One problem, Two solutions: NFT theft and why warm.xyz and delegate.cash are fairly similar
Despite what you might have heard, delegate.cash is not "far superior" to warm.xyz - both are solutions that protect our NFTs and do so in a similar way.
gm bear market dwellers.
Are we at the bottom? Maybe, maybe not. Nobody knows. But I do know one thing: there are a lot of smart people that chose to stick around and continue building. There are new protocols launching, new marketplaces, and new debates (0% royalties, anyone?). The market may be down but the community is more lively than ever. So subscribe to this newsletter (it’s free), share it with a friend, and let’s build.
Today, I want to talk about stealing. It’s one of the first lessons we’re taught as kids: don’t steal. By definition, stealing is when you take something that isn’t yours, without asking. Stealing is (obviously) bad. But it seems there are always some bad apples that choose to ignore this and do it anyway. From the candy bar at the convenience store to full-on bank heists - humans have a problem with stealing. In years past, the biggest heists would happen in the physical world - like when $18.9 million was stolen out of an armoured vehicle in Los Angeles in 1997, or when $920 million was stolen from the Central Bank of Iraq one day before the war began in 2003.
These days though, things are different. Stealing IRL isn’t in vogue anymore (nor is it as lucrative). Why risk physical injury, arrest (or even death) by robbing a bank when you can steal $100 million dollars with a few clicks of your mouse, from the comfort of your couch? No henchmen, no getaway car, no police cars, no mess. Sorry Driver, keep the adrenaline, your services are no longer needed.
The modern-day getaway car is how quickly you can cover your tracks on the blockchain, or by living in a nation-state that doesn’t care to prosecute crypto hacks. These days though, it’s getting harder and harder to get away - in the US, the Treasury’s Office of Foreign Assets Contro (OFAC) sanctioned Tornado.cash, a crypto-mixing site which helps users to anonymize their digital footprints on the blockchain. We’re also seeing the rise of a new class in this Great Online Game: the digital detective. The most prominent of them all is @zachxbt, a pseudonymous on-chain sleuth that tracks down bad actors on the blockchain (the modern-day Sherlock Holmes) and exposes their identities via Twitter threads (the modern-day destroyer of worlds).
It’s really easy to steal NFTs
This gets us to NFTs. They’re an ethereum-based token (ERC-721 and ERC-1155) that is notoriously easy to steal and as such became the target of many on-chain robbers as they gained value and prominence in 2021. To steal an NFT, all you need to do is get someone to give you the “setApprovalForAll” permission. This is the same permission that you grant NFT marketplaces when you’re listing an NFT for sale: if the sale goes through, the marketplace needs to be able to move your NFT to the buyer’s wallet without asking you in exchange for ETH. Without it, marketplaces would cease to function.
Thieves have capitalized on this though - by creating fake NFT mint websites or fake merch store websites that ask you to connect your wallet. Instead of signing a message that confirms ownership, they sneak in a “setApprovalForAll” transaction, which many people unknowingly sign. Once it goes through, all NFTs from a specific collection are moved from the victim’s wallet, like what happened to Actor Seth Green earlier in 2022.
I’ve long advocated for solutions to this problem - whether it’s being able to “lock NFTs” on your wallet or something else entirely. These solutions did gain the attention of the MetaMask founder and Trust Wallet CEO back in May, but nothing much came from it.
But raising awareness for this problem did gain the attention of some individuals and companies in web3, and in the span of one bear market summer (new unit of measurement), we got three solutions to the stealing NFTs problem: TokenProof’s Online Authentication, Wenew Labs’ warm.xyz, and Foobar’s delegate.cash. In this writeup, we’ll break down warm.xyz and delegate.cash, because of how similar both are.
The builder’s response to NFT theft
Before I jump into each solution and how each one works, a quick reminder. There’s really one main reason why NFTs continue to get stolen, and that’s what all these solutions tackle: verifying ownership. When BAYC comes out with a new merch drop, or FRWC holds a Halloween-themed event, their websites need to verify you own a specific token before allowing you access. To verify ownership, you connect your wallet and sign a message; if you have the required NFT, you’re let in so you can shop. Most hacks take place here, where instead of the real website, the victim is tricked into connecting their wallet to a scam website. Then, instead of signing a message, they trick the victim into signing a transaction. Set Approval For All. Boom. Done. NFTs gone.
It’s way too risky to hold your valuable NFTs inside a hot wallet that connects to websites - which is why most move them to a cold wallet. However, most projects still require you to verify ownership of NFTs to get benefits like a merch drop. Verifying ownership requires you to connect the wallet that is holding the NFT to a website. That’s the exact problem that warm.xyz and delegate.cash solve.
Delegating ownership with warm.xyz and delegate.cash
Before I begin, let me white night for Wenew Labs a bit. Despite what Foobar (the lead behind delegate.cash) has told you, his solution and Wenew’s warm.xyz are actually very similar. Similar in what they do, how they work, and the features available (now or in the future). There was some controversy and contention with how Foobar described his solution compared to Wenew’s.
I’ve pulled a couple of excerpts from his Substack below to demonstrate (emphasis mine):
“Comparison is done not to denigrate, but with the goal of hitting the best unified standard for mass adoption. That said, delegate.cash is far superior to any existing solutions, it’s not even close.”
“Why not wenew’s HotWalletProxy? Has centralized admin control, the contract is dangerously upgradeable, and only does wallet-level delegation without supporting contract- or token-level delegation.”
Now, I’m likely biased here (I’m a character in Wenew’s NFT project 10KTF, and I hold their NFTs), but even still, Foobar’s comparison statements don’t seem accurate or fair (which I don’t blame him for because as I’ll get into later: adoption is the name of the game when it comes to introducing standards).
Before I describe why I think his statements aren’t accurate (particularly: “far superior and it’s not even close” (actually, it is pretty close)), let’s break down what delegate.cash and warm.xyz both do.
How warm.xyz and delegate.cash protect your NFTs
Here’s why I think the above quotes from Foobar don’t necessarily map out. Both warm.xyz and delegate.cash enables people to “link” two wallets together - i.e. linking your hot wallet with your cold vault wallet. Now, when you connect your hot wallet to a website that requires you to verify ownership of a Mutant Ape, even if that NFT is stored in the linked cold wallet, you can pass the token gate. Both warm.xyz and delegate.cash allows your hot wallet to act as if it owns the NFTs in your cold wallet, without putting them at risk.
Now, this does require projects to adopt one (or both) standards for it to work - which is why strategically it makes sense to position your solution as “far superior” to others to help with adoption. But again, that doesn’t necessarily map out. Let’s break that down.
Why delegate.cash is not “vastly superior” to warm.xyz
Foobar says that warm.xyz’s HotWalletProxy is "dangerously upgradeable," but while calling it upgradable is accurate, calling it dangerous is an opinion. The concern here is, “what if Wenew or someone inside the company goes rouge and pushes malicious code which compromises our NFTs?” - which is a fair critique, but Wenew is a leading web3 company founded by the likes of Beeple, Figge, Tim Smith, and Guy Oseary. All doxxed with reputations on the line - they are not anons that might one-day rug pull without consequences (bloot trigger warning).
Having a contract be “upgradeable” in itself is not a critique. It’s the motivation and the reputation behind the people that have access to the upgradability is what’s relevant. Upgradeability itself can be quite useful in the right circumstances when there is trust.
The benefits of upgradeability: bug fixes, new features
Speaking of which, what’s up with that? Why is HotWalletProxy upgradeable? Well, there’s an explanation for that in their Governance plan. In short, they have full intention to make the code immutable (like delegate.cash), but want to have the code stress-tested and to stamp out any vulnerabilities should the exist. Once certain milestones have been reached (specifically, 10,000 wallets using warm.xyz), the code will have been sufficiently stress-tested and will become immutable. delegate.cash chose a different approach, opting to be immutable from day 1. That means that for good or for bad, delegate.cash will remain the unchanged. It will always have the same features. Immutability also comes with an existential risk: should a vulnerability be found in delegate.cash, it can’t be fixed. To update delegate.cash, a new smart contract needs to be deploying. Any websites that integrated with it would need to update on their end, and so would any users that have used it to delegate NFTs. Wenew chose to avoid this overhead by iterating warm.xyz with new features should there be a market need, and actively deploying hotfixes whenever, if ever, a vulnerability is found.
