Building Season With Making Bank | BanklessDAO Weekly Rollup
Catch Up With What Happened This Week in BanklessDAO
Dear Bankless Nation 🏴,
We are nearing the end of Season 4, and this bear market building season has been challenging. We can take solace in the fact that the seeds we sow today will ensure a bountiful harvest after winter’s thaw arrives. And arrive it will; that is the nature of seasons and markets.
Attention — Project and Guild Coordinators: start working on those Season 5 budgets ASAP! Based upon the Draft Season 5 Transition Timeline, the deadline to submit your Season 5 budget on the BanklessDAO Forum is July 6, 2022. Other dates to be mindful of include: July 29: end of Season 4, and August 1-5: Gap Week. Season 5 starts on August 8.
BanklessDAO is exploring Google Workspace for contributors. How does nfthinker@banklessdao.com sound? Hop into the InfoSec channel for more details and timelines.
The folks at Bankless Academy have released a brand new course: Blockchain Basics. Have you wondered why Ethereum is very different from Bitcoin or Cardano? This course seeks to demystify the fundamental building blocks of the Web3 ecosystem.
Speaking of fundamental, sign up to join the writing cohort launching July 8. Then submit an article to Bankless Publishing or write for one of our newsletters, like Elemental did this week. In his piece, he uses the Making Bank podcast as a vehicle to explore how different guilds and projects can work more closely together.
Whatever you do, get to drafting those budgets!! We have some work to do.
Contributors: HAshBrown27, anointingthompson1, Elemental, Yofi A., d0wnlore, Trewkat, siddhearta, hirokennelly.eth, Dippudo
This is the official newsletter of BanklessDAO. To unsubscribe, edit your settings.
🙏 Sponsored by CitaDAO
Community Highlights
🚀 BanklessDAO Writers Genesis Cohort
Writing is a core competency for Web3 work, whether it’s writing articles, proposals, or pitching your next project idea. But let’s face it, writing is hard; it is intimidating to put your work out into the world and it is hard to ship consistently.
With that in mind the Writers Guild has partnered with Grant at Taptive to put together a cohort-based learning course for BanklessDAO members who are looking to improve their writing skills, publish more, and connect with other writers.
Four-week, cohort-based writing program.
Publish a 1,000-word post every week.
Join six live workshops.
Participate in a four-day cohort onboarding (including over 20 pages of writing resources, guides, and frameworks).
Join an active community to support you in your journey.
Give and receive feedback on your writing.
Genesis cohort starts July 8. Sign up today!
What’s New
📧 DAO-Wide Email Addresses
The InfoSec Team is pleased to announce that they will be rolling out DAO-wide email addresses for contributors. 👀 These addresses will be provided by Google Workspace. Do hop into the InfoSec channel for more information or ping BogDrakonov.
🕶 BanklessNouns.WTF
BanklessDAO has created a Nouns project, which could provide other avenues to generate revenue for the DAO, allow us to explore the Nouns ecosystem, and relieve some sell pressure on BANK.
Follow the BanklessDAO Nouns Project on Twitter to learn more, and grab a pair of Bankless Noggles for your profile.
🎙 BanklessDAO Podcasts
🧠 Crypto Sapiens Podcast
🌍 BanklessAfrica
💰 Making Bank
🏹 Bounty Hunter
✍️ Bankless Publishing
🌏 BanklessAfrica Newsletter
Get Involved
📚 Bankless Academy
The learner's journey never ends and Bankless Academy leads the way. This week, an important announcement: a new lesson has been launched!
‘BLOCKCHAIN BASICS’ is now LIVE and available for all Explorers to embrace. The Academy invites you to level up and boost your knowledge of blockchain technology. It’s time to examine the permissionless ledger, its transactions, and more.
This latest milestone in the journey of the Academy is the result of one season’s worth of deep investment and research on ‘effective, curated, and community-led education’. The unique value proposition of the platform is that each lesson is built in the open, with iterative community feedback. This is one step further in understanding the best way to break down the barriers to education on the road to financial independence.
