SHILL Issue 67

More documents

Recommendations

Info

@TheOnlyNom Rescuing a Lost Monke: Post-mortem on getting a wallet drained and losing my PFP. First off this thread is not a call for donations. I have funds to recover what is lost and while I appreciate the love, your money would be better served helping other people! Secondly: This thread is not a condemnation of any teams or parties involved. Shit happens, I signed a transaction, we’re dealing with the aftermath. Please read through this, and keep your pitchforks stowed. It’s tokens and Jpegs, we will make it work Third: System Specifications Hardware: Asus Laptop - 2020 era OS: Windows 10 Browser: Brave Extension: Phantom Security: Ledger Nano X - Updated July 2022 Wallet address: 4ZjYSCH3Sib9iMS- M3QN2sL2kwxNcXG2P4XCemSC2hsyb (Nom.sol) Assets compromised- Roughly 500 SOL - NFTs+Tokens Fourth: I am not naming the project that involved this, nor any suspected parties involved. The investigation and audit from the team that this seems to have occurred with is ongoing, and I’m not looking to jeopardize them and their work. I appreciate them for their response Main Security Issues: Signing a simulated transaction - Didn't match final execution Staking multiple NFTs on a wallet with other valuables - Unnecessary Risk Comfort - The Main problem I have spent 4.5 years without a major hack or loss. I got lazy and sloppy, That’s the issue I spent the day traveling to Solana to organize events. Got to my Hotel, connected through a VPN, caught up on messages, and went to perform a couple actions with my previously secured wallets. I attempted to sign a transaction which failed. I then signed a second transaction which included the method “signAllTransactions”, which you can read below https://docs.phantom.app/integrating/deeplinks-ios-and-android/provider-methods/signalltransactions… | In this signAll, included SetAuthority transactions for every account in my wallet For anyone unfamiliar, what this essentially does is transfer the ownership of a specific token or NFT from myself “4ZjY”, to a different wallet “Good” This doesn't move the NFT, but is like giving someone your car keys and registration. This instruction is explicitly warned about in Solana documentation, and is usually not present in staking platforms. It's potentially very harmful, especially when not understood by the end user. In this case, I made a mistake to sign this transaction. This transaction or series of transactions attempted this for every single NFT and token account inside of 4ZjY, causing some successful transactions, and some failures. Why failures? Some of these update calls were to staked NFT (in this case Famous Foxes) When the transaction attempted to update a staked NFT, it received a failure and moved onto the next Why did these transactions go through automatically and not require ledger approval? At this point I’m not sure. I noticed this shortly after other wallet activities, and looked into it. I contacted several developers and reached out directly to the team that I had staked with, assuming the most recent transactions would be 80 SHILL Issue #67
the ones most likely to have an issue like this. At this point, the investigation is still ongoing, and there are many minds I respect looking into this. I will continue to update as I know more The losses are about ~500 Sol, a significant chunk of what I have on Solana. It includes various ecosystem tokens, some 1/1 art pieces, as well as NFTs such as my SMB, a Gomu, CWM, Solstead, and others. At this time I can recover some of these and am thankful to all watching them A TLDR: I was a tired Monke, using technology I was comfortable with. I should not have accessed a staking contract with the same wallet that holds other things I value. A ledger can only do so much Protect yourself and your assets. @Pixeltoy Like Nom, I am not calling for donations etc etc. What happened, happened. The world moves on. We pick ourselves up and re-evalute where we are heading. On Friday 29 July 2022 this exact drainer code hit my wallet. The loss to my account was around 630Sol floor price. As per @TheOnlyNom, I casually approved a transaction that I normally do on a staking site I regularly used. From what some 'super sleuths' can deduct from tracking this event, the hacker had planted the code weeks earlier allowing them to scan wallets and choose WHAT they wanted to take. This was a pre-meditated, planned execution. Whatever was in the targeted wallet was transferred to a chain of 6 wallets. Put for sale on secondary within moments and sold for floor price or under floor price. The only way that any NFT could have been recuperated would have been to quickly act and reach out to the projects that issued the NFT. Fortunately for me, Xin Dragons acted quickly and imposed a 98% fee on the 3 dragons that I lost. They sold on secondary for 31 Sol each- the hacker only received 2% from the sale. The Xin Dragons team have returned my dragons to a brand-new wallet. My 2 Monke and 1 Thugbird met with a different end. Like @theonlynom, my Monke sold on secondary as did my Thugbird for absolute bargain basement prices. My 1st Monke that I have had since pre-mint sold for 200Sol. My 2nd Monke was up for 230Sol and someone bid 150Sol for it. The hacker let it go for that price. My Thug was up for 9Sol and he let it go for 7Sol. I also lost $Dust, 4300. At around $1.30/$Dust. Gone. With the return of my dragons, the Xin Dragons team saved me 90Sol bringing my loss down to around 540Sol. Unlike @TheOnlyNom I cannot just buy back what I lost. We are talking over $20k usd. I don’t have that lying around. SMB #2204 SMB #4773 Thug 3143 SHILL Issue #67 81
Page 1 and 2:
SOLANA NFT/DEFI/TWITTER ECOSYSTEM B
Page 3 and 4:
35 36 37 54 56 60 80 SHIL.ME A diff
Page 5 and 6:
Keep your eyes on... HAPPYMUERTOSNF
Page 7 and 8:
SolAastro
Page 9 and 10:
Ded Monkes drop art upgrade TAT art
Page 11 and 12:
artmadhvi-1
Page 13 and 14:
ARTsnakeNFT
Page 15:
SHILL Issue #67 15
Page 19 and 20:
Why is @SolanaMBS a must include on
Page 21 and 22:
lankworl
Page 24 and 25:
BlockchainedArt
Page 26 and 27:
CryptoAlgo95
Page 28: CryptoMagellan
Page 31 and 32: ebusealkan
Page 33 and 34: grossehalbuer
Page 35 and 36: Shil.me in the Shill Zine? What's u
Page 37 and 38: SolPatrolNFT Quick thread on Sol Pa
Page 40: ECOBYTE_ART
Page 43 and 44: harbourwylde
Page 45 and 46: harbourwylde
Page 47 and 48: 82dazai
Page 50 and 51: GhoulWAPE
Page 52: keezerfeld
Page 55 and 56: What is our vision for this platfor
Page 57 and 58: And why not also see the members of
Page 59 and 60: DAM ZINE
Page 61 and 62: In terms of their product, their mo
Page 63 and 64: MyartNz
Page 66 and 67: muramurazu
Page 68 and 69: mnhamzahsa
Page 70 and 71: meli- exchange.art
Page 72 and 73: LuvcraftArt
Page 74 and 75: LuvcraftArt
Page 76 and 77: leonardoglauso
Page 78: kristijan_males
Page 83 and 84: RadCats
Page 85 and 86: infinite_riot
Page 87 and 88: HrishNft
Page 89 and 90: CryptoAlgo95
Page 91 and 92: SamAI_Off
Page 93 and 94: Skkkkrz
Page 95 and 96: thelensesense
Page 97 and 98: twp_tw
Page 99 and 100: WayneNooten
Page 101 and 102: CultureHacker - Odyssey armor - exo
Page 103 and 104: CultureHacker - Odyssey weapon - So
Page 106 and 107: SamAI_Off
Page 108 and 109: SolPotatoNFT
Page 110: Keezerfeld
show all

SHILL Issue 67

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?