Crypto Currency Fraud

Max · December 2, 2021, 7:35pm

yeah that’s fair. will add an addendum.

Max · December 2, 2021, 9:43pm

I updated the post with an addendum: https://xk.io/n/2002..10022#n/10022 (this view shows the full context)

Tony · December 3, 2021, 5:34am

I am late to this thread, but wondered if anyone is familiar with Keith Weiner’s (objectivist) ideas on the dollar, some on bitcoin, and some gold. Note: I haven’t read through the whole thread and I am not knowledgeable about Tether.

Weiner uses the concepts of extinguishment and redeem-ability as essentials of sound money. His short articles make a clear argument and I haven’t found much to disagree with.

I’ve read half each of Theory and Credit and Human action. I think the Misean concept of money is too broad generally, and Mises definition still seems tied to historical paths. He didn’t flush out the essentials like Weiner has of what makes a good money.

Also wanted to add just a few thoughts that I remember. It’s been a year and a half+ since reading on this

I see the current crypto as suffering from the same deficiency as Weiner describes, debt is not extinguished. It’s simply transferred. Gold backed crypto, could be an ideal. I’ve seen several offerings over the-years, but from dodgy sources I wasn’t easily able to verify the offers’ reputation.

One of the arguments of bitcoin over gold is portability or efficiency. I think the portability and efficiency are positives but not essentials, like (stable store of value and extinguish-ability). Weiner noted a while back, nobody is making loans in Bitcoin. I think this is very instructive.

Tony

Elliot · December 3, 2021, 4:53pm

twitter.com

Bitfinex’ed 🔥 Κασσάνδρα🏺

@Bitfinexed

It’s confirmed. Celsius Ponzi scam loses over $50 million dollars of customers funds. “Celsius CEO Alex Mashinky for comment on Thursday evening he said the company would provide a statement on Friday, but did not comment further. Celsius to ask for more tether bailout funds.”

Blockworks @Blockworks_

Celsius reportedly affected by Wednesday's $115 million DeFi hack reported yesterday. Celsius’ losses at this time could amount to $54M. Latest by @jacqmelinek https://blockworks.co/celsius-reportedly-affected-in-exploit-of-defi-protocol-badgerdao/ …

3:29 AM - 3 Dec 2021 208 50

Elliot · December 9, 2021, 6:08pm

Max · December 21, 2021, 4:04am

Yeah – I didn’t think you’d answered it (I probs should have mentioned that).

The post you linked has problems IMO; not sure if you consider them relevant or not to the discussion, though.

Bitcoin isn’t dead between blocks – there’s no way for it to be alive without gaps, so logically it can’t be dead in those times. There is still an ongoing process – miners are hashing – but the results of that process are stochastic (next block could be in 20 seconds or 20 minutes).

The above is one reason, but another is that there’s a sense of financial continuity – but that wouldn’t necessarily be the case 2, 20, or 200 yrs later. I don’t think we need to agree on that much here btw, like roughly day-to-day continuity is enough (e.g., stock markets often close overnight, so it seems like day-by-day continuity is good enough for most finance stuff).

edit: uhh, discourse posted this to the wrong thread. It actually asked if I wanted to post it to crypto currency fraud (this topic) or to “post it here”, but i guess both posted it to this thread.

Edit2: going to copy it over to BTC as money thread. Edit3: Bitcoin (BTC) as Money - #32 by Max

Elliot · January 17, 2022, 4:21am

Elliot · January 17, 2022, 6:18pm

This site has permalinks that put a post on top instead of linking it individually. The title I’m trying to link is:

Multiple artists report OpenSea automatically closing their support tickets reporting stolen artwork; OpenSea removes ability to report

Elliot · January 20, 2022, 3:08am

UEG has other videos about dumb crypto stuff too.

Elliot · January 24, 2022, 3:22am

Max · January 24, 2022, 4:20am

I’m noticing more content critical of NFTs from a wider population – esp from ppl who aren’t working on NFT stuff, or wouldn’t otherwise be covering it if it weren’t a problem (UEG is an example).

Like here’s one (2hrs long with ~1m views, 2 days old) that is from a channel that covers like film/narrative/story stuff and oddities in depth. (I’ve seen a few of his videos before; one was “That Time Geocentrists Tricked A Bunch of Physicists”). His most recent video (besides this NFT one) is titled: “Jamie Oliver’s War on Nuggets”.

I thought the description of the vid made a good point:

If someone pitches you on a “great” Web3 project, ask them if it requires buying or selling crypto to do what they say it does.

Max · January 24, 2022, 8:24am

I watched all of “The Problem With NFTs”. The video makes some good points and has some interesting stuff about NFC scams and culture. There are many technical errors (and some political views thrown in), but they don’t make that much of a difference to the main point of the video.

One thing I wasn’t sure of (and hadn’t heard about) that was mentioned, but explained poorly, is an exploit where someone is sent an NFT and this leads to their wallet being drained.

The article I link is probably for a different attack than the example from the video, but the effect is the same.

I don’t know how this isn’t just pure negligence on the part of OpenSea (it’s their site and service), but there are more issues that limit chances for error correction along the way. Those limitations apply to the whole Ethereum ecosystem, and all other chains built on the same tech (like Ethereum Classic).

It sounds like one of the reasons that this exploit exists is that Metamask – the main Ethereum wallet used in Web3, which is a browser-addon – has really bad UX around transactions.

Like, when you make a transaction you’ll see the destination address, ETH value, tx fee, and the data payload. But there’s no way for Metamask to have any idea what the payload does – it can’t do that for every possible smart contract out there. So it can’t show anything useful to the user (note: there are some special cases built in, like for ERC-20 tokens). So, in essence, a bit of JS can do a bait-and-switch. The user thinks they’re clicking “delete”, but really that ends up like draining all their NFTs (if it tried to drain ETH then the user at least has a chance to notice). The metamask transaction prompts for delete and drain would look basically identical. Unless the user like copied the data payload and deserialized it, they’d have no idea what it actually does. (Maybe metamask has done something about this as a special case, but in principle this is the norm that I remember)

This article is from October but the example in the video happened around Dec 27 I think, based on the timestamp of the reply (the incident was also listed on web3isgoinggreat.com on 28th dec)

“So, we decided to check what will happened if we would create malicious art that contains code in it, for example an .SVG image. We created a simple .SVG file and uploaded it with a simple payload,” researchers explained in a Wednesday analysis. “By clicking on the art and opening it in anther tab or clicking on the links on the page, our SVG will be executed under https://storage.opensea.io subdomain; at this point, we have a SVG file with JavaScript capabilities.”

To exploit this setup, the researchers added an iframe to the .SVG file, which inserted an Ethereum object onto the page where the malicious .SVG was on offer.

“This way we can get the window.ethereum injected, which will allow us to communicate with the Ethereum JSON-RPC API,” according to the analysis. “In order to hijack the currencies, first the attacker needs to open a communication with the wallet via a rpc-api action that will start the communication with MetaMask.”

When a target is offered the “free gift” – i.e., the malicious NFT – a pop-up window appears to the target asking for confirmation for the transaction. Once the victim clicks on the popup to sign the transaction, he or she can interact with the file. In the background, the payload executes and an attacker would be able to see any wallet activity and be able to perform actions on the victim’s behalf.

“The transfer will happen seamlessly, and the victim will get the art to his collection without any action needed from his side,” Check Point researchers explained. “Then if the victim will open the new art and press the image or links, connect his wallet and sign the transaction in the popup, he will lose all his balance.”

(Apparently the guy replying sees the recent southpark NFT thing as a good thing, too)

Elliot · January 27, 2022, 6:18am

https://www.tiktok.com/@aamirazh/video/7056947817859779886

deroj · January 27, 2022, 11:46am

This link doesn’t seem to work either. I guess it’s b/c the uploader deleted it.

Max · January 28, 2022, 11:05pm

From memory, that one was about using NFTs as money laundering (sell it to yourself).

ingracke · January 29, 2022, 3:00am

The link works fine for me

deroj · January 29, 2022, 6:32am

It seems to have been something on my end I guess.

Edit: I just checked the link on my iPad, the device that I had the problem on, and the link is working there as well now.

Elliot · February 2, 2022, 10:06pm

I didn’t like the victim blaming by Asmongold. Interesting video though.

Max · February 3, 2022, 11:12pm

cross-chain fancy blockchain system gets hacked
120k ETH stolen
venture capital fund replaces ETH to keep system propped up

Elliot · February 6, 2022, 10:31pm

part 2