The State of Bankless Brasil | BanklessDAO Weekly Rollup
Catch Up With What Happened This Week in BanklessDAO
Dear Bankless Nation 🏴,
With Season 4 nearly complete, the winds of change are gently blowing us towards new horizons. May the next season bring sunny vibes, joy, and bright green markets to the cryptoverse, no matter which hemisphere you reside in.
Congratulations to the three newly elected members of Grants Committee: Ap0ll0517, jengajojo.eth, and paul. To our dedicated frens who are finishing their term on GC — Icedcool, kouros, and Chuck25 — well done and thank you!
We are so excited to announce the Weekly Rollup's new sponsor: HumanDAO 🥳. HumanDAO is a social impact project using blockchain tech to offer new ways of earning and improving lives. HumanDAO is launching an NFT: the Pocket Assistant NFT. This isn't just another jpeg; the PANFT grants its holders 20 tasks per week to delegate to pocket assistants. How cool is that? Join the waitlist or read more on the PANFT website.
In this week’s editorial, Bankless Brasil takes the spotlight, sharing their expertise in furthering the Bankless mission internationally. In just one year of existence, they have created one of the most vibrant communities in the DAO and forged partnerships with some of the big names in the space: Polkadot, NFTFY, PoolTogether, and the Defiant. Read about how they intend to onboard the next 100 million Portuguese speakers to the Bankless Nation and be inspired by the team’s approach to community building.
It’s the Weekly Rollup, so let’s get rolling!
🙏 Sponsored by humanDAO
🗓 Weekly Recap
🗳 Grants Committee Election Results
The newly elected members of Grants Committee are Ap0ll0517🏴, jengajojo.eth🏴 and paul 🏴. Congratulations to these three hard-working contributors, and thank you to all those who exercised their right to vote. bDAO strong!
🧑⚖️ PolygonDAO x BanklessDAO Partnership
The international lawyers of the BanklessDAO Legal Guild have partnered with the Polygon Village Voucher Partnership program to offer guidance to Polygon projects through consultations and legal drafting.
🇪🇸 BanklessDAO at ETH Barcelona
ETH Barcelona was a three-day conference hosted in one of the world's most vibrant and creative cities. A community-led project about the Ethereum blockchain, crypto and Web3, and with "decentralization" being the key word, the event undoubtedly achieved its goal of creating a high impact in the entire ecosystem. Over 100 speakers came together to discuss and deliver talks around the core mission and values of ETH Barcelona: education, innovation, art, and creating positive social impact.
As one of the media partners of the event, BanklessDAO's onsite team had the opportunity to participate in an immersive, thought-provoking environment, passionate talks, workshops and side events. We were able to get interviews with big players like MetaMask, 1inch, CultDAO, HappyDAO and others. The DAOLationships team worked tirelessly to create new connections and bring in leads. Above all, this was a great chance for bDAO contributors to meet up and bring some of that creative energy from the Discord server into real life. Can't wait to do it again!
Stay tuned for full interviews and further footage on bDAO's YouTube channel, but for now here’s a video recap of the event, made by our talented media team:
The GSE recently used a portion of our budget to fund a workgroup whose task was to perform a financial analysis of the DAOs projects and guilds each season for the past three seasons. This post shares the results and offers ideas on how this can be used to make smarter funding decisions and develop stronger proposals.
☀️ [DRAFT 1] Season 5 Specification
Here are the key points for Season 5:
Season 5 will start on Monday, August 8, 2022, following the S4 Gap Week (Jul 30-Aug 7).
Season 5 will end on Sunday, October 30, 2022.
Formal S5 Gap Week will be on the week of October 31, 2022.
Governance Solutions Engineers will have the ability to change or replace the Seasonal Specification, subject to Forum and/or Snapshot voting, in order to implement the BanklessDAO Constitution & Community Handbook.
The Grants Committee will receive increased compensation funding starting in Season 5.
