If anybody here ever finds themselves in the same dilemma, use Morphtoken over TOR to swap to XMR, a completely different blockchain.
This makes all the chain analysis companies and the armchair blockchain sleuths simply follow transactions on the bitcoin blockchain forever, thinking they are doing something productive with their lives, while you have hopped over to another chain that they can't track assuming they even noticed that you swapped.
That was a viable last decade solution and is unfortunately centralized, this decade in 2020 you can also use the decentralized renBTC to permissionlessly lock up and mint your bitcoin as an erc20 token on the Ethereum blockchain. So now you are really liquid and have access to the entire decentralized finance economy.
But again, if you really want to get government bucks and an unlinked trail, you need to sell the renBTC token for Ether and move that Ether into either Tornado.cash for a little while, or go back to the centralized solution like Morphtoken and swap the Ether for XMR as XMR has an inherently stronger anonymity set than anything else.
I'm betting Gemini also blacklisted that BTC address, especially considering that they were in the first wave of fake tweets.
Really wondering now just how much BTC the attacker effectively left on the table by reusing a single wallet address, especially considering that lots of people who deal in crypto use just a handful of exchanges to send it. Would be pretty difficult to quantify, though.
One of my former employers used a security company to regularly send out very well designed phishing emails with personalized links. Clicking a link or opening an attachment got you a call with IT plus a mandatory class in how to avoid phishing.
The success rate of those simulated attacks dropped drastically after the first few tries. Maybe if more companies did this it would also help fewer people to fall for it outside of work.
People who use exchanges are traders (retail or professional) and hodlers who don't want to deal with the intricacies of managing 100+ coins on 50+ blockchain networks. The decentralization of cryptocurrencies is not an all-or-nothing proposition - users can choose the level of decentralization they would like based on their preferences.
What I like most about decentralization is that anyone in the world can create a new crypto business on the blockchain rails, integrate with everyone else, and attract users. Of course there are real-world repercussions if your physical entity is in a locale with laws that you violate, but it is orders of magnitude easier to start a crypto exchange than a traditional bank.
The weak link here is: to run a successful scam, you need to publicize the incoming address widely. That allows exchanges to block it. If you keep the address in secret, you can't get the gullible masses to fall for it.
That doesn't sound very decentralized and trustless. If I want to get scammed in this brave new world, shouldn't I be allowed to? Maybe I want to fund the Nigerian Prince's get-out-of-jail efforts.
You're allowed to, but if you intentionally get yourself scammed knowing full well, you don't get to demand your money back.
In the traditional banking and commerce system, if you get scammed on, say, ebay, they will refund you. If someone hacks into your online banking, the warranties set by your bank will refund you (to a point). If your bank goes tits up, the national bank will compensate you.
Yes you pay a fee, but it's insurance.
Anyway, your statement + the actual scam in question just reminds me of eve online, where the money doubling scam is old as balls. The funny thing is that the operators of the game allow it - nobody stole money from you, you gave it away. Some scams there are long hauls, people slowly working their way up in the ranks of a corporation before liquidating the assets and taking the money. Again, the company behind the game will do nothing because their systems have not been compromised - YOU gave the person access to the company wallet. It's funny.
Bitcoin is the same, you're responsible for your own actions, you don't pay an insurance fee, you bear all the risk yourself. If you give your BTC to an exchange and they get hacked, that's on you because you moved your money out of your own wallet. They may compensate you (or print their own money to do so), but they may not have to.
The block only affects people moving coins from an exchange account. Those coins are, in the final analysis, still controlled by the exchange. It doesn't affect anyone who is moving coins from an account they directly control (i.e. have the keys to).
- You still don't know who (which individual) is behind the BTC address, because bitcoin is anonymous.
- It is decentralized, but some exchanges process big percentages of conversions. Transferring the coins to other BTC wallets is decentralized. Moving it out of the BTC blockchain is often done through exchanges though, but there's a lot of them, and you can avoid the exchanges as well.
- No, everybody controls it; it's a consensus-based system, so if enough people agree on taking things in one or another direction it will. Look up "hard fork" in the context of BTC.
So strange that twitter can't automatically filter these. The message format is pretty consistent. Surely they could write something to at least put tweets matching this pattern in a moderation queue.
They should have used unique wallets for each tweet and A/B tested the gullibility of the victim's audience.
Would have made them more difficult to track and shut down as well. More hallmarks that this wasn't probably something they lucked into, rather than some sophisticated attack.
Seems like it would have been more profitable to take a huge short position in TSLA and hack Elon's Twitter to post something about a SEC investigation for accounting fraud and that you'd need to restate multiple years' worth of earnings.
Or they could have been doing something similar with cryptos without risking SEC or requiring ID on exchanges: using the twitter accounts to announce partnerships with one of the cryptocurrencies. Probably less gain then with stocks but more than with this simple scam.
This would have been excellent. It's really shocking that the offenders had the knowledge/power to get into the twitter account but didn't do something like this.
Probably true - though there's already a ton of short interest in the company. Seems like you could take a few million in profits and still blend in fairly seamlessly.
