The Excel balance sheet (?) for FTX US is delightful.
If weāre drafting, Iām taking this one first overall
I chuckled seeing heās posting via substack. Hope heās charging for subscriptions to go towards his legal fees.
Bitcoin vaporized to a mere $19,400 and still outperforming 99% of stocks over the last three years. lol.
All Iām reading here is SOLD OUT.
Outperformed for who?
Some distressing info over that weekend for those particular 3 after an already obliterated price + knowing some folks with a fair amount of money were planning on covering on mon becuase they had an opp to bail at a perfect time. I assume that thought may be multiplied enough to make a difference in price. But I obv donāt know any thing more than spec on chatter. I would also guess we go back to getting hammered next week for two of those for other reasons
https://twitter.com/NFT_GOD/status/1614101339952537602
https://twitter.com/NFT_GOD/status/1614289677233668096
How do these crypto guys get hacked so easily?
To be fair, my GF had her bank account hacked a few years ago and 5 figures was drained out. Bank had no idea how it happened but refunded her.
You know whatās great when your entire lifeās net worth gets hacked?
Legal recourse
It doesnāt mean someone would need to have a view of his phone screen, the authenticator could just be an app or browser extension on the hacked computer. These apps are often nice because if you lose your phone, all your OTP info is already backed up to this central location and accessible from multiple devices. However, if youāve got a bunch of crypto or money that could be easily moved around, this may not be a good security practice.
I understand email and bank and twitters and all that getting hacked. But did this guy really not have a cold wallet??
I thought authenticator apps were secure. The one we have for work has to be on the phone. I donāt think thereās a version that runs on a computer. Itās annoying because I always have to go find my phone to get into our CRM system.
Hacking an entire phone is a lot more than just hijacking someoneās SMS # - which is how 2FA hacks usually occur.
Lots of these dipshits click the wrong link in an email or download some bullshit from there and get their main PCs totally owned. After that, they can steal any session cookies in your browsers and bypass 2FA at most places. Or just remote control your PC while you sleep and drain all your shit.
People are using tools like evilnginx2 to get session stealing phishing sites up and running in minutes.
If you are spear phishing some NFT dummy, you can craft a good enough looking email (and a good looking phishing domain to link in the email) so Iām not surprised at all that these guys are getting owned. They put so much info online (on Twitter or Discord) that you can use to craft one-off spear fishing emails with.
Theyāre better than SMS but some methods they use are still phishable via MITM attacks (phishing websites). If you go to fakegoogle.com, they can ask you for your email and PW and 6 digit 2FA code and proxy that over to google and establish a session on your behalf. Works for push notifications too.
WebAuthn and FIDO2 are the new hotness in phishing resistant MFA (1, 2) but itās going to take a while to get adoption on these. Some of the MFA app implementations (especially for workplace/enterprise) are using this already, but consumer stuff mostly isnāt.