Tay 💖 Profile picture
Sep 21, 2020 9 tweets 3 min read Read on X
Since I...uh...was having too much fun sharing insane attack vectors with you, I should probably calm my ass down and clarify a thing:

You should be far LESS scared of @metamask_io and far MORE scared of the other shit you're doing + your own opsec.
@Ledger and @Trezor are safer and more trusted than MM. Ice cold paper airgapped machine storage is even moreso.

But your random no-name mobile wallet, the port tracker that wants your full admin exchange API keys, and the rotting DeFi food you keep throwing $ at are WAY WORSE.
Flashy new wallet that's never endured a bull run? Yeah, no thanks lol.

Entering your private key directly into a website/dapp? Fuck off.

Centralized "recover with your phone number" shit? Hope you are bribing all the $1/hr support agents in the Philippines to NOT sim swap you!
Its FAR more likely that you will lose funds via your actions. If I had to bet on MetaMask or you, I would always bet against you. Sorry.

Scams, phishers, hackers, recovery mistakes, storage mistakes, social trickery, downloading porn/torrents, sim swapping, malicious apps...
...fake google ads, fake apps, impersonators, a/b/c/d/e/f tested spear phishing messages, websites asking you to paste your key, screenshotting your key, not backing up your key, and accidentally uploading your key to github or sharing it on a screenshare are ALL more likely.
The reason you shouldnt put all your assets in MM is bc the less places a key is, the less often you touch it, the less likely it is to emptied. Make a paper or hardware wallet, put majority in it, and just dont take it out.

But Tay! What do I do when I need more money in my MM?
I dunno. Consider contributing to the ecosystem instead of paying miners and throwing eth at anon devs who are hot to abscond with all your assets on a bed of lies?

Tbh, its absurd that MM catches any heat considering the destructive bullshit yall engage in. 🙄
And before you get all defensive and argue-y, read and do all the shit in the following two articles. It'll be far more productive for everyone. 😘💖

medium.com/mycrypto/mycry…

medium.com/mycrypto/what-…
goddamn it i forgot the fucking giveaway bots.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tay 💖

Tay 💖 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tayvano_

Dec 22
DPRK's trading career is...uh....going.....🙈

tbh if i was the dude managing Hyperliquid's 4 validators (or those fucking ghetto ass binaries on gh) I would be shitting my pants right now.

Hyperliquid dudes dont seem worried at all though so im sure its fine. 🫠 Image
lol @ all you retards who think the risk is USG forcing Hyperliquid to freeze AAAAAAAAAAHHAHAHHHAHAHAHAHAHAHHAHHAHAHHAHAHHAHAHAHAHHAHAHHAHAHHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHAHAHAAHAHHAHAHAHHAHAHAHHAHAHAHA

Yall, DPRK doesn't trade. DPRK tests.🤦‍♀️
my offer from 2 weeks ago still stands @HyperliquidX

i'm still happy to do it async or via a call. i can even give you one of my super nice happy colleagues if you don't like me.

but a massive amt of harm will come to people if you don't harden your ass asap. Image
Read 4 tweets
Nov 16
Gotta correct the record on a headline that's been running wild lately re: the WazirX hack.

Bc it is NOT significant. Or a "breakthrough."

Dude they arrested wasnt involved in the hack. He doesnt know the hackers.

Plz stop regurgitating self-aggrandizing press releases. Image
Here's the actual situation:

At some point prior to July 2024 the actual hackers landed a backdoor onto something that gave them some access to the WazirX multisig signers and/or their signatures.

We don't know what or who was compromised and it doesn't really matter.
Initial toehold was likely gained by tricking someone at WazirX or Liminal into installing malware -> escalated from there.

This access allowed the hackers to intercept/insert invisible, malicious payloads for signing in a way where none of the 3+ signers were able to notice.
Read 21 tweets
Oct 20
With the recent sophisticated hacks fresh on everyone's mind, there's been a lot of talk about ✨fancy stacks and setups.✨

Yes, you should evaluate how—and with what—you sign txns.

