Being able to airdrop tokens is useful, though, and putting a block on it would lead to people not getting things they are entitled to. Generating tokens on the blockchain is far from free, so I think this is a solution in search of a problem. I’ve had an ETH wallet active on OpenSea for a couple months now and nobody has randomly airdropped me anything.
You can actually “burn” tokens but what that means is sending them to a null address on the blockchain. That will cost you gas at the very least. I’m not certain if it’s possible or not to attach contract provisions to transferring a token - it might be. @goofyballer would know. The easier thing is for wallets to have “delete” functions that actually just hide the token in a Trash folder. That’s intuitive for new users and sophisticated users will understand what that really means.
Yeah, although he might have thought harder about “grant this contract access to your AWETH” if he’d been on the wallet that had tons of something called AWETH on it.
One of the existing guardrails for these scams which you’re overlooking is that it is very complicated for normies to set up extension wallets where they can be exposed to any of this stuff. It’s a huge barrier to entry and not something a person will accidentally stumble into after watching a Matt Damon commercial during the Super Bowl.
Yeah he says he had to read through the contract before putting it on the main wallet. But still for the hackers it had to feel so close.
I’ve had an ETH wallet active on OpenSea for a couple months now and nobody has randomly airdropped me anything.
Right, clearly nobody is using this feature for drive by shotgun scams. But for a very targeted scam like this one, it seems to have been an essential part of the plan.
He asked her to put the NFT in his hot wallet, and she sent it to his primary wallet. Call me crazy, but in a world where NFTs can do potentially malicious things other than just sit there, I’d like a way to say: “This wallet is not accepting gifts at this time, thank you very much.”
If someone Venmos me money out of the blue, it’s just money. It can’t do anything.
Like maybe a different protocol where for a certain kind of wallet the transfer must be initiated by the person receiving the token. Or both parties must approve the transfer before it happens.
Almost everyone in the discord is at least moderately critical and skeptical of the crypto space if not highly so. The reason you’re taking heat is because the points you keep rehashing are tired, yet you still don’t know stuff like wrapped ETH despite people repeatedly asking you to learn the basics. If you’d spent even a week or two doing this you wouldn’t be asking questions like that here. To be clear, I’m not saying that if you had experience and learned some of this stuff that only then would you understand the aMaZiNg PoWeRs Of CrYpTo and drink from the Fountain of ETH. I think it’s perfectly reasonable to have a negative opinion and high level of skepticism. That isn’t the issue. The issue is that it’s complicated with a high learning curve at this point, and the people who have zero experience / knowledge of how it works in 2022 have no idea what they’re talking about almost to a man.
I admit I don’t know shit about crypto. But the video that everyone will probably get mad at me for mentioning again predicted a scenario which sounds very much like the scam we’ve been talking about all day (malicious NFT dropped in wallet w/o consent). We even discussed it in this thread.
So it seems like that guy might know at least somewhat what he’s talking about, and maybe some of his other predictions might come true.
Ok, so the smart contract has to interact with the shady website, and the wallet just allows some blanket levels of interaction (like allow it to send token, with our w/o a cap, etc). The wallet isn’t actually interacting with the smart contract at all except to send stuff I guess?
For some reason I pictured the smart contract surfacing standard features on the wallet that the user could interact with. Sounds like it’s mostly just lower level stuff the user never sees.
NFTs by themselves can’t do anything malicious, just like hyperlinks by themselves can’t do anything malicious. The stories of “a guy got sent an NFT and he clicked on it and then zomg his money was gone” are bullshit, that’s not a thing. If you do something with the NFT - like stake it - you might run into a malicious contract, but you have to make an effort to do that.
I think the appropriate analogy here again is email - like the problem of unsolicited email was much larger and the problem of responding to them in dangerous ways (clicking random links and attachments) is much more real than with NFTs. But the solution is not to ban unsolicited emails on an internet level, because there are times where receiving unsolicited emails is useful. The solution is for wallet software to get good at protecting users, just like mail client software has done. But again, I think this “problem” isn’t one that really exists, certainly not on the level that the problem of malicious emails continues to exist.
I doubt he has any particularly unique insight but I also don’t care. Remember when you bought and sold bitcoin a few years ago? The complicated side of NFTs is considerably more difficult than that. We’re not talking elliptical curve geometry here but there’s a lot of steps and a lot of parts to fuck up for someone starting from scratch (that’s not you btw, you have more background than the average person). If you did it for a week you’d have a greater appreciation for it. I’m not asking you to or saying you’d have a positive opinion of it, just that your opinion would change to the point where you’d likely eyeroll anyone giving opinions who hadn’t spent one second doing any of this.
The guy getting scammed specifically told her to put the NFT in his hot wallet, not his main wallet. Do you think he would like a feature that blocks someone from putting something in his main wallet, w/o him approving or initiating the request, or just being able to designate the wallet as send only, or something like that?
Clearly this guy is using not putting things in his main wallet as a security gate. Your argument seems to be that this kind of gate isn’t necessary, since things don’t really exist in the wallet anyway, and nothing bad can happen w/o social engineering and whatever else.
Right. I never implied that someone could put a bomb in your wallet that could just blow up. But these scammers seemed like they came close to tricking him partly by sending directly to his main wallet. I bet he’d like a feature to block that. If he had a way to approve senders at the wallet-level, she never could have sent to the main wallet and the scam would have been up quicker.
I’m going to ORLY owl all over this place if in a year this comes out as some hyped new security feature and everyone is like yeah that makes a lot of sense.
there’s no reason they can’t be viruses or worms, the primary limitation is processing power.
But, also, it’s a virus that someone can drop
directly into your bankless bank account and just wait for you to activate it.
And, yeah, that’s right, there’s no offer/confirmation step in sending
tokens back and forth, someone who knows your wallet can just drop stuff right into it,
At an abstