Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tay 💖 Profile picture
@tayvano_
Sep 22, 2020 48 tweets 24 min read Read on X
understand the power of a telegram group. Even a tele full of non-devs who can't even register a domain name. 🤫
Ffs I get some work done and it went from like 20 ppl without a token name or a domain name or a fucking clue to 600+ people begging for drops.

This is for sure the future of finance folks.

🤫 ImageImageImageImage
The F U T U R E of finance folks. 😂😂😂 ImageImage
If you're the type of person who sees a cashtag on twitter and immediately buys it I would strongly recommend burning your computer. It's far less proactively selfdestructive and will hurt less. 😳
lol im caught up in this entire mess because someone was trolling @AlexMasmej 😂😂😂😂😂 Image
Okay seriously this was annoying the fuck out of me bc based on what I saw when I looked at the chat for like a literal minute around 2pm PT, there was no way this was or was going to be an actual thing.

Yet an hour later I'm blasted on all sides by outraged anon degen dudes.
The easy answer is frogs are salty cuz they missed out. But. In order to miss out...wait...how the fuck did this thing that maybe had a name, still had no url, no devs, how did it launch a token and give it to people and get it on uniswap and pump the price in an hour?
Everyone in the chat i know & most I've met irl like @AlexMasmej @defidude @sassal0x @Steven_McKie. Sure, some can get a bit defi shilly overly excitable, but never ill willed.

But shit doesn't pump on accident. So I got added to a group by some seriously schemey schemers???!
So I'm looking for this token thats pumping or whatever but I can't find shit. There's no uniswap links. Every uniswap mention is a joke.

Watch this tho. Here's the first 4 uniswap mentions. It's all faces and jokes. ImageImageImageImage
11:45: chat starts
12:55: 50 people
12:58: jokes about $cashtags $antimeme
1:20: jokes. Oops we haz no url.
1:36: literally no one knows what's going on
1:46: no srsly wat is this?
1:58: did everyone get tokens? Everyone: no
2:26: wait how are more ppl joininh?
Now, watch how fucking fast this happens. At 2:30 there are still less than 100 people.

At 2:36 a flood of ppl enter from a link somewhere. And the entire chat is now faceless.

By 3:19, there are 579 people. ImageImageImageImage
Now here's where it gets really weird. At 2:50 I was like "lol this is gunna blow up in my face bc of course it would"

Still no links to Uniswap or anything.

At 3:40 a string of tweets some at me fast with just straight shit talk.

Search again and now there's a link. Sort of.
From Jordan. Who saw it being blasted in the chat. And it's fake.

At 3:11. Image
And so fast forward and I'm going back trying to figure this all out and it's insane.

The outrage faceless dudes are not salty bc they missed out on something. Nothing ever happened.

They're pretending to be salty to create hype to shill their fake #few token in replies. ImageImageImage
Every uni link share is like the above. Not like known folks making jokes.

Bull scammers are creative.

Theres nothing more powerful than greed and FOMO but theres nothing more sharable than outrage.

And y'all fell hard. Even I thought something pumped.
Here's zoom in on the transition from fucking around with friends to "uhhh what"

2:33 pm is earliest I can tell that a link got posted somewhere. 100 people is hit. And um. Yuck. ImageImageImageImage
2:45pm
Fake FEW contract is created. ImageImageImageImage
2:48pm
Fake few contract creator approves on uniswap

2:49
Fake few contract creator creates $15k worth of liquidity

So it took *4 minutes* to create a fake token and add liquidity (aka "get it listed on uniswap") ImageImage
Interestingly, 5 hours after putting it on uniswap (7:29pm my time), contract creator registers an ENS name: fewfi.eth.

Which means he's still shilling this scam somewhere. ImageImage
Whooooa.

Okay so fake FEWunderstand (aka fake few) on Etherscan: etherscan.io/dextracker?q=F…

Find first trade: etherscan.io/tx/0xd3e4a74cf…

See this contract thing that doesn't hit the router like normal? etherscan.io/address/0xebb4…
so thats weird. but yeah i wanted a scam token list.



apparently no one has a scam token list.

so i made a scam token list using 0xebb4 and his buddies.
its a fucking list tho. ImageImageImage
like a fucking serious ass list. Image
and most, if not all, of these were created and liquidity was added to uniswap after 7/1/2020. and most, if not all, appear to be scam tokens.

theres prob more, i just stayed in the etherscan.io/txs?a=0x93438e… bubble and he didnt exist 78 days ago.
because if you go outside the 0x9343 bubble you find shit like this: etherscan.io/address/0x54db…

1. fresh addy grabs 1100 eth from okex (i think)

2. creates new token: etherscan.io/address/0xacd0…

3. provides liquidity on uniswap for 5 mins

4. exits to fresh address

5. 2 eth richer.
i found that happening over and over. how?

we'll i'd end up looking at a page like etherscan.io/token/0xacd049…

which i found from our buddy etherscan.io/address/0xebb4… (the guy 5 tweets up trading few) Image
so thats fucking insane af. dunno what it is or means tho. 🤷

address dump

center: 0x93438e08c4edc17f867e8a9887284da11f26a09d

contracts of his:
0x21e479e62603a3ea0b6dc687cb86b9938d39a3dd
0xa23636dd7b1517e12088fb8c5b364c735111f979
0x1c72e0fbf8beb4e933c86cbb5d7b84879cd0fe69
...
0xb73815f5f055073c93d4332fb53dc01d82778dde
0xb88a1b2ab0deb0df1d62cef5176deb3bb5488d11
0x2d32705504e6baddf3cfe13409a07b60a320a48d
0x4c3a9e1ddf2eae499b60374b6415c9dedbb70991
0x354576b4b0a56bdc5af677e5cba04b2eec6d4778
0xf2f8b15133973fce4ce30ec2989ff0bcf0052e0d
...
0x7098c1c07e313a3c3be616f82119cd22ddcc796c
0xa96e2806a6fb7f504b04f6df549c4c7b0a100b2e
0x5410dd15121b7e26b04470b57dcf11bc1ea4602e
0x950543e41294700e8a249a5e692bd5325bb87228
0xebb4d6cfc2b538e2a7969aa4187b1c00b2762108
.
controllers/holders for 0x9343:

0xacb78b259f5edb9746baf5c13e9a59439418f8da
0xcde19c6a93ba8bd102bdb5fae0a8ea2ba203a89c
0x21067d95d4c157904be5380194325d0e93619d6b
0x17083be979a080e80d158218b5c17b118fc0a4cb
🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷🤷
token list gist.github.com/tayvano/aa4759…

its NOT edited to remove non-scam tokens. there are some they use as pairs (e.g. tether, weth, uni, etc.)
shit and like random ass names dont always help so heres the token list with tx hash so you can find a scamcoin, visit the tx hash, and then explore from there.

gist.github.com/tayvano/676f10…

e.g.
, = etherscan.io/token/0x6afde9…
okay heres how to explore.

1. pick random line. like line 46:
0x1a01145b2fb2253311f9231534c872f69a34c1fa2bb1bef255e30dc601bf6c96,ABSOLUTELY NO DUMPS,AND
2. go to the tx hash provided:
etherscan.io/tx/0x1a01145b2…

3. look at token: etherscan.io/token/0xc64f78…

4 holders, 12 transfers

4. find creator / lp:
etherscan.io/address/0x3984…

5. dump other contract creation txs.

etherscan.io/tx/0xb2a174e87…

etherscan.io/tx/0xa974a9c1c…
6. see more scamtokens

NFR - 1 day ago - 1 holder - 3 transfers etherscan.io/token/0x109400…

YFN - 1 day ago - 2 holders - 8 transfers
etherscan.io/token/0x02cbd1…

7. read contracts, find owner:

etherscan.io/address/0xa07b…

more fucking scam tokens!
one TX hash from the above list will give you 5 or 10 or 100 random ass scamtoken thingies and a pile of new LPs and creators and fund sources.

im so beyond bewildered at the scope of this.
New token list from same data with new data:

Token contract address
Token name (etherscan)
Token symbol (etherscan)
Holder count
Transfer count
# of times appears in list
Notes

Sorted by holder count.

gist.github.com/tayvano/7f8373…
hello darkness my old friend 🎵

okay but seriously i just legit bought these Astro tokens AND I DO NOT BUY TOKENS to get the full features and in 5 minutes it zelda sounded me abt a new listing and BAM LOOK WHO IT IS?!