With the celebration of this new lesson launch, the Academy also takes the opportunity to reward those who have dived into their OG content. A snapshot has been taken on June 30, 00:00 UTC, and starting this Monday, July 4, you'll be able to claim your OG Explorer POAP! Great news for all early users who have a passion for blockchain education. Instructions will be given through the Academy's social media channels.
Don't want to miss out on new announcements and the next Explorer opportunities? Make sure to follow Bankless Academy on Twitter, and join the curated community on the Web3-native social platform, gm.xyz.
🌱 New Joiners Session
Are you new and lost in the weeds of endless bee-like activities within the DAO? Do you want to have human-to-human time with friendly DAO contributors to talk more about the challenges you are facing as a new member and get some friendly advice? Well … that's what the New Joiners Session is for. A human-friendly, no-bot-allowed chat session. Join us on July 4, 2022 to get plugged in and feel the BanklessDAO vibes. Head over to the calendar channel to RSVP. See ya there!!
👬 Post Your Pictures From Permissionless
💰 Ready to Become a Notion Ninja?
The BanklessDAO Notion Ninja Learn2Earn Course is a three-stage educational course consisting of YouTube videos and Google Form quizzes. You will learn best practices for the way BanklessDAO uses Notion — the source of truth for the DAO’s operational knowledge. You will learn how to modify, manage, and create pages, and all the nuts and bolts of how to create and modify databases as well. At each stage of the course the student will get an opportunity to earn a very cool 2D Bankless Ninja NFT, with each Ninja being a progressive belt color.
#️⃣ WeAreDAO
🙏 Sponsor: CitaDAO - Marketplace for Tokenized Real Estate
Building Season With Making Bank
Author: Elemental
As summer begins in the Northern hemisphere, we find ourselves chilled by a crypto winter. That means it’s time to quit watching the charts and get to building the next generation of Web3 technology. With the frenetic pace of activity, hype, and FOMO slowing down, we can finally take more time to look around and see what others are building.
BanklessDAO has attracted such an amazing collection of talented and curious people who share a vision for the possibilities of Web3, crypto, NFTs, DAOs, decentralization, and blockchain tech. Within the DAO, these people have coalesced into dozens of guilds, project teams, and workgroups that are all striving to shape the future of, well, everything. Perhaps you’ve noticed, however, that our guilds and teams often travel in solitary universes seemingly oblivious to the existence and efforts of the others. Awareness, coordination, and collaboration among our disparate groups are not yet BanklessDAO's strong suits.
Imagine the result once this decentralized and autonomous collection of brainpower, skills, and enthusiasm becomes more self-aware and better able to synergize, amplify, and springboard off the ideas and efforts that are happening throughout the DAO.
The Alpha Channel
Those of us working on the Making Bank podcast see it as our mission to break down communication silos within BanklessDAO and create greater awareness of the amazing ideas, plans, and people that buzz around this hive of Web3 activity.
We’re working to turn Making Bank into the ultimate alpha channel for the DAO. The podcast goes beyond the quick announcements that Community Call updates offer. It provides a richer, expanded platform for teams to discuss the possibilities, challenges, and needs of their projects with the DAO in detail. Moreover, the audience is free to click play on the podcast anytime, anywhere, to hear curated conversations on these interesting topics on their own schedules.