The problem with that is that the market assimilates new information rather quickly, so the downward spike in price would be rather short lived. It would be rather trivial for the SEC to figure out a short list of suspects from those who bought to close a large short position in that small timeframe, even in a highly liquid security such as TSLA.
I wasn’t sure what I was looking at, until I googled the Bitcoin address (bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh):
Several high-profile Twitter users, including Elon Musk, Bill Gates, and the official Uber account appear to have been hacked, and all promoted that address, saying any funds sent to it will be doubled.
If I had to guess, it was an internal job from a disgruntled employee with access to hijack users’ email address. Change their email address, reset password, open the email and then you can login. They might also need access to change the 2FA phone number if it was set.
>Several high-profile Twitter users, including Elon Musk, Bill Gates, and the official Uber account appear to have been hacked, and all promoted that address, saying any funds sent to it will be doubled.
speculation time: How did those accounts get hacked? Did they all get spearphished? Did twitter get compromised?
Or was it a marketing platform that was owned? I worked for one a few years back and they used the same fb key for all of their 500 musicians they represented. One day facebook enforced key rotation and a bunch of fan sites went dark. Imagine if someone got access to our codebase, this same type of nefarious action would have happened
The curtain has been pulled back for some. Their favorite tweeters aren’t actually tweeting themselves
Edit: I also wonder if it’s an elaborate money laundering scheme. Mix coins with deniability. Combine with the Epstein drama, maybe there’s more to what meets the eye. Either way it’s popcorn time
It would be interesting if the scammers started sending back twice as many bitcoins, as promised, from the same address. It could be a real-time ponzi scheme!
That's how it's done in Eve Online, the money duplication scam is common there.
How it works is that the scammer announces in an area (usually the trade hub system Jita) that they're quitting and giving away all their money. They link to a webpage that (they claim)_shows all of their bank transactions, using Eve's API.
You send them 100K just to try it out, they send you back 200K, both transactions show up in the webpage. "Ha it works!", you say, sending them 1M, they send you 2M back.
Until at any point, they stop sending you money back. Their outgoing transaction shows up in the webpage, but ingame you never received anything. When you message them they go "must be a bug, I sent the money because look at my transaction log. Contact support, not my problem, the money left my account"
You'd think it just doesn't work, why would anyone fall for that, but plenty fall from it. Plenty of people try and outsmart them as well, making use of it to earn some money. But as another commenter pointed out, it can be like a game of roulette.
Iirc, ponzi schemes used to be welcomed on the bitcointalk forums. And people would sign up, knowing they were ponzis. Kinda like people playing roulette at a casino knowing they are playing a losing game but do it anyway for the thrill.
They're not always losing schemes (i.e. only some people lose), it just depends on if you're at the end or not. The reason they were encouraged is because people enjoyed gambling on how long they would last, and it was extra incentive to use BTC, etc.
These are bitcoin eater addresses (essentially receive only addresses), you can create addresses like these if you bruteforce the checksum bytes however you dont have the private key for them. I think the more famous one is 1BitcoinEaterAddressDontSendf59kuE
Maybe I'm missing something, but I'm assuming someone is critiquing the scammer as foolish for using bitcoin instead of Monero because it is more difficult to cash out, as bitcoin is less anonymous than Monero?
Agreed. They are basically telling the scammer(s) to use a more anonymous & untraceable crypto next time, as everyone will be following the coins in that BTC wallet now, which makes it much more difficult to "launder".
I guess the choice of BTC but the scammer(s) was based on its much bigger popularity relative to Monero (many people have a few satoshis somewhere, but not many have some monero lying around)
> Can anyone explain what happened in this block of transactions to me?
These transactions were sent from a vanity address(es) [1], and in this case they're used to spam the recipient with implied messages, specifically about their poorly viewed scam--take it as a 'l33t' way of sending a message, hence the amount on the last tx. Another notable one was the EnjoySochi, as in the Olympics, transactions that spammed the network for a while 6 years ago [2].
Fascinating. I've seen political organizations using a zcash address for collecting donations, is that technically any better? I'm aware that creating bit tumblers for laundering currencies in cycles is largely out of practice now, has there been any recently development towards traceless transactions? How does is traceability compatible or incompatible with the process of verifying transactions via chaining blocks?
What kind of heat would the person or party that started this hack get? What could be the expected consequences? Going after political figures, including the former President of the US, should, I think, trigger a digital man hunt.
Readit News
Please discuss the general aspects there and the BTC aspects here.
This makes all the chain analysis companies and the armchair blockchain sleuths simply follow transactions on the bitcoin blockchain forever, thinking they are doing something productive with their lives, while you have hopped over to another chain that they can't track assuming they even noticed that you swapped.
That was a viable last decade solution and is unfortunately centralized, this decade in 2020 you can also use the decentralized renBTC to permissionlessly lock up and mint your bitcoin as an erc20 token on the Ethereum blockchain. So now you are really liquid and have access to the entire decentralized finance economy.
But again, if you really want to get government bucks and an unlinked trail, you need to sell the renBTC token for Ether and move that Ether into either Tornado.cash for a little while, or go back to the centralized solution like Morphtoken and swap the Ether for XMR as XMR has an inherently stronger anonymity set than anything else.
