Share this page!

Nat Eliason Profile picture
Twitter logo
11 May, 10 tweets, 3 min read
Alright, so, time for a VERY painful story about how in my excitement about learning solidity yesterday I made a mistake that let someone steal $30,000 from me.

🤦‍♂️🤦‍♂️🤦‍♂️
When you're doing Solidity development, you need some way to interface with the network to deploy contracts, the easiest way being through MetaMask.

So, mistake 1, I used my normal MetaMask account to get set up.
Then in order to deploy anything, you need to have your MetaMask seed mnemonic in your code somewhere so you can sign the deploy, etc.

For any non-crypto people: you need to put a bank password in your code.

And I used a bank account with money in it.
Now that would all be fine... except I wanted to put my work on GitHub.

So I put my seed phrase in a separate file, added it to the gitignore, and committed everything.
Except... I made a fucking typo in the gitignore.

I forgot you need to include the file extension so instead of writing "secret.js" I wrote "secret" and committed the file with my seed phrase.
I noticed it before deploying though, and removed it, but didn't realize GitHub will get all commit history even if you remove something...

So basically I published my bank login credentials on the Internet. Yay.
There must be people with GitHub scrapers looking for newbie devs to make this mistake because when I got back from dinner last night a bunch of my accounts had been drained and they were working on draining more.
Luckily @cathrynlavery helped save the day and set up a temp account I could send whatever I could recover to, and I rescued a lot of stuff.

And I had most stuff on my Ledger already.

But still, FUCK.
Obviously, people shouldn't steal money but this was 100% my fault and my own stupidity.

It just makes me kinda sad for any young people exploring getting into this space who probably make the same mistake, lose money, and get turned off from working in crypto entirely.
And if you're not doing crypto development this isn't really a risk for you so don't be worried... just don't publish your seed phrase on Facebook or anything 😂

And even if it's slower just use the @Ledger for everything.

Hope this story helps save someone else's money 😬

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Nat Eliason

Nat Eliason Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @nateliason

Nat Eliason Profile picture
9 May
Something I've been thinking about with DeFi recently is how you could use yield farming & staking to diversify your investments across L1s / L2s while making some money along the way

👇👇👇
Say you're bullish on @0xPolygon, but you also don't want to stop buying into Ethereum.

Well one option would be to move some money over to the Polygon network, buy a combination of Matic and Ether, provide those as liquidity on @SushiSwap, and then stake your LP tokens.
By doing this you're buying a combination of Ether / Matic so you have upside if either or both go up.

You also have some hedge if one goes up but the other doesn't.

And you're earning Sushi / Matic along the way by providing liquidity to SushiSwap.
Read 5 tweets
Nat Eliason Profile picture
29 Apr
So... is there a baby formula that isn't full of industrial seed oils?

Because I started doing research and wow this is not good.
Here's a list of the "8 best baby formulas" that pops up when you search for "best baby formula"

Every single one has at least one type of seed oil, and many have corn syrup as well:

babylist.com/hello-baby/bes…
Here's another guide focused on organic, "safe" baby formula.

Aaaand it's all seed oil again:

gimmethegoodstuff.org/safe-product-g…
Read 6 tweets
Nat Eliason Profile picture
21 Apr
Okay I rather like this response to mine and ⁦@jeffnobbs⁩ articles.

They’re kinda gentle on the canola oil part, but still pretty fair.

Either way getting mentioned in GQ is cool. gq-magazine.co.uk/lifestyle/arti…
Always worth remembering though that Crisco came out in 1910 and trans fats weren’t outlawed till the 2000s.

Awareness of how bad things are for us takes a very long time if you don’t use heuristics or understand what’s going on at a mechanistic level.
And writers like me have very little to gain by shitting on Oatly so much.

We just want people to stop hurting themselves and their children.
Read 4 tweets
Nat Eliason Profile picture
9 Apr
I released a big update to my @RoamResearch course today.

There are now two versions:

"Just the basics" and the full course.

Both include 2.5 hours of brand new content on learning Roam from "Roam in a Day" filmed a couple weeks ago!
Check them out here! effortlessoutput.com
All previous buyers have all the new content. You should have an email about it!
Read 5 tweets
Nat Eliason Profile picture
2 Apr
Hey everyone, I've been kind of hard on BitClout the last few days.

But I looked into it more and realized it's actually a really incredible opportunity.

Let me explain 👇
BitClout lets you buy a creator's "coin" so you can invest in their future growth.

Just deposit a little Bitcoin and you can buy BitClout, then use that BitClout to buy some of my coin!

bitclout.com/u/nateliason
What makes it extra cool is that when you buy some of my coin I get more BitClout.

So by promoting BitClout and encouraging you to sign up, I'm getting more of this new crypto asset.

I don't even have to put any money in!
Read 11 tweets
Nat Eliason Profile picture
1 Apr
Forget the edit button, Twitter should have a "stop spread" option on tweets.

It's perfect for when that half-baked tweet you sent after a few glasses of wine is getting way more reach than you expected and you want it to stop, but you don't want to delete it.
I've noticed that most tweets that do well go through a sort of cycle:

1. People who follow you and "get you" like and respond
2. People who they reach respond and engage
3. It keeps spreading to people who have no idea who you are and just want to dunk on randos
Something spreading can feel fun in the beginning then quickly become very unfun.

Especially since negative sentiment seems to spread faster than positive sentiment.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @nateliason has new unrolls!

Check out other threads from @nateliason!

Read all threads by @nateliason

:(