Our buddy 0xebb4!!!!!!! Daamn @Astro_Tools serves my needs. ImageImageImage
Okay so I'm now watching what I saw happen last night except now its in real time and happening right now and my gosh all you poor thirsty souls searching for a quick buck and getting rekt. 😭😭😭😭😭😭😭😭 ImageImageImageImage
TBH I feel like @Astro_Tools knows me or something. This is my jam.

Anyways. In the last hour 0xebb4 has created

SEX: 0xf64b9b18960c880bf644b6935943ded700f265b6
ISN: 0x321e1dee2c4593f0b74435f3eec35716fe1004f7
APPL: 0xf79fd7cb710513e76b9cdc079da89cff10846efb Image
And 0xebb4 has also created

MINI: 0x00d81f53505e1b9486aff9ec916a419786a29057
FACE: 0xab847caefdb4e925efc32eff4716a1d3e8f3b464
GOG: 0xd0a8b4ff60023745e9f02ad4723d405445a88c72
COPE: 0x28ad99d6929709c11fc85e6c3636373fe63e5415

So 0xebb4 is 7/9 new tokens on uni in the last HOUR. ImageImageImage
LOL this other scammer 0xb13fe3ed1557359ebdf856278576bdb0c2de9df5 has created 4 separate fake ISN scams with the same-same-but-different-name in the last couple hours

etherscan.io/tx/0xcc1268b44…

etherscan.io/tx/0x796f2ab68…

etherscan.io/tx/0x00f1edd5a…

etherscan.io/tx/0x75e58ca20…
If you guys havent had a chance to check out @etherscan's latest kickass feature, you can now see how much an account spends on tx fess.

Also, our scammer buddy 0xebb4's controller 0x9343 spends ~8ETH / day on TX fees. ~232 ETH aka ~$90,000 since july 7 2020. ImageImageImage
Last update for a bit. 3 more scam tokens, all from 0xebb4.

scamMANY
0x750fb06c7e160b5efdee53696ca327bd37fa62b4

scamROMG
0xf89d14675c227390f9e2329f26a70db65b6336bd

scamYFMS <-got some bites?
0x6413be89fcd25050fd6d51b4e04e4e22b16848ea

1 hour. 14 new tokens. 11 by 0x9343/0xebb4 ImageImageImageImage

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tay 💖

Tay 💖 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tayvano_

Tay 💖 Profile picture
Nov 16
Gotta correct the record on a headline that's been running wild lately re: the WazirX hack.

Bc it is NOT significant. Or a "breakthrough."

Dude they arrested wasnt involved in the hack. He doesnt know the hackers.

Plz stop regurgitating self-aggrandizing press releases. Image
Here's the actual situation:

At some point prior to July 2024 the actual hackers landed a backdoor onto something that gave them some access to the WazirX multisig signers and/or their signatures.

We don't know what or who was compromised and it doesn't really matter.
Initial toehold was likely gained by tricking someone at WazirX or Liminal into installing malware -> escalated from there.

This access allowed the hackers to intercept/insert invisible, malicious payloads for signing in a way where none of the 3+ signers were able to notice.
Read 21 tweets
Tay 💖 Profile picture
Oct 20
With the recent sophisticated hacks fresh on everyone's mind, there's been a lot of talk about ✨fancy stacks and setups.✨

Yes, you should evaluate how—and with what—you sign txns.

But building a custom UI for your LAN Qubes OS AWS KMS everyday is not really the answer 😅
Background on the referenced hacks (feel free to skip):

1. Funds were stolen from each org's multisig.

2. Keys themselves were not compromised.

3. In Radiant and WazirX and maybe DMM, the keys backing the multisig were actually only on hardware wallets + actually controlled by distinct parties.