During Season 3, Podcast Hatchery launched Making Bank to be a podcast “by BanklessDAO for BanklessDAO”. We’ve had the pleasure of sitting down with more than a dozen BanklessDAO members to learn about their crypto journeys and the activities they’re involved with in the DAO. These early episodes revealed answers to questions such as:
What sets AboveAverageJoe apart from your typical Joe? (Episode 7)
How do you get a founder of Fight Club to talk about Fight Club? (Episode 2)
Where in the world is Perchy? (Episode 6)
Why is JENetics so dedicated to BanklessDAO (and so many other things)? (Episode 9)
In Season 4, we’re building on this approach by introducing segments with greater focus on showcasing the projects, ideas, and vibes that make BanklessDAO awesome. While we’re still exploring the people and personalities of the DAO, we’re actively pursuing opportunities to bring attention to what different guilds or projects are all about and how DAO members can get involved with them. We believe that this type of content is the key to ‘priming the pump’ of cross-guild collaboration, awareness, and decentralized builder magic. Some recent and upcoming episodes include:
Discussion of the activity and opportunity happening within the Marketing Guild with Mr. V and Ornella (Episode 12)
Showcase of Good Morning News with Hiro Kennelly and Publisher (Episode 11)
The launch of the new DeFi Download newsletter with Jake and Stake (Episode 13)
Exploration of new BanklessDAO governance initiatives with 0xJustice (coming soon)
Introduction to the Project Management Guild with René (coming soon)
We’re not stopping there. We have an ambitious roadmap for new content, collaborations, and innovation for the show. Ideas (with working titles) for new recurring segments we’re workshopping and developing include:
Making the Case: Proponents of grant and governance proposals lay out their case, answer questions about their proposals, and offer more context and details.
Double-Click: In-depth roundtable discussions on interesting topics in DAOs and Web3.
Shiny Objects: Exploration and reviews of new protocols, tools, and toys in crypto and Web3.
ELI5: Big-brain subject-matter experts explain complex topics to the hosts.
Rektless: Techniques and knowledge to help you avoid scams and poor decisions.
Tools & Tips: bDAO members share best practices and new software tools they’ve discovered to make DAO work and coordination easier.
As a member of both the Writers Guild and the Making Bank team, I’m personally very bullish on blurring the boundaries between the content we produce for our newsletters and podcasts. There are fantastic opportunities for articles and podcast segments that enhance and extend each other across multiple media platforms. Each medium can reinforce the other and offer audiences deeper discussions and complementary content. For example, I’m writing a quick-read article that highlights some of the big points and great quotes from the conversation 0xJustice and Droste had about DAO governance on a recent Making Bank episode.
Onboarding and Outreach
Making Bank delivers additional benefits as well. The podcast is an easy avenue for new members to ‘self-onboard’ and get familiar with BanklessDAO and the people and projects that make it special. The podcast streamlines the effort involved in learning about the DAO and how to get involved in the things that interest new members.
Ever since joining BanklessDAO and hearing about Making Bank during a Community Call, I have become an ardent fan of the show. I consider Making Bank instrumental in my onboarding into the DAO and one of the tools that has helped me not only become familiar with the DAO but also to be inspired to contribute through hearing stories from familiar faces in the DAO. In Season 4, I have been taking an active part in the production of the show, and I am keen on helping the show reach a bigger audience and facilitate more interesting stories that inspire fellow contributors. - Salmanneedsajob
The Making Bank team has talked about possibilities for integrating Making Bank episodes into the First Quest onboarding flow and creating incentives for new members to listen to episodes to familiarize themselves with the DAO. (Hey, First Quest Team, let’s do lunch. We have a lot to discuss. Better yet, come on the show!)
Plus, by providing a rich and detailed look into BanklessDAO, our culture, people, vibes, and projects, Making Bank gives the bDAO-curious an on-demand resource for exploring the DAO without the need to step in front of the Discord firehose. The show should help to encourage fellow travelers on their own crypto journeys to join us here in BanklessDAO.
Our Request
If what the Making Bank podcast team is building sounds like a worthy endeavor to you, the best thing you can do to help us is to become one of our loyal listeners. Please listen, rate, and subscribe in your favorite podcast app. Plus, follow us on Twitter and like/retweet our new show announcements. Audience support is paramount for growing a new podcast.
If you want to bring greater awareness to the cool things your guild or project is working on, get in touch with us. Let’s get you on an episode! If you’d like to get involved in helping Making Bank achieve great things, come visit us in the BanklessDAO Discord in the Podcast Hatchery channel.
