• xep@fedia.io
    link
    fedilink
    arrow-up
    75
    ·
    8 months ago

    extension attacked

    Either Chrome has a vulnerability that lets extensions install themselves, or his system is far more compromised than he thinks it is.

    • David Gerard@awful.systemsM
      link
      fedilink
      English
      arrow-up
      50
      ·
      8 months ago

      NFTs can contain code that messes with your Metamask wallet. SVG NFTs can contain JavaScript. Now, you might think any attention would be paid to security.

  • Ginger666@lemmy.world
    link
    fedilink
    English
    arrow-up
    62
    ·
    edit-2
    8 months ago

    Dude if you have 500k in crypto, how do you not have hardware wallets?

    Edit: new keyboard still learning

  • David Gerard@awful.systemsM
    link
    fedilink
    English
    arrow-up
    46
    ·
    8 months ago

    What happen ?
    Somebody set up us the rug.
    We get signal.
    What !
    Main screen turn on.
    It’s you !!
    How are you degentlemen !!
    All your ape are belong to us.
    You are on the way to destitution.
    What you say !!
    You have no chance to survive make your time.
    Ha ha ha ha …
    Captain !!
    Take off every ‘SCAM’!!
    You know what you doing.
    Move ‘SCAM’.
    For great injustice.

  • Mii@awful.systems
    link
    fedilink
    English
    arrow-up
    32
    ·
    8 months ago

    Maybe don’t install shady crypto extensions next time. Or don’t log into your wallet in public WiFi just so you can accidentally show off to the person sitting behind you at Starbucks.

    • fartsparkles@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      37
      ·
      edit-2
      8 months ago

      Quite often it’s another payload that installed the browser extension on the user’s host.

      SEO poisoning or malicious adverts, for instance posing as legitimate tools like FileZilla etc, leads to a malicious payload (loader, RAT, etc) that in turn downloads and installs the malicious browser extension.

      Install adblockers. Genuinely. It’s insane how many adverts on Google and Bing etc are straight up malicious. It’s been a problem for years now.

      • Soyweiser@awful.systems
        link
        fedilink
        English
        arrow-up
        10
        ·
        8 months ago

        While this is good advice, as the local ButtcoinMaximalist(tm, OG do not steal) I think this is only pleb protection, you know for the normal people. Butters should do more, be your own bank as they say. So clearly it is ops own fault that he lost his money, he should have setup a IDS which should have warned his SOC that something was wrong and then they should have taken action. Be your own bank! ;)

        But yeah it is amazing how a standard bank protection like ‘it is not possible to transfer huge amounts of cash/assets without additional checks and balances’ would simply stop most of this crime. But that requires centralization. (Google is also bad, and getting worse, I now double check download urls for tools via secondary sources and half the time also virustotal the exe files. But im paranoid).

        • fartsparkles@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          8
          ·
          8 months ago

          But crypto is centralized XD Who pushes the commits? Who builds the binaries? The ledger may be distributed but it’s still all controlled by a centralized entity - the developers.

          • Soyweiser@awful.systems
            link
            fedilink
            English
            arrow-up
            9
            ·
            8 months ago

            Developers with even less oversight than the democratic/economic process. It gets worse when you take into account the people running all the servers/miners etc.

  • froztbyte@awful.systems
    link
    fedilink
    English
    arrow-up
    30
    ·
    8 months ago

    46 hours, guess they’re no longer obsessively refreshing charts now that most of the hype is gone and number can’t give that constant high

    But also megalol at these clowns still not having learned to do separation safely. It will never cease to entertain me.

  • Euphorazine@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    8 months ago

    Maybe off topic, but can you realistically “steal” crypto? It’s just a system where you need a key to authorize transactions. It’s not tied to a person, it’s tied to a key.

    It’s like, “who you are” part of authentication doesn’t exist, so therefore who you are wouldn’t define ownership.

    • LesserAbe@lemmy.world
      link
      fedilink
      English
      arrow-up
      36
      ·
      8 months ago

      Can you really “steal” money? It’s just paper with numbers written on it, just because the person who possesses the paper has changed doesn’t mean the paper has.

      • Euphorazine@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        4
        ·
        edit-2
        8 months ago

        Yeah, but if you steal my money, the centralized state can punish you and demand restitution. It’s like when Seth Greene had his NFT phished, he had no legal recourse to get it back.

        Has there been any case where people stealing crypto got them in trouble? The only thing I’ve seen is where people create rug pulls and they get charged with fraud, so legal repercussions against an organization.

        • Ajen@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          16
          ·
          8 months ago

          Sam Bankman-Fried was sentenced to 25 years for stealing crypto. I’m sure other people have been charged too, but someone who gets caught stealing $100 of crypto probably won’t make the news.

          • Euphorazine@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            5
            ·
            edit-2
            8 months ago

            Interesting. I used that video to look up the FBIs report, so the two listed got charged with money laundering. It says they “seized” the remaining Bitcoin, but it didn’t specifically mention it got returned to bitfinex? Considering it was stolen in 2016 and recovered in 2022.

            I also wonder how that affects sentencing and/or restitution. Considering they stole $70m of securities but it was recovered at $3.6b.

            Also, I wonder how the charges would have changed if they didn’t attempt to obfuscate it. Like would they just get wire fraud and using a computer to commit a crime? Maybe their charges were more than what was covered in the article. I didn’t see a charge listed for actual theft. Maybe they couldn’t easily prove they did the hack but could prove they laundered the crypto so that’s all they prosecuted on.

            • David Gerard@awful.systemsM
              link
              fedilink
              English
              arrow-up
              6
              ·
              8 months ago

              there’s a jurisdictional issue on the hack, it’s not even clear it was a crime committed in the US.

              the money laundering was straightforward though.

    • David Gerard@awful.systemsM
      link
      fedilink
      English
      arrow-up
      11
      ·
      8 months ago

      there used to be coiners who advocated precisely this theory of ownership, but we tend to hear these days from the captains of industry who desperately seek out the statist boot to lick when their apes are cryptographically reassigned

    • roscoe@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      8 months ago

      I have no idea who the fuck this guy is, nor do I care. But it’s it really $500K or is it a couple pics of apes that he says is worth $500K but he wouldn’t be able to sell for more than $500?

      Maybe deep down he knows he didn’t really lose anything so he’s not freaking out.

  • blakestacey@awful.systems
    link
    fedilink
    English
    arrow-up
    6
    ·
    8 months ago

    Transcript: Tweet from “Sell When Over | 9000.sei” at 10:17 PM on 7 April 2024.

    Just realized I got $500k drained from multiple wallet apps 46 hours ago

    Think I got extension hacked, with two suspicious extensions that appeared on my chrome browser

    does not feel good fam

    still investigating