Radiant - $50m, like 2 days ago
medium.com/@RadiantCapita…

WazirX - $230m in July
x.com/WazirXIndia/st…
liminalcustody.com/blog/update-on…

DMM Bitcoin - $305m in May
The least amt is known about DMM, including whether keys were cold vs hot. Early theories said address poisoning. It def wasn't that. Attached is rampant speculation (likely all wrong)
See also: x.com/mononautical/s…Image
Image
Image
Also, note, any organization that can implement / enforce EDR, etc. should do so. Full stop. End of conversation.

However, the crypto industry generally considers this a non-starter for all sorts of philosophical + practical reasons.

So, until we get there, here's the deal:
Read 15 tweets
Tay 💖 Profile picture
Sep 5
Alright so comments here are a bit looney and I don’t particularly like them bc it distracts and undermines the actual risk.

Spoiler: @coinbase getting hacked is not the risk.

But there is still risk. Even when using Coinbase.
This gunna be long. Sorry. But it needs to be said. Clearly.

First: the reason I say Coinbase is not the risk is because they take INSANE measures to mitigate the risk of being hacked.

They always have.

They are really fucking serious abt security across the board.
Coinbase is NOT different bc they’ve *eliminated* the risk though.

Bc they haven’t. Bc they can’t. NO ONE CAN.

This shit is wild. The incentives are too much. The hackers have too many resources.

They will literally burn 0 days to get at Coinbase. They *have* burned 0 days.
Read 18 tweets
Tay 💖 Profile picture
Jul 8
Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry.

They rekt more people, companies, protocols than anyone else.

But it's good to know exactly how they get in. Bc another smart contract audit won't save you.
For example, one long-time fave method:
- Contact employee via social/messaging app
- Direct them to a Github for a job offer, "skills test," or to help with a bug
- Rekt individual's device
- Gain entry to company's AWS
- Rekt company (and their users)

cloud.google.com/blog/topics/th…
Image
With permission, I’m sharing a recent convo that led to $2m+ stolen so you can see how this DPRK crew (TraderTraitor) is operating today.

These convos are pretty rare to see. Thefts occur months later, so very few uncover how the initial entry was made.

cisa.gov/news-events/cy…Image
Read 14 tweets
Tay 💖 Profile picture
Jun 19
this wild af
episode 2 even wilder

Txn History Deposit 1

0x5a7732d8710af819dd16c82d38ed4385e137285c

0xce7d8feb6f4a88f4a2694beb8f92be6a1670d3a8fa243ab3416b46f4576d3fc5

0x8cd115e1d45dc80894204244a2749cb7cdb7ac7b14cf9809cac19714d3626bfc

0xa119fd1efd639fde5837566dfd843ba401825702e7694ce1591194b2b98297ae

0x0dea174d7bd9f6e978b98e6e1d0a0f1fc22d90f82f35537b1754d3f73652f1d6

0xa2bd92a528ffc2cb66f7317ff9e6ad55f094112e2937980c8b782d052d22dc76

0x886f187b7f3929032072a98160dac084d02a0ce62b556c64140d76f399d4922d

0x9d661a1d89613e2fa53a9ca63ad64db5401cde7d70f4eefb883724b0f1a57a31

0x1dbc11b50913f8633c049072428f4db0cce4d38cabe6087afc472c6668f5dc1a

0xa3a4a5878da0240cf0dbcb1b68bde88b877ed2c0c2390d000f796cda2c579af9

0xa158192d24ca8fa79c95fa52f8c3d564e8f6304bacea9c9dfca440d7da33ddf7

0xa7285a96eb95dd76ce129f063424679a6d465b7b9a284cdac528405c75ce8393

0x3dd977a7b2edbbe629a8bab9a9b3f0ccf253ea12e31c6f748ddac9e025167e67
Read 20 tweets
Tay 💖 Profile picture
Apr 10
🧵Highlights from the UN Security Council's 2023 report on DPRK

This one was a whopping 615 pages 😳

These reports are always like a birds eye view of random, raw, deep intel. They're amazing and shed light on attribution, irl banking networks, etc.

un.org/securitycounci…
re: MaybachsImage
Image
Image
re: DPRK IT Workers



justice.gov/opa/pr/justice…
reuters.com/technology/nor…Image
Image
Image
Image
Read 25 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(