Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
{harry,whg}.eth 🦊💙 Profile picture
@sniko_
Jan 17, 2022 7 tweets 4 min read Read on X
Scrolly
This is pretty cool, but let's see how easy it is to replicate (by scammers/malicious-intent actors)...

With 2 commands, we can DL a video then export frames to images and we are ready to deploy to a chain and buy a bot farm for engagement

youtube-dl
ffmpeg

#nft #scam

🧵👇
1/ A bad actor could look at public videos and use open tools to download the video

There are videos of many different people on video hosting sites that scammers can export from. On YouTube alone there is many videos returned searching "picture every day", "selfie a day", ...
2/ They would then use a tool, such as ffmpeg, to extract each frame to a PNG file automatically (maybe even de-duplicate any frames or set the framerate in the ffmpeg command to ensure uniqueness)
3/ Once we have all the frames, and remember we have only entered 2 commands in our terminal, we can then zip the directory holding the PNG files and use a WebUI to upload/pin to IPFS
4/ Now we have the files on IPFS (or any other webserver), modify the endpoint in the contract to this loc and deploy the contract with a Wizard (minimal coding and dev env)

mint() price to 0.001E and deploy to a chain (ie: BSC, Polygon)

List to marketplaces for secondary sales
5/ We now have, with very minimal effort, a new project with stripped images from a public video all within ~10 minutes (or less) of work

We now deploy a bot farm on Twitter to create some buzz, and (optionally) script some accounts to trade between themselves on the NFTs
6/
Wait
????
Profit

I am not saying/alluding Ghozali did this, I am just saying to expect a lot of copy projects that will spend 10 minutes of ripping historical images for a quick profit

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with {harry,whg}.eth 🦊💙

{harry,whg}.eth 🦊💙 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @sniko_

{harry,whg}.eth 🦊💙 Profile picture
Jul 20, 2022
⚠️ Have you heard of MEV frontrunning bots? This scam tries to capitalise on this term with other technical jargon to steal crypto from users

Typically, it is advertised as "How to make $XXX/day on Uniswap"

With 97k views on a YouTube channel boasting 26.4k subscribers
This scam works by convincing users that their smart contract is capable of monitoring the mempool and frontrunning transactions to profit from DEX trades

When actually, it is a simple proxy contract to forward your ETH deposits to the bad actor...
But where is manager configured?

Well, you'll see it is initialised within the constructor. IT is not a parameter in the contract deployment, but instead imported from a remote
Read 7 tweets
{harry,whg}.eth 🦊💙 Profile picture
Jul 11, 2022
⚠️ As of block 151,223,32, there has been 73,399 address that have been sent a malicious token to target their assets, under the false impression of a $UNI airdrop based on their LP's

Activity started ~2H ago
0xcf39b7793512f03f2893c16459fd72e65d2ed00c

cc: @Uniswap @etherscan
First, the malicious contract pollutes the event data so that block explorers index the "From" as the legitimate "Uniswap V3: Positions NFT" contract

You can read more about this attack here: harrydenley.com/bad-actors-abu…
Now that an address sees that "Uniswap V3: Positions NFT" sent them a token (without knowledge of the event pollution attack), they would get curious and check the token.

The token name directs them to a domain "/uniswaplp.com", which imitates the real @Uniswap branding
Read 13 tweets
{harry,whg}.eth 🦊💙 Profile picture
May 22, 2022
🎁 Are you an #enstimekeeper? Well, now you have access to a shared Twitter account!

Let's see how popular this experiment gets with the #enstimekeepers (before it gets suspended)

cc: @24hClubOfficial @ensdomains

harrydenley.com/projects/ens-t…
This community twitter account (@EnsTimeKeepers) with authenticate your Ethereum address and (timekeeper) @ensdomains ENS before it allows you to tweet.

For example: If you own 14h20.eth, then you can tweet during 1400-1459 (inclusive) on the UTC timezone
I recently came across a very niche "subsection" of the EthereumNameService that involved people minting ENS names around the 24H clock.

Why does the community exist? I'm not sure.

Read 10 tweets
{harry,whg}.eth 🦊💙 Profile picture
May 22, 2022
⚠️ Beeple's Twitter account has been compromised (ATO) to post a phishing website to steal funds.

0x7b69c4f2ACF77300025E49DbDbB65B068b2Fda7D
0xF305F6073CFa24f05FF15CA5b387DD91f871b983
Beeple is a 3D artist who is famous within the NFT world for selling his first 5,000 days at a record-breaking $69M at auction

We know the ATO is likely as Twitter is reporting the tweet source is "Twitter Web App" and not some API integration
Read 11 tweets
{harry,whg}.eth 🦊💙 Profile picture
Mar 2, 2022
Since the airdrop from donating to Ukraine, ETH donations to the account has skyrocketed!

Donating because of an airdrop? 🤔 Probably.
eth: dune.xyz/queries/466226

tokens: dune.xyz/queries/466248
In fact, announcing this airdrop, as of block 14307934, it has caused 16,719 NEW accounts to donate to them!

Impressive!

dune.xyz/queries/466264
Read 8 tweets
{harry,whg}.eth 🦊💙 Profile picture
Jan 27, 2022
1 more sig on the treasury (0x355D72Fb52AD4591B2066E43e89A7A38CF5cb341) and $43M would be withdrawn to 0xSifu

Initiated by 0xad8F72A7612Bb91B2dfaB09E54464aaA5150914E at 2022-01-26T13:39:XX UTC+0, 17hrs before @danielesesta and @zachxbt tweets about the news ImageImage
dao* not treasury. multisig is 0x355d72fb52ad4591b2066e43e89a7a38cf5cb341

owners are
0x5DD596C901987A2b28C38A9C1DfBf86fFFc15d77
0x8A7f7C5b556B1298a74c0e89df46Eba117A2F6c1
0xad8F72A7612Bb91B2dfaB09E54464aaA5150914E
Abracadabra multisig (0x5f0DeE98360d8200b20812e174d139A1a633EDd2) also has signers from the Wonderland DAO multisig

Abra requires 6/10 to sign transactions

No pending txs from this multisig

Are there three other keys that are not uniquely owned on this multisig? Image
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(