Seasonal Automatic Guild Funding will be implemented pending discourse on appropriate measures and considerations.
The way BanklessDAO distributes contributor rewards through Coordinape will change starting in Season 5.
There is more information in the Forum post and linked Google doc. Please do read, engage, ask questions, and vote.
Are you in bDAO? Are you a BANK holder? Just an observer for now? We're gathering info to help guide our vision and strategy. Please fill out our survey and share the link with bDAO frens. Answers are anon and optional, and there’s a POAP and a raffle to say Thank You!
🙏 Sponsor: humanDAO — improving lives through crypto.
The State of Bankless Brasil
Bankless Brasil has never been more proud to be part of the BanklessDAO ecosystem. In less than one year since its inception, the Bankless Brasil community has flourished. We have more than 1200 members on our Discord, over 2,000 subscribers on our newsletter, and a strong social media presence on Twitter, Instagram, TikTok, and YouTube.
Our community has consistently created great content in a variety of media formats, and we praise our dedicated, talented, and hard-working members for all they have accomplished in such a short time. Without any doubt, we can say that our community members are the most valuable and important asset we have to achieve our main goal: onboarding 100 million Portuguese speakers to the crypto and Web3 space.
Our multimedia team has been delivering original educational content in the form of videos and podcasts twice a week.
Our writer's guild has also been delivering professional content, both original works and translations, from multiple sources. Our writers have been working hard and our newsletter is recognized as a trusted source of knowledge in Portuguese for content related to crypto, NFTs, Web3, and DAOs.
The marketing and design guilds have been responsible for building a consistent and recognizable brand and visual identity. They have been working around the clock to support the multiple media products that Bankless Brasil produces each week.
In the past few months we have continued to grow and mature as an organization by developing our governance framework. We have tested out our governance process, which has multiple stages, with discussions and debates on Discord, our own Forum for proposals, and Snapshot for token voting, in which our governance token (NFT) plays a vital role.
We are also in the top 30 communities using Dework, which is a Web3 project management and payment platform. Being the largest community of Portuguese speakers with over 50 contributors, we are providing our community with the most complete Web3 experience anyone can have. In the last few months, we have kicked off new projects including:
Criptodelas — a women-led project focusing on onboarding other women to the crypto and Web3 spaces, providing them with the tools to become protagonists of their own lives.
Artlab — a collective artist-led project born to help onboard and empower other artists in the NFT and Web3 space, by creating and developing art projects and NFTs.
Both these projects focus on educating new people about crypto, getting familiar with Web3 platforms, and learning how to work in a DAO. Our personal approach to onboarding has been a great success. Every week we have a weekly onboarding call, tailored to introduce people to the Bankless Brasil DAO and show them how Discord works. This is really important because a lot of people have a hard time when they first step into a server, and this introduces them to how we work together.
Talking about Discord, our server is alive! With around ten weekly calls, we get the community together periodically to talk about governance, specific projects, guilds workflow, budgeting meeting, partnerships, a book club, and a call to discuss our podcast content. We also use our server to provide weekly educational immersions for our members. These immersions work as collective guidance on different subjects, like DeFi, NFTs, working on Web3, RegenFi, and more.
Join our Discord server, we have an English chat channel.
We believe that we’re stronger together, so we’ve focused on tightening bonds with different crypto communities, both in Brasil and abroad, like ShapeShift DAO, Polkadot, PoolTogether, Play4Change, P2E CREW, IberoAm, and NFTFY. We also collaborate with The Defiant and The Daily Gwei to translate their content for our audience. As you can see, we are not acting on tribalism. Being part of the Bankless ecosystem leads us to the goal of empowering people and providing them with the tools needed to become citizens of the Bankless Nation. In order to do so, we build bridges (yeah, this is an explicit DAOpunks reference!), we create bonds, and we share information that we find useful and important.
All of these partnerships and collaborations aim to show our community that this Web3 space has no boundaries; the world is a few clicks away. This movement has been responsibly driven, focusing on projects and communities that share our values and vision for a better world.
