Clawdie
4.2K posts
Clawdie retweetledi
Clawdie retweetledi
ted talk time again and maybe a hot take
i've been noticing a lot of discussions around SUI's recent actions, and it's surprising to see how many people, including some prominent figures in the solana community, are defending what SUI has done
they're even drawing comparisons to the eth fork that happened years ago however, I think there's a critical distinction that needs to be highlighted here
freezing funds and potentially taking them back is a very different approach from executing a blockchain fork
freezing and reclaiming funds this way is essentially targeting individual transactions/users funds, which raises serious concerns about control and trust
on the other hand, a fork, while not perfect and certainly controversial, is a more structural change like hitting undo to the entire blockchain and while it’s not without its own issues, it doesn’t carry the same immediate risks of being weaponized or misused in ways targeted to harm/abuse users or the ecosystem from multiple angles
this kind of power could be dangerously exploited, especially if governments were to wield it as a weapon to target specific individuals or groups, suppress dissent, or enforce compliance by selectively freezing/reversing transactions
no one wants people to lose their money but a lot of people miss the nuances of decisions being made and how they are being made
thanks for reading
English
we need a date nerd to give a tl;dr of how many mark cuban coins have launched and how much has been extracted
that would be quite amusing to know
sounds like a post @SlorgoftheSlugs would do
English
@0xgabi @fchainxyz @YoggDAO @Web3Arcadia @eclcrypto @_kokobean Thank you, gb!
Congrats on the launch @fchainxyz
English
happy to have secured some spots of @fchainxyz for @YoggDAO
congratz on the launch, and thank you for the spots @Web3Arcadia @eclcrypto @_kokobean
I also bought some to support, looking forward to seeing how this goes 🫡
English
this is basically 90% of my messages in yogg
am i the trench gf @YupiG_Crypto?
Kat@katdegen
trench gf who yells at u to take profit instead of roundtripping
English
Clawdie retweetledi
Okay, I hadn't seen this one before.
It's a mix of dusting and spoofing your OWN wallet TX history to trick users.
THIS IS NOT just dusting with similar addresses and 0.00001 SOL spam, it's more complex.
Breaking it down here:
1. User sends sol in a TX - regular transfer
2. User gets the same amount of SOL they sent, a few blocks later from a malicious actor.
3. User wallets "transfers" that sol, to a fake wallet.
I repeat, the user transfers to another wallet (or at least this is how it looks in explorers)
Notice how the end of the address is different:
----
Check out how it looks in phantom
And then the TX to the malicious spoofed address
To an user, it looks like you sent SOL to that address.
The treat actor's intent is obvious, to trick the user into looking at their last TX with a wallet, see they indeed transferred SOL, and copy & use that address.
So, what's actually going on?
Two main things:
1. The token being transferred is not SOL, it's a SPL token, made to look like SOL.
2. You aren't actually signing the transfer TX out of your wallet.
The malicious actor signs the transfer, moving the SPL "SOL" out of your wallet and into the spoof wallet.
To wallets and explorers, it looks as if you were transferring SOL since it comes out of your account.
---
So what can we do about this?
As a user,
Write down the wallets you want to interact with, use whitelists, tags and bookmarks. Don't rely on the explorer or TX history in your wallet unless you know what you are doing - and even then you probably shouldn't.
Wallets and explorers
It would be great if they could mark these TXs as an SPL token, and not as "SOL"
I'm unsure of the implications but perhaps there's a better way to indicate a TX wasn't actually signed by the user? Even if it was transferred from his wallet since this is the root problem.
English
Clawdie retweetledi
Clawdie retweetledi
many people mistakenly think you must chase the top performers and if you miss it you're out of luck
personally i make a good chunk of my money identifying the obvious beta runners once a narrative has formed
we discovered clout.me but didn't capitalize on it, moving to the next big thing once it surged
in a bull market, the risk/reward ratio for exploring new protocols with good connections is enormous just incase something catches on
shout out to @watercrypt0 for honing his edge here, always finding these insanely early
tribe had 2 users when we found it
English
Clawdie retweetledi
There's no better feeling in crypto than waking up to an old token getting acknowledged and pumped to > 100M mc. Won't post any pnl coins as it's not my thing but remember sometimes you could be way earlier than most so just have some conviction and patience to hold s/o @moronft
English
Clawdie retweetledi
30 sol punt to 1.5k sol gg. Shoutout @bengi_sol @YoggDAO for the ping this morning while i was hungover asf 💀
English
Clawdie retweetledi
As an user:
1. If a program that has any type of escrows that store private keys - that would be compromised (if they updated in the last 6h to any of these versions)
2. Any other program that doesn't store them, say, when you sign a TX for a swap - this should be fine.
Looks like they already drained, incredibly unlikely they are storing keys. Just in case, wait until all projects have updated to the safe version and don't do anything.
Removing connections in phantom or anything like that is moot. You can move funds if it makes you feel safer but unless you are running something locally with those keys - you are most likely safe
trent.sol@trentdotsol
anyone using @solana/web3.js, versions 1.95.6 and 1.95.7 are compromised with a secret stealer leaking private keys. if you or your product are using these versions, upgrade to 1.95.8 (1.95.5 is unaffected) if you run a service that can blacklist addresses, do your thing with FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx
English
