Cyberpunks begat Cryptophunks and there’s a war in the metaverse.
Blockchains are many things, but ultimately they are virtual digital computers that operate on consensus. There is a digital state, rules to transition that state, and a consensus mechanism to agree that the state transition rules are being followed correctly. In the ruleset, public-key cryptography is used to enforce an accounting system, namely: only the holder of a secret private-key can spend the funds associated with a public-key by digitally signing a transaction message with said private-key. (Here, “key” means a randomly generated, arbitrary 256-bit binary number, where the public number and private number are inextricably linked through an agreed-upon algorithm.) When signing a transaction and broadcasting it to the network of miners, a network fee and miner tip are typically included to (1) disincentivize spamming the network with unnecessary transactions and (2) prioritize one’s transaction among the pool of miners. The miners are responsible for batching these transactions into a file of some size specified by the ruleset (a “block” or “blockfile”), enforcing the rules that govern the transition of the digital state, performing the consensus algorithm, and finally pointing each block to the signature of the block that came before it, forming a chain. Hence: blockchain. As a reward for all this labor, the miners are incentivized with a reward of funds native to the chain.
Simple enough? It might take a few more encounters for these concepts to jell in one’s mind, but the main point is that all the details beyond the above formulation are up-for-grabs. Engineering decisions, such as: What size should the blocks be? What should be the consensus mechanism? Should the ruleset allow for arbitrary “Turing-complete” computation, or is that too costly and onerous? And economic ones: What fee mechanism do we impose for users and what reward do we give to miners? Shall the total supply of funds be unlimited or not?
Enter the blockchain wars.
The vast majority of attacks in Web3 are of the phishing/social engineering variety, not a rootkit worm getting full access to the contents of your hard disk & memory.
Here are a few instances of real-world attacks:
In the following case, the author enters his seed phrase into a form claiming to be an airdrop for Olympus DAO after seeing a notification pop up on Discord: