@CharlieShrem 1/ Story time!
About a year ago (July 5th, 2017), the phishers appeared in full-force and started hitting Slack channels *hard* with MEW phishing links.
Watching people lose money and realizing that I had failed to take adequate measures to educate our users hit me *hard*.
About a year ago (July 5th, 2017), the phishers appeared in full-force and started hitting Slack channels *hard* with MEW phishing links.
Watching people lose money and realizing that I had failed to take adequate measures to educate our users hit me *hard*.
@CharlieShrem 2/ To be blunt, it fucking sucked.
I spent a lot of time tracking the phishers. Recording addresses, URLs, watching money move from account to account, cross-referencing, and hoping to see it end up in an exchange account one day and catching the bad guys.
I spent a lot of time tracking the phishers. Recording addresses, URLs, watching money move from account to account, cross-referencing, and hoping to see it end up in an exchange account one day and catching the bad guys.
@CharlieShrem 3/ I would have these visualization of people and addresses and money moving and URLs and spreadsheets. I was quickly approaching murder-wall level. 😉 
@CharlieShrem 4/ And I was making progress...or so I thought. I had a few exchange addresses stemming from a few common addresses up top and it looked like the bad guys might have slipped.
I had those common addresses practically memorized.
I had those common addresses practically memorized.
@CharlieShrem 5/ And then I got an email from a victim who had one of the "top level addresses" that I had traced to and from in order to connect to other addresses and eventually the exchanges. Before he emailed I would have put money on the fact his address was a phishers address...
@CharlieShrem 6/ But it wasn't.
He was a victim.
He had all his money stolen.
And after more searching through the inbox it was obvious that this was common.
Instead of phishing_1 -> phishing_2 -> etc. it was actually victim_1 -> victim_2 -> ... -> victim_5 -> ?¿?¿?
He was a victim.
He had all his money stolen.
And after more searching through the inbox it was obvious that this was common.
Instead of phishing_1 -> phishing_2 -> etc. it was actually victim_1 -> victim_2 -> ... -> victim_5 -> ?¿?¿?
@CharlieShrem 7/ If I hadn't noticed this and/or if I had the authority to fuck over these "phishers", I could have very easily made a mistake that punished the victims (again), not the phishers. Very, very easily.
This is one reason centralization of authority is bad.
This is one reason centralization of authority is bad.
@CharlieShrem 8/
Without a doubt, I could have convinced anyone listening that this person or this address was malcious. Between the trust I had in the community, connections I had made at exchanges & beyond, my best intentions...I could easily have convinced hundreds of people, not just 21.
Without a doubt, I could have convinced anyone listening that this person or this address was malcious. Between the trust I had in the community, connections I had made at exchanges & beyond, my best intentions...I could easily have convinced hundreds of people, not just 21.
@CharlieShrem 9/
Basically, it takes those who have good intentions AND the dissenters & the "it's the victims fault"-ers to create the necessary checks & balances to ensure the *value* of decentralization lives. You need heaps of people with heaps of different values. You need to argue.
Basically, it takes those who have good intentions AND the dissenters & the "it's the victims fault"-ers to create the necessary checks & balances to ensure the *value* of decentralization lives. You need heaps of people with heaps of different values. You need to argue.
@CharlieShrem End/
The main difference between a mistake & corruption is the intentions behind the action. But unfortunately the outcome of the action is still the same.
It would serve EOS (and everyone in this space) to be mindful of that as they make decisions.
The main difference between a mistake & corruption is the intentions behind the action. But unfortunately the outcome of the action is still the same.
It would serve EOS (and everyone in this space) to be mindful of that as they make decisions.