Bankless Brasil has been a nest for talents and we are happy to see our members spread among different DAOs and projects, all over the world. We are really proud to provide opportunities for people and to empower them to follow their dreams.
We always incentivize people to work on side projects, because we believe the DAO is also a tool to help people discover and polish their talents and abilities. In the same way, our members learn from Bankless Brasil, and our DAO flourishes even more with their success — it's a win-win game that we are playing here.
It's amazing to see people that have never been in this space before grow and be recognized for their contribution to the crypto space in such a short time. It makes us really happy to see that Bankless Brasil has been an important tool to change people's lives for the better, regardless of their background.
Our members have been extremely active in the crypto scene inside and outside Brasil. You probably saw some of us at conferences this past year, and you are going to keep seeing us around in the future. If you see one of us come say hi, we love to make frens!
Internally, we face the same challenges as other DAOs. The main ones are: how to keep people motivated (especially in a bear market) and how to implement a more efficient governance framework.
There are no easy or clear answers, but these questions have been discussed by the most active members of our community.
To have clear incentives and motivate our members we have moved to primarily using Dework as a means of remunerating people for their contribution. We realized that having clear tasks and bounties is a more objective way to recognize people's efforts compared to general Coordinape recognition. We still see value in using Coordinape to reward people within teams, which seems normal since it's easy to focus on the things that are closer to us.
In a couple of weeks, we will debut an annual line up call to discuss our challenges openly with our community and to make sure everybody is on the same page in order to keep building and growing together and stronger.
One particular challenge we cannot ignore comes down to our very own identity and autonomy, and it has generated some interesting debates among our members. Being part of the Bankless ecosystem makes us who we are. We proudly carry with us the Bankless iconography, and the BANK token is an essential part of that. At this very moment, encouraged by members of BanklessDAO, we see ourselves discussing the possibility of having our own version of the BANK token (don’t forget we already have a governance token).
Given this, we have been discussing the following questions:
Does it make sense to have our own token? Is this something our community wants? Do we have a problem that needs to be solved with the creation of a new token? Does having our own token make us more autonomous? Does having our own token make us less connected to the Bankless movement? Does having our own token make it easier to achieve our goals? Is our time and energy better spent on tasks that support our goals? How does having our own token impact our ability to onboard people into the crypto space and the Bankless movement?
These are tough questions and our community does not have a clear consensus around them yet. Unfortunately, since the inception of this idea, we have spent a lot of time and energy discussing it. It has been a challenge to our members and to our governance process. In these hard cases, we realize more clearly our limitations and our difficulties.
When we start talking about creating tokens, it's hard to avoid recalling 2017’s ICO craze, when we saw a bunch of projects launching useless tokens that nobody needed. The main lesson learned from that time is that not all projects require a token. Applying this lesson to Bankless Brasil, the first conclusion that comes to mind is that a new token does not seem essential. Does having our own token produce something good? Of course, it can. Do we need it? No, we don't. Bankless Brasil can exist and thrive with nothing more than its governance token and the BANK token. It's not the BANK token that provides value to the Bankless Ecosystem, but the ecosystems that create value for the BANK token.
Planning a good tokenomics system is extremely hard, and consumes time and energy. It is hard to find experienced and qualified people to create a strong system; as we can see from multiple teams of smart people trying to do that without success. Considering that the human resources in Bankless Brasil are scarce (like everywhere else), it’s hard to understand how having a new token could benefit our community — at least for now.
And yet being a subDAO (or a sister DAO, as we prefer) comes with great challenges. It’s a tricky equation to balance autonomy and identity. How autonomous can we be without losing our identity? How autonomous can we really be?
Again, there are no clear answers, but what we do know is that all these questions and challenges have been a great opportunity to learn how to coordinate in a more efficient way, overcome differences, keep building toward our goals, and build a more resilient community.
