I have got hacked and now Lufoart.lens is gone (177)
Yes, my dear reader, my Lens profile NFT lufoart.lens is gone. Please pass the word and pay attention, as they might use my identity to f * * k other people too.
How was I hacked?
26/06/2023, Berlin, Germany 🇩🇪
The original Stani Kulechov (one of the creators of Lens and AAVE) collected this post of mine on Lenster. After collecting on Lenster he also commented on my tweet. Although Stani collected my art several times he had never replied a tweet before.
Here comes the trick: just below Stani’s original tweet, a fake Stani profile (with the same picture, description, also with blue badge of a “verified profile”, and with – almost – the same handle) posted quoting a whitelist entry for a future AAVE airdrop.
I saw “Stanis’ responses” late in the evening, and while it seemed odd I thought “Stani isn’t going to send me shit!”…. I even checked the first profile behind my tweet’s answer, and it was real… but I didn’t check the second tweet! So there you go, the day after I took the bait like a stupid newbie 🤨
From twitter I went to the fake website signup-aave (dot) org and connected my wallet. The site asked me to “verify” in different strings as theoretically the signup list was for “users with 10+ Transactions on the AAVE Mainnet in Q1-Q2”. I don’t know that much about AAVE, so I was very curious to know if I had fulfilled the requirements or not…
I signed, confirmed, and switched chains several times, thinking that either the website or Metamask weren’t working properly. What I was actually doing were transfers to the scammer’s account via a void payable function.
For those interested in the technical details, these are the contracts:
- Polygon: https://polygonscan.com/address/0x000011387eb24f199e875b1325e4805efd3b0000
- ETH: https://etherscan.io/address/0x000011387eb24f199e875b1325e4805efd3b0000
Voluntarily sending my tokens: lufoart.lens is gone
With the first transaction I sent the NFT of my lens profile, bum, there you have lufoart.lens gone. Then, I sent almost all my tokens until I realised I was being tricked. Yes, I am very slow 🐌. Yes, I should have known better, I should have stopped after switching chains, I should have not even believed the tweet… But the only thing I had in my mind was that Stani wasn’t going to send me any fake stuff. So, I trusted, and that trust went beyond anything else.
After the hack, I had the incredible help of the Latin American community Criptolandia, some members of the Lens core team, and also Lens users who wrote me privately. Thanks to all of them I managed to understand what I had done and how they had done it. Between programmers and enthusiasts I also learned new tools (like Arkham Intelligence) or more trusted websites to revoke contracts and permissions.
I contacted the OpenSea team, who put the NFT profile under review for suspicious activity almost instantly. They also sent me a link to file a report with the FBI’s cybercrime bureau 👀 , and within a couple of hours OpenSea flagged the profile NFT as fraudulent.
Buying from thieves
Some people recommend me to offer money to buy back the NFT profile, but I will do no such thing. It reminds me of what happens in Argentina when you get robbed and then people pay the thieves to get their stuff back. There is no way I will do such a thing of giving more money to the person who already took my tokens. That is not an option for me. When things have to go out of your life they have to go out of your life. You have to accept that things happen and that everything has a solution except for being born and dying.
I have spent two years undefeated of being scammed in the cryptocurrency world. I’m happy this happened now without major consequences than loosing some bucks and a Lens profile NFT. My bigger concern is the content that I have been creating since the 1st of January (176 posts!). However, it seems I might have a chance if to recover them with another handle: my wallet isn’t under external control, I just sent the tokens “voluntarily” as a series of individual transactions.
I’ve learned my lesson and received many great things back, like people saying beautiful things about my work and how much they’re going to miss me. As soon as I shared that my profile was compromised, Juanpi and other members of Criptolandia started #FreeLufo on Twitter for helping me. Also several people wrote many nice things about me after JessyJeane‘s post on Lenster. The same Stani wrote me privately on Twitter and shared some thoughts about this wave of hacks on Lens.
You can keep collecting my posts until yesterday (number 176) on Lens and the money will arrive to my wallet and be safe there (well, if I don’t fuck the things up again 😅).
Moral of the fable
If you really want to help me, please mark every post created from lufoart.lens as fraudulent, in Lens, in OpenSea, everywhere… and of course, don’t trust me if I “write” you something weird.
The turnaround of the story my dear reader, is what has been said a thousand times: don’t trust anyone, always check! 🥰
But tell me dear reader…
Have you ever been hacked?
Would you offer money to re buy your handle?
Have a good day 🔐👺
These daily posts written during 2023 are part of a collection aimed to celebrate my 10th year’s anniversary in Europe. I write these posts to share things that happened since 2010 when I was in Argentina, a small story during my travels in Europe, details of those moments of my life that brought me until here… You can check the full collection here.