The two features delegate.cash has and warm.xyz does not
In early September (before delegate.cash was announced and launched), I had a conversation with Wenew’s CTO about warm.xyz. We spoke about their governance plan, about their intention to move towards immutability, and possible features in the future. The resistance to being immutable on day 1 was two-fold: was the code sufficiently stress-tested and was warm.xyz feature-complete? The features we spoke about are the same ones that delegate.cash launched with (which gets us to the last major difference between the two solutions).
On feature differences, Foobar wrote in his Substack:
“[warm.xyz] only does wallet-level delegation without supporting contract- or token-level delegation.”
These features are available on delegate.cash right now. I’ve already explained wallet level delegation, which is what warm.xyz and delegate.cash do by default. Contract-level delegation is what you use when you only want to delegate NFTs from a specific collection like MAYC (and not any others like BAYC).
Then we have Token-level delegation, which as the name suggests, delegates only a specific NFT to a wallet. For example, I can specify that I only want to delegate MAYC #939 to a hot wallet, which excludes every other NFT including MAYC#6997.
I sense that having contract and token-level delegation is a large part of the reason Foobar wrote that delegate.cash is “far superior” to warm.xyz (on top of immutability). However, those two features were already in consideration for warm.xyz depending on if there is actually a need by users. Since delegate.cash already has these features, we can look at how often contract and token-level delegation are used. We can also look at the overall market adoption of warm.xyz and delegate.cash.
Market adoption: how many times have warm.xyz and delegate.cash been used?
To start, warm.xyz has been live since September 2, and delegate.cash launched on September 28. warm.xyz has almost a full month of lead time on delegate.cash. As of November 2, warm.xyz has been used to delegate NFTs 1374 times, while delegate.cash has been used 433 times to do the same.
Since delegate.cash has contract and token-level delegation, we can drill deeper into the 433 delegation transactions to see if they are being used in a meaningful way. This is the sort of data Wenew is looking at to decide whether it makes sense to introduce these features. Currently, 89.6% (n=388) of delegations transactions are at the whole wallet level. Token-level delegation makes up 7.6% (n=33), and contract-level accounts for 2.7% (n=12). It’s probably too early to tell how useful the other types of delegations are to users, but this is still informative. Perhaps once users are comfortable with delegating NFTs, they will ask for contract and token-level delegation, or maybe the current proportion is telling. That is, the biggest need for users is to be able to delegate NFTs, rather than specific collection or specific token based delegation.
It’s still early though and I expect to see iterations, new features and more projects choosing to adopt warm.xyz (they recently published documentation on how to get started). I also expect delegate.cash to be implemented more widely, as it was for Forgotten Runes Wizard Cult’s Trick or Treat event.
We finally have solutions that project NFTs from theft, the next frontier is now market adoption.
Where we’re headed: the race to market adoption
I’ll be honest, I really don’t have a dog to pick in this fight. I have no skin in the game for either of these solutions. I’m not being paid by anyone to write one way or the other. I personally could care less which standard becomes widely adopted in the NFT space - because at the end of the day, holy shit, we have multiple solutions that keep our NFTs safe. It would be myopic for any of us to view warm.xyz and delegate.cash as “competitors” or want one to “win” the game of becoming the de-facto standard.
In truth, a core motivation to write this piece (beyond educating) was to set the record straight: that warm.xyz and delegate.cash are very similar products solving the same problem, and neither is “far superior” to the other. I felt that was a pretty unfair characterization by Foobar. While there is no monetary reward at stake, becoming a standard does come with bragging rights, and we as humans, can’t help but crave status and validation. That’s now the next race. Which solution will get more widespread adoption? Perhaps it’s trivial to choose one and projects will adopt both. But given how similar both are, I’m skeptical of that outcome.
But again, let’s keep perspective: five months ago we had no solutions to NFT theft, we now have two - that is a miracle. Now that we can keep our valuables safe from bad actors, we can move up Maslow’s Hierarchy and tackle bigger problems. That is, unless bad actors get more creative.
Let’s see what you got, scammers.
Thanks for reading Degen University! Subscribe for free to receive new posts and support my work.