Dan Romero pfp
Dan Romero
@dwr.eth
Would be curious what @aman @scharf think happened with the Kevin Rose hack? https://twitter.com/0xquit/status/1618335012176400384?s=46&t=EDpYmItVCL0dWiilP6A4TA
12 replies
0 recast
0 reaction
Aman Dhesi pfp
Aman Dhesi
@aman
It was a seaport bulk listing attack - Kevin signed a gasless signature that sold all his NFTs for 0ETH to the attacker. The attacker then submitted the signature to the Seaport contract and that executed the "sale". We're in the process of recreating the original signature and writing a post-mortem
3 replies
0 recast
0 reaction
He’ershingenmosiken pfp
He’ershingenmosiken
@heershingen
https://i.imgur.com/PGS6lB5.jpg
1 reply
0 recast
0 reaction
Cassie Heart pfp
Cassie Heart
@cassie
There is this process with webauthn where the keys are unique to the domain and the domain is checked by the client to confirm there is no MITM. Due to the single key, single account design of Ethereum (aware there is nuance and new developments, speaking to norms), it falls prey to these kinds of attacks.
0 reply
0 recast
1 reaction
Minh Do pfp
Minh Do
@minh
Wallets are horrible, once again, and no solutions that really make a step level difference.
0 reply
0 recast
0 reaction
{ Lawson.fm } ⭕️ pfp
{ Lawson.fm } ⭕️
@lwsnbaker
Joinfire.xyz is the way. Saved me from a complete NFT wallet sweep a few weeks ago.
1 reply
0 recast
0 reaction
Nicholas Charriere pfp
Nicholas Charriere
@pushix
closest I ever got to being phished was *exactly* what that thread describes. The seaport "allow all" is terrifyingly powerful
0 reply
0 recast
0 reaction
Syed Shah🏴‍☠️🌊 pfp
Syed Shah🏴‍☠️🌊
@syed
Delegate.cash
0 reply
0 recast
0 reaction
Gaby Goldberg pfp
Gaby Goldberg
@gaby
@jomessin will have a visual explanation with addresses shortly
0 reply
0 recast
0 reaction
Dave Pazdan pfp
Dave Pazdan
@paz
He really should have never used that account. It should have been cold storage, only accepting NFTs from his other more active wallets. Think account 1, 2. account 1 is used to interact with dapps etc., account 2 only sends/receives with account 1.
3 replies
0 recast
0 reaction
Henry pfp
Henry
@hlau
Signatures are ticking time bombs. Assuming he used MetaMask there wouldn't even be a trace of when the signature occurred.
0 reply
0 recast
0 reaction
Giuliano Giacaglia pfp
Giuliano Giacaglia
@giu
😮
0 reply
0 recast
0 reaction
timdaub pfp
timdaub
@timdaub.eth
IMO this is why we should build crypto as a dev tool, not consumer tech
0 reply
0 recast
0 reaction