UCC.Hasu Profile picture
12 Nov, 8 tweets, 2 min read
Yesterday a friend of mine got scammed for a pretty substantial amount in an OTC trade on Telegram. I had not seen this method before and thought others should be aware of it:
The typical workflow in an OTC trade is that you have two parties, A and B, who want to trade with each other but neither wants to send first. So they both send their funds to third-party escrow E, who will send A's funds to B and vice versa.
In this case, we also have these parties
- my friend (A)
- his counterparty (B)
- an escrow (E)

After the terms had been agreed on, B made a Telegram channel with A and E. Then E posted the deposit address into the channel, A sent a test which E confirmed, then A sent the rest.
Or so you think!

What actually happened was that B made *two* channels, one with A where they controlled B and E. And one with E where they controlled A and B.

So in the first channel, B pretended to be E and sent their own address, A sent the funds, and B ran away.
The second channel was only used so E wouldn't get suspicious and tip-off A that something foul was going on. Both got tricked.
OFC this man-in-the-middle attack could have been prevented using some pretty easy techniques, such as
- double-checking everyone's TG account
- only accepting addresses via direct message
- confirm using phone or videocall that the address is correct
But my friend was an experienced trader who has done a lot of OTC transactions in his life and they still fell for it this time. I think primarily because he was good friends with E and so felt too safe in the transaction.
So keep in mind that it can happen to you as well and always stay vigilant!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with UCC.Hasu

UCC.Hasu Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hasufl

13 Oct
I'm excited to release a mega-post that @_anishagnihotri and I have been hacking away at for the last few weeks:

Paradigm's Guide to Designing Effective NFT Launches!
paradigm.xyz/2021/10/a-guid…
All NFT launches face similar challenges (e.g. pricing, randomness, gas-efficiency...), causing design patterns to emerge.

An anti-pattern is a common response to a problem that is ineffective or even counter-productive.
We start by highlighting anti-patterns in NFT-land that have been harming users in the wild.

For example, "More Loot" used transparent metadata. This allowed savvy users to rank items by scarcity before minting them and snipe only the rarest ones.

(x: time, y: scarcity)
Read 19 tweets
2 Oct
I don't really share the view "the outcome of a smart contract is law/code is law"

Smart contracts don't replace basic moral behavior or the traditional legal system, and that's okay:

(a thread on the most important concept in crypto💡)
Economic interactions are only possible when trust between parties can be established.

So humans create institutions like moral codes/religion, a monopoly on violence, the legal system, markets, money, etc. to establish trust between participants and lower transaction costs.
But existing institutions can be faulty, expensive, unfair, or too local (how do you establish trust between someone in the US and China?)

This is where blockchains and smart contracts come in.
Read 7 tweets
2 Sep
One for my MEV friends: I always said that EIP-1559 has no impact on MEV, but is that true? Assume we are still in PGA world and no bundles

1. in EIP-1559, the goal is for many txns to have the same priority fee (1-2 gwei, wallet default)
2. miners tend to group same-fee txns
3. as a front/backrunner, how do you communicate your target position to miners? Using less gwei would put you behind the entire batch (bad case) or even out of the block entirely (worst case). Using more gwei would put you ahead of the entire batch (bad case)
4. If the above were true (and remember only PGAs no bundles), then EIP-1559 would effectively lead to batch settlement instead of ordering by gas price which makes front/backrunning harder.
Read 8 tweets
21 Aug
EGL is not governance, it is a highly toxic attack on Ethereum.

tldr
- gas limit used to be voted on by miners in coordination w/ core devs
- EGL bribes miners to tokenize & sell that control to the market instead

(cont)
- actively ignores due process: this could never pass EIP process
- power grab & attempt to shoehorn rent into core protocol parameters by a rogue team + VC investors

I am watching very closely who supports this & have alrdy updated my priors accordingly.
I was offered to invest in this before it launched & declined immediately. Horrible project
Read 5 tweets
20 May
Why do many hacks and rugpulls coincide with overall market downturns?

Same reason crime explodes in an economic depression.

People stop seeing the market as a long-term positive-sum game. Instead, they switch into survival mode, taking with force what the market „owes“ them.
For most people, this means making self-destructive moves, like using high leverage to „make it all back in one trade“.

Others are willing to take from other people - by force.
There are two important takeaways from this:

1) In theory, smart contracts allow us to build applications that require no trust in the developers.

In practice, there‘s a near endless number of governance apologists, telling you that this or that loophole is necessary.
Read 8 tweets
19 May
PSA: The experience of different users on the same chain (Matic, BSC, etc.) can differ wildly based on which RPC endpoint they are using.
If you're using these chains, you should have a list of different endpoints saved up so you can shuffle through them during times of congestion.
And by congestion I mean p2p layer congestion :) On-chain congestion is rarely the problem
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

:(