But building a custom UI for your LAN Qubes OS AWS KMS everyday is not really the answer 😅
Background on the referenced hacks (feel free to skip):

1. Funds were stolen from each org's multisig.

2. Keys themselves were not compromised.

3. In Radiant and WazirX and maybe DMM, the keys backing the multisig were actually only on hardware wallets + actually controlled by distinct parties.

Radiant - $50m, like 2 days ago
medium.com/@RadiantCapita…

WazirX - $230m in July
x.com/WazirXIndia/st…
liminalcustody.com/blog/update-on…

DMM Bitcoin - $305m in May
The least amt is known about DMM, including whether keys were cold vs hot. Early theories said address poisoning. It def wasn't that. Attached is rampant speculation (likely all wrong)
See also: x.com/mononautical/s…Image
Image
Image
Also, note, any organization that can implement / enforce EDR, etc. should do so. Full stop. End of conversation.

However, the crypto industry generally considers this a non-starter for all sorts of philosophical + practical reasons.

So, until we get there, here's the deal:
Read 15 tweets
Sep 5
Alright so comments here are a bit looney and I don’t particularly like them bc it distracts and undermines the actual risk.

Spoiler: @coinbase getting hacked is not the risk.

But there is still risk. Even when using Coinbase.
This gunna be long. Sorry. But it needs to be said. Clearly.

First: the reason I say Coinbase is not the risk is because they take INSANE measures to mitigate the risk of being hacked.

They always have.

They are really fucking serious abt security across the board.
Coinbase is NOT different bc they’ve *eliminated* the risk though.

Bc they haven’t. Bc they can’t. NO ONE CAN.

This shit is wild. The incentives are too much. The hackers have too many resources.

They will literally burn 0 days to get at Coinbase. They *have* burned 0 days.
Read 18 tweets
Jul 8
Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry.

They rekt more people, companies, protocols than anyone else.

But it's good to know exactly how they get in. Bc another smart contract audit won't save you.
For example, one long-time fave method:
- Contact employee via social/messaging app
- Direct them to a Github for a job offer, "skills test," or to help with a bug
- Rekt individual's device
- Gain entry to company's AWS
- Rekt company (and their users)

cloud.google.com/blog/topics/th…
Image
With permission, I’m sharing a recent convo that led to $2m+ stolen so you can see how this DPRK crew (TraderTraitor) is operating today.

These convos are pretty rare to see. Thefts occur months later, so very few uncover how the initial entry was made.

cisa.gov/news-events/cy…Image
Read 14 tweets
Jun 19
Txn History Deposit 1

0x5a7732d8710af819dd16c82d38ed4385e137285c

0xce7d8feb6f4a88f4a2694beb8f92be6a1670d3a8fa243ab3416b46f4576d3fc5

0x8cd115e1d45dc80894204244a2749cb7cdb7ac7b14cf9809cac19714d3626bfc

0xa119fd1efd639fde5837566dfd843ba401825702e7694ce1591194b2b98297ae

0x0dea174d7bd9f6e978b98e6e1d0a0f1fc22d90f82f35537b1754d3f73652f1d6

0xa2bd92a528ffc2cb66f7317ff9e6ad55f094112e2937980c8b782d052d22dc76

0x886f187b7f3929032072a98160dac084d02a0ce62b556c64140d76f399d4922d

0x9d661a1d89613e2fa53a9ca63ad64db5401cde7d70f4eefb883724b0f1a57a31

0x1dbc11b50913f8633c049072428f4db0cce4d38cabe6087afc472c6668f5dc1a

0xa3a4a5878da0240cf0dbcb1b68bde88b877ed2c0c2390d000f796cda2c579af9

0xa158192d24ca8fa79c95fa52f8c3d564e8f6304bacea9c9dfca440d7da33ddf7

0xa7285a96eb95dd76ce129f063424679a6d465b7b9a284cdac528405c75ce8393

0x3dd977a7b2edbbe629a8bab9a9b3f0ccf253ea12e31c6f748ddac9e025167e67
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(