Beyond this, Making Bank is facing a funding shortfall for Season 4, and we have submitted a supplemental funding request on the Forum. Please read the proposal and vote to support it. The TL;DR is that we’d like the DAO to consider Making Bank as an essential internal communication channel and public good that’s worth supporting directly. Think of us as public radio for the DAO.
Our keen focus on the BanklessDAO audience somewhat limits our appeal to advertising sponsors. We’re discussing various Web3 funding options and ideally want to become a self-sustaining project. However, the current reality is that we need additional BANK to complete our season of episodes, grow the team, and evolve the podcast into what we envision it can become. If you agree that this is a good use of DAO resources, we ask for your vote to approve the supplemental funding request.
In the meantime, keep building! We will.
🎣 Phishing School
Authors: d0wnlore and the InfoSec Team
Breach in Trust: The OpenSea and Polygon RPC Vendor Incidents
Today we will examine two recent security incidents and offer some takeaways for our bDAO frens and those who may happen to run, or are close to, services that could be affected by similar incidents. Also known as supply chain attacks, these both involved vendors of popular crypto services failing to uphold their security duties through employee misuse of privileged access.
OpenSea Users’ Email Access Incident
On June 29 OpenSea announced that they were aware that an employee of their primary email-delivery vendor had misused and shared email addresses provided to OpenSea. The email addresses affected were those associated with a user account and/or newsletter subscriptions.
This is concerning news, given what malicious actors can do with this data, such as:
Craft phishing emails and other campaigns targeting crypto and NFT users.
Attempt to tie identities to the email addresses through other leaked artifacts in the public and the dark web, which could be used in doxxing or blackmail.
Attempt to tie email addresses to wallet addresses to prioritize targets, such as token and NFT whales, to use in targeted phishing campaigns.
At this time the culpable email-delivery vendor has not publicly announced this misuse. The vendor had been audited by a third party to prove that they have strong processes for protecting critical business data and continuously practice it. But such assurances, of which this company had many, are just a snapshot in time that such processes exist, not proof that these processes are followed every single day. Ultimately many of these processes are enforced and handled by humans, and as we know, humans can be prone to making mistakes or acting selfishly.
Takeaways
In addition to the tactical safety recommendations from OpenSea — which you likely have awareness of if you’ve read Phishing School in the past — here are some takeaways:
Targeted OpenSea and NFT marketplace phishing campaigns will increase, especially if wallet addresses are linked to these email addresses. If possible you should proactively go to OpenSea to perform any actions instead of reacting to email notifications sent from the service.
Security certifications and audits can only go so far and you should take your data security into your own hands when possible. Do this by creating new identities, communications channels, and operating environments whenever appropriate for your situation: email addresses, social media profiles, VPNs, devices, etc.
Assume that whatever data you provide to applications and services will be leaked, whether through negligence or intentionally for monetary gain. Don’t share more than is necessary to accomplish your goal, even something that seems as innocuous as an email address. All these discrete pieces of data can be linked to each other to construct a profile of your identity, so assume that will happen eventually and act accordingly (again, create new accounts and sign up for new services for each identity you have when needed).
Depending on your threat model, you should become more concerned about any outbound/remote requests your applications make. Images and remote assets in emails or NFT images can leak your IP address to the email originator or project owner. Many email clients and browser wallets offer the option of disabling download of remote content that can lead to such data leaks, so use those options if you need to.
Polygon RPC DNS Hijack
On July 1 there was a DNS hijack of the polygon-rpc.com domain name through the DNS service provider. This is a popular public RPC endpoint that dApps can use to interact with the Polygon network and is the main endpoint referenced in the official Polygon documentation.
While specific details about this incident are still emerging, the compromised domain name led to the delivery of phishing messages to browser wallets trying to interact with the Polygon network through this RPC endpoint. This was allegedly possible because the DNS provider gave the scammer unauthorized access to the account associated with the domain, likely through social engineering.
