Coinbase had a similarly bad situation here:
250K is nothing compared to the damage that could have been done to both Coinbase and the entire crypto market.