Since our inception, we've done our very best to proudly expand the Bankless ethos among Portuguese speakers, and we have demonstrated our value to the crypto and Web3 ecosystem. We’re not afraid of the challenges we will have to overcome in order to keep spreading the Bankless message, because we believe in our community strength, not only in Brasil, but in our Bankless community around the world.
For the near future, our plans are to endure the bear market with one strategy: keep building. No matter what, we will keep building a stronger community and we will keep delivering excellent educational content to our audience. After all, we sincerely believe education is the primary tool to empower people and onboard them to the Bankless Nation.
🎣 Phishing School
Authors: d0wnlore and the InfoSec Team
DO NOT MINT: The Zeneca_33 Twitter Account Takeover
On July 19 the Twitter account of Zeneca_33, a high profile figure in the NFT space, was compromised. This led to a tweet announcing a “surprise mint” and associated phishing website, which would subsequently prompt victims to allow the transfer of valuable NFTs from their wallets should they approve the transaction.
The Web3 community was swift to help each other contain the damage. “DO NOT MINT” quickly became a trending topic on crypto Twitter, amongst other actions performed that helped take down the phishing website and lock down the compromised account.
Twitter account takeovers/hijackings are common. They are the ammunition used by scammers to relentlessly attack communities on Twitter with various attempts at social engineering. Many takeover attempts target accounts that have had email addresses, usernames and passwords leaked in data breaches from other services. If two-factor authentication (2FA) was not enabled on these accounts, which is very likely for many accounts on Twitter, then entry into the account with these stolen credentials would be trivial.
However the Zeneca_33 case is interesting because he mentions having 2FA enabled on his Twitter account and using the time-based on-time password (TOPT) generation app Google Authenticator. If you have time I encourage you to read his thoughtful response to the whole situation.
We have covered the reasons 2FA is not a silver bullet in previous Phishing School editorials. But as there is no public information about how this compromise occurred yet, let’s theorize on possible attack vectors that are not as trivial as just reusing usernames and passwords. With this information you’ll know more about how social media accounts can be hijacked and hopefully lead to a routine of further scrutinizing the messages you see on social media, even if they are sent by popular personalities.
A Recent History on Twitter Hijackings
The takeover of a social media account with 100,000 followers is more valuable than one with 100. The theft of high-profile accounts that can send messages to influence the behavior of thousands or millions of Twitter users has become an increasing concern.
The criticality of securing these types of accounts was really brought to light after the events of the mass 2020 Twitter account hijackings. At that time the accounts of many Twitter personalities, such as Elon Musk, Joe Biden and Kanye West, were compromised and used to send tweets advertising a crypto scam to millions of followers. The attack was enabled by tricking employees with privileged access to Twitter accounts through social engineering. I encourage you to read the linked article for more information.
While mass Twitter account takeovers like that have not occurred since, they still do happen at smaller scales and often target specific niches by more sophisticated hackers. The fact that these events could occur within the NFT community specifically were alluded to in tweets from Yuga Labs and its co-founder in recent weeks.
What possible attacks could Yuga Labs and the NFT community be concerned about? Those were not mentioned in the tweets, but let’s go over some possibilities now, with some of these being specific to a possible Twitter compromise that could bypass 2FA and others being more general operational security concerns.
Possible Attack Vectors
Data Breach: Actors are able to access a database or API with private information. This can lead to the popular account takeover method of simply reusing credentials shared across services.
Network Intrusions: Sophisticated hackers can breach a network and maintain access to steal information passed through devices or gain further access to critical systems. This can lead to larger data incidents like more impactful data breaches and targeted takeovers of hardened service accounts.
OAuth Tokens: These tokens are used by services to allow access to other resources, such as a social media account. Concerns about responsible storage of these tokens were most brought to light in the recent Heroku compromise. In Twitter’s case the concern would be if OAuth tokens stored with Google or Apple were compromised, as their services can be used to log into Twitter.