Peace.
I'm betting Gemini also blacklisted that BTC address, especially considering that they were in the first wave of fake tweets.
Really wondering now just how much BTC the attacker effectively left on the table by reusing a single wallet address, especially considering that lots of people who deal in crypto use just a handful of exchanges to send it. Would be pretty difficult to quantify, though.
The success rate of those simulated attacks dropped drastically after the first few tries. Maybe if more companies did this it would also help fewer people to fall for it outside of work.
Maybe eternal September wouldn’t have happened...
What I like most about decentralization is that anyone in the world can create a new crypto business on the blockchain rails, integrate with everyone else, and attract users. Of course there are real-world repercussions if your physical entity is in a locale with laws that you violate, but it is orders of magnitude easier to start a crypto exchange than a traditional bank.
Deleted Comment
Dead Comment
obv the hackers will likely use multiple addresses
In the traditional banking and commerce system, if you get scammed on, say, ebay, they will refund you. If someone hacks into your online banking, the warranties set by your bank will refund you (to a point). If your bank goes tits up, the national bank will compensate you.
Yes you pay a fee, but it's insurance.
Anyway, your statement + the actual scam in question just reminds me of eve online, where the money doubling scam is old as balls. The funny thing is that the operators of the game allow it - nobody stole money from you, you gave it away. Some scams there are long hauls, people slowly working their way up in the ranks of a corporation before liquidating the assets and taking the money. Again, the company behind the game will do nothing because their systems have not been compromised - YOU gave the person access to the company wallet. It's funny.
Bitcoin is the same, you're responsible for your own actions, you don't pay an insurance fee, you bear all the risk yourself. If you give your BTC to an exchange and they get hacked, that's on you because you moved your money out of your own wallet. They may compensate you (or print their own money to do so), but they may not have to.
- It is decentralized, but some exchanges process big percentages of conversions. Transferring the coins to other BTC wallets is decentralized. Moving it out of the BTC blockchain is often done through exchanges though, but there's a lot of them, and you can avoid the exchanges as well.
- No, everybody controls it; it's a consensus-based system, so if enough people agree on taking things in one or another direction it will. Look up "hard fork" in the context of BTC.
New address: bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l
Tweet: https://mobile.twitter.com/CashApp/status/128352200769559757...
Would have made them more difficult to track and shut down as well. More hallmarks that this wasn't probably something they lucked into, rather than some sophisticated attack.
Several high-profile Twitter users, including Elon Musk, Bill Gates, and the official Uber account appear to have been hacked, and all promoted that address, saying any funds sent to it will be doubled.
Deleted Comment
speculation time: How did those accounts get hacked? Did they all get spearphished? Did twitter get compromised?
The curtain has been pulled back for some. Their favorite tweeters aren’t actually tweeting themselves
Edit: I also wonder if it’s an elaborate money laundering scheme. Mix coins with deniability. Combine with the Epstein drama, maybe there’s more to what meets the eye. Either way it’s popcorn time
Bill gates and Bezos not showing up on twitter search. Twitter ghosting some of the affected accounts
How it works is that the scammer announces in an area (usually the trade hub system Jita) that they're quitting and giving away all their money. They link to a webpage that (they claim)_shows all of their bank transactions, using Eve's API.
You send them 100K just to try it out, they send you back 200K, both transactions show up in the webpage. "Ha it works!", you say, sending them 1M, they send you 2M back.
Until at any point, they stop sending you money back. Their outgoing transaction shows up in the webpage, but ingame you never received anything. When you message them they go "must be a bug, I sent the money because look at my transaction log. Contact support, not my problem, the money left my account"
You'd think it just doesn't work, why would anyone fall for that, but plenty fall from it. Plenty of people try and outsmart them as well, making use of it to earn some money. But as another commenter pointed out, it can be like a game of roulette.
1TransactionoutputsAsTexta13AtQyk 0.00000667 BTC
1YouTakeRiskWhenUseBitcoin11cGozM 0.00000668 BTC
1forYourTwitterGame111111112XNLpa 0.00000669 BTC
1BitcoinisTraceabLe1111111ZvyqNWW 0.00000670 BTC
1WhyNotMonero777777777777a14A99D8 0.00000671 BTC
bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh 0.00001337 BTC
Can anyone explain what happened in this block of transactions to me?
I guess the choice of BTC but the scammer(s) was based on its much bigger popularity relative to Monero (many people have a few satoshis somewhere, but not many have some monero lying around)
Dead Comment
How did you find that so quick?
These transactions were sent from a vanity address(es) [1], and in this case they're used to spam the recipient with implied messages, specifically about their poorly viewed scam--take it as a 'l33t' way of sending a message, hence the amount on the last tx. Another notable one was the EnjoySochi, as in the Olympics, transactions that spammed the network for a while 6 years ago [2].
1: https://en.bitcoin.it/wiki/Vanitygen
2: https://bitcoin.stackexchange.com/questions/22404/why-is-enj...
Dead Comment