Ankr, the stewards of this RPC endpoint and the polygon-rpc.com domain name, have once again secured control of the domain name and have pointed affected DNS records back to the appropriate locations. Due to the way DNS works it may take some time for everything to return to normal (within a day at most). In the meantime you should use another Polygon RPC endpoint or create your own if desired.
Takeaways for End-Users
Unfortunately there are not many takeaways for an end-user in this situation, other than remaining proactive if your threat model necessitates it:
It may be prudent to know more about the domain names you interact with. Use urlscan.io or whois.com to better understand, specifically who the DNS provider is and when the domain name expires.
Once you know who the DNS provider of a service is, do some online investigation to see if that DNS provider has a history of falling for social engineering attacks that led to DNS hijacks or other account takeovers. Also see if the service uses all of the security controls and assurances the DNS provider has, such as enabling 2FA on the owner’s account and having a strict change management process.
As an end-user you do not have much visibility into this side of operations. In terms of RPC security events just be ready to use another RPC node should your default one be compromised.
Takeaways for Service Providers
Most of the takeaways from this situation are for the service providers. They need to use all the security controls available to them through the DNS provider to avoid hijacks and account takeovers. They also need assurances for those DNS providers that whoever can have access to their account won’t be able to make impactful changes to their account without that account owner’s permission. If a vendor does not have the controls or cannot meet the assurances expected, then move elsewhere.
While we predominantly reach out to our bDAO frens through Phishing School, both events today highlight the need for more security practices to be carried through with dApps and Web3 services as well. Many projects had been building in a frenzy to keep up with the market growth in the past two years. This may have led to negligence in other parts of a project’s operations that will now have much more attention due to the downturn in crypto markets.
If you know of such a project or organization that could use assistance in their security operations, direct the party to Bankless Consulting. We have a very strong team that knows how to do DNS, cloud infrastructure, and Discord hardening and can help teams focus on getting through the build market without having to worry about security scares like those witnessed this week.
🏛 Governance
Proposals in Discussion
📣 BanklessDAO Constitution & Improvement Proposal Standard (Part 2)
Our current organizational structure and governance processes are spread across Notion, Forum posts, Snapshot, and community members’ tacit knowledge. Documentation is not easily accessible nor internally consistent, and knowledge is increasingly lost when experienced members leave the DAO. Without a readily agreed upon and accessible standard, macro changes to our community architecture are impossible.
The BanklessDAO Constitution & Community Handbook changes this. It represents a single ‘source of truth’, a consolidation of previously dispersed governance guidance. This document aims to crystalize the DAO’s structure and decision-making processes. It’s one of the most important proposal we’ve had in some time, so please review, comment, and vote.
💡 An Idea for Team Taxonomy A.K.A WTF Is a Guild?
Serving on the Grants Committee has given the author first-hand experience of how difficult it can be to assess the work of different types of teams at BanklessDAO. He believes that by agreeing on a taxonomy, we can ease a lot of the friction we have at the DAO. He also believes we should create a taxonomy (i.e. naming system) for teams from the funding perspective. Naming things will allow us to attach a purpose to each type of team, clarifying context, and providing focus that helps make the funding process smoother and easier. By constraining our taxonomy to funding, we can provide clarity for funding while leaving as much scope as possible to individual teams.
✅ Action Items
🎙 Action: Coordinape is back! #bot-commands then type /coordinape form-request.
📖 Join: Sign up for the Writers Genesis Cohort.
🏃♀️ Catch up: Review this week's Community Call notes or listen to the recording.
🙏 Thanks to Our Sponsor
CitaDAO
CitaDAO is a decentralized finance platform, allowing real estate to be tokenized on chain. The ERC-20 tokens are composable with other DeFi applications and primitives that operate within the Ethereum protocol, creating a place for real estate within the DeFi ecosystem.
👉 Follow us on Twitter
👉 Join us on Discord
🤣 Meme of the Week
Thanks Jake and Stake!