Malware: Target installs malware on their device that can lead to data exfiltration. Malware that targets sending files that may contain private keys or social media session tokens is a specific concern in crypto.
Eavesdropping: Target displays private information at times that can be viewed by other parties, such as through web cams or shoulder surfing. Depending on the information shown this could be used to gain further information to compromise an account, or lead to compromise accounts with the initial information alone.
Tricking an Employee: An employee is tricked into giving account access to an unauthorized party, which is what occurred in the 2020 Twitter account hijackings.
Insider Threat: An employee with privileged access to the account, whether directly or indirectly, abuses that privilege to control the account.
Tricking a Target: Actor tricks target into giving private information that can compromise their account, such as a generated 2FA code at the time the actor needs that piece of information to log into their account.
Close Contact: A close contact of the target gains authorized access to their device, either performing malicious acts on the account at that time and/or finds a way to maintain access afterwards.
Secret and Tokens
Session Tokens: Tokens used to identify you when you have already logged in can be stolen. This is extremely prevalent in attempts at Discord account takeovers.
Backup Codes: Temporary codes generated to bypass 2FA should you lose access to your 2FA generation device. These often do not expire unless explicitly removed from account, unlike 2FA codes, so careful storage of them should be a concern.
2FA Secrets: Your 2FA codes are generated through the use of an initial secret string. How are these secrets being stored on your device and are they being backed up somewhere you are not aware of?
Next week we hope to share more on methods for protecting yourself on Twitter specifically.
InfoSec Team Needs Your Help
Season 5 is upon us at BanklessDAO and the InfoSec Team is once again asking for your support in continuing our mission to protect the DAO. If you have found value in the work we do, whether it’s through these newsletters, our implementation of Wick bot moderation or our continued behind-the-scenes infrastructure work, please read our budget proposal and give it a vote.
Proposals in Discussion
This is a proposal to add BanklessDAO as a partner community inside the Panvala ecosystem. Panvala is an endowment to fund community life, shared by a network of thousands of communities that help it grow. If we become part of this ecosystem, BanklessDAO can claim a portion of the shared Panvala endowment to fund our activities.
👩🏽💼 Bankless DAOplomats
This proposal presents the opportunity for the DAO to leverage its immense experience in decentralised governance in offering Metagovernance-as-a-Service (MaaS). DAOplomats from BanklessDAO can help our partner DAOs in the governance process by writing and coordinating proposals.
This proposal aims to develop a Tokenomics Certification credential for DAO contributors who want to prove their tokenomic capabilities with an on-chain verifiable credential and access to an expert community. The proposal seeks funding to develop a minimum viable product.
BanklessDAO members from Peru are looking to establish Bankless Perú, a Spanish speaking node that can set up a local community and incorporate more people to the Bankless movement. In this revised edition of the proposal, the funding requirement has been reduced and some comments based on community feedback were added.
The project seeks funding to achieve the goal of creating a Web3-focused glossary for bDAO, called bDAO-Glossary. The final version (Rev02) of the glossary is here. The project aims to make this glossary available in multiple languages through the various International Media Nodes.
✅ Action Items
📖 Read: There are many important proposals to comment and vote on in the Forum.
✋ Take the BanklessDAO Survey.
🙏 Thanks to Our Sponsor
Pocket Assistant NFTs are pioneering a new gig economy for Web3, with Web3 values. Our community of contributors are here to help you spend more time on high-value activities by easily delegating your simple but time-consuming tasks. PA NFT holders get to delegate 20 tasks per week to Pocket Assistants. In doing so, you provide valuable, safe, flexible work and income to someone in an underserved community. This is a step change in utility for NFTs, a jpeg with real-world utility, freeing up hours of time per week for holders and providing wages to those most in need across the world 🤝
👉 Reserve a Pocket Assistant NFT before they're gone.
👉 Follow humanDAO on Twitter.
👉 Join humanDAO Discord.