Tag: ethereum

Hello dear reader, this is the update II after I have got hacked. Today I’ll share some more answers with you. 07/07/2023, Berlin, Germany 🇩🇪 Update II In the 1st update of #FreeLufo, I explained how some things created on Lens are associated to the handle while some other to the wallet. That’s why you will lose all your wall with the previous posts if you lose your profile NFT. Rebuilding your profile from the scratch can be a painful prospect, especially if you are building something on a daily basis, as I have been doing since 1st January 2023. I mean, is it? I could start with a new handle – something I might have done since my wallet is still whitelisted – and then work on a broad and massive communication. The “good news” about this is that if someone cashes in any of the posts I have created, the money will still go to my wallet. Even if the old handle is associated with a new wallet. The bad news is that the new owner could impersonate me, copy the new content and profit from it. However, this can also be solved blacklisting the old handle within the same Lens dApps. The Profile Guardian of the Lens Protocol To prevent hacks and phishing attacks, the Lens team announced the LIP-4: a guardian to protect the profile NFT. The profile guardian “disables certain critical actions such as approvals and transfers for Lens profiles. Profile Guardian is enabled by default and can be opted-out if profile owners want to move it to a new address”. This way, you will need an extra layer of actions before being hacked and losing your NFT profile. The Guardian NFT was deployed yesterday. Talking to the Lens core team These days I’ve been talking to the Lens core team, and I made them the following questions: As you can see, the answers are still uncertain although they are working on it. Probably a v2 of Lens will better protect profile NFTs, help people be more aware and not so foolishly lose their profile as happened to me. Fingers crossed this experience will get always better! But tell me dear reader… Would you like to join the Lens Protocol?Is it better to have 100% control of your content, or leave some oversight to someone/something that does it better than you? Have a good day 🔐👺

Hello dear reader, this is an update about #FreeLufo and how the things are going after I have got hacked yesterday. Today I talked to some members of the Lens Protocol team trying to find out some details about the hack. I got some answers that I share today with you. Getting important answers 27/06/2023, Berlin, Germany 🇩🇪 1st important thing: within Lens Protocol posts associate to handles but collects associate to the wallet that creates the posts. So: Special thanks to Bradley Freeman for the support. Also, thanks to every person who wrote me today to express me their support and availability. And that’s it for now, take care and #TrustNoOne But tell me dear reader… Is there something you might find out from what happened?Did I tell you that yesterday I started a new drawing? Have a good day 🔐👺

Yes, my dear reader, my Lens profile NFT lufoart.lens is gone. Please pass the word and pay attention, as they might use my identity to f * * k other people too. How was I hacked? 26/06/2023, Berlin, Germany 🇩🇪 The original Stani Kulechov (one of the creators of Lens and AAVE) collected this post of mine on Lenster. After collecting on Lenster he also commented on my tweet. Although Stani collected my art several times he had never replied a tweet before. Here comes the trick: just below Stani’s original tweet, a fake Stani profile (with the same picture, description, also with blue badge of a “verified profile”, and with – almost – the same handle) posted quoting a whitelist entry for a future AAVE airdrop. I saw “Stanis’ responses” late in the evening, and while it seemed odd I thought “Stani isn’t going to send me shit!”…. I even checked the first profile behind my tweet’s answer, and it was real… but I didn’t check the second tweet! So there you go, the day after I took the bait like a stupid newbie 🤨🫠 From twitter I went to the fake website signup-aave (dot) org and connected my wallet. The site asked me to “verify” in different strings as theoretically the signup list was for “users with 10+ Transactions on the AAVE Mainnet in Q1-Q2”. I don’t know that much about AAVE, so I was very curious to know if I had fulfilled the requirements or not… I signed, confirmed, and switched chains several times, thinking that either the website or Metamask weren’t working properly. What I was actually doing were transfers to the scammer’s account via a void payable function. For those interested in the technical details, these are the contracts: (Special thanks to Dan and Juanu) Voluntarily sending my tokens: lufoart.lens is gone With the first transaction I sent the NFT of my lens profile, bum, there you have lufoart.lens gone. Then, I sent almost all my tokens until I realised I was being tricked. Yes, I am very slow 🐌. Yes, I should have known better, I should have stopped after switching chains, I should have not even believed the tweet… But the only thing I had in my mind was that Stani wasn’t going to send me any fake stuff. So, I trusted, and that trust went beyond anything else. After the hack, I had the incredible help of the Latin American community Criptolandia, some members of the Lens core team, and also Lens users who wrote me privately. Thanks to all of them I managed to understand what I had done and how they had done it. Between programmers and enthusiasts I also learned new tools (like Arkham Intelligence) or more trusted websites to revoke contracts and permissions. I contacted the OpenSea team, who put the NFT profile under review for suspicious activity almost instantly. They also sent me a link to file a report with the FBI’s cybercrime bureau 👀 , and within a couple of hours OpenSea flagged the profile NFT as fraudulent. Buying from thieves Some people recommend me to offer money to buy back the NFT profile, but I will do no such thing. It reminds me of what happens in Argentina when you get robbed and then people pay the thieves to get their stuff back. There is no way I will do such a thing of giving more money to the person who already took my tokens. That is not an option for me. When things have to go out of your life they have to go out of your life. You have to accept that things happen and that everything has a solution except for being born and dying. I have spent two years undefeated of being scammed in the cryptocurrency world. I’m happy this happened now without major consequences than loosing some bucks and a Lens profile NFT. My bigger concern is the content that I have been creating since the 1st of January (176 posts!). However, it seems I might have a chance if to recover them with another handle: my wallet isn’t under external control, I just sent the tokens “voluntarily” as a series of individual transactions. #FreeLufo I’ve learned my lesson and received many great things back, like people saying beautiful things about my work and how much they’re going to miss me. As soon as I shared that my profile was compromised, Juanpi and other members of Criptolandia started #FreeLufo on Twitter for helping me. Also several people wrote many nice things about me after JessyJeane‘s post on Lenster. The same Stani wrote me privately on Twitter and shared some thoughts about this wave of hacks on Lens. You can keep collecting my posts until yesterday (number 176) on Lens and the money will arrive to my wallet and be safe there (well, if I don’t fuck the things up again 😅). Moral of the fable If you really want to help me, please mark every post created from lufoart.lens as fraudulent, in Lens, in OpenSea, everywhere… and of course, don’t trust me if I “write” you something weird. The turnaround of the story my dear reader, is what has been said a thousand times: don’t trust anyone, always check! 🥰 But tell me dear reader… Have you ever been hacked?Would you offer money to re buy your handle? Have a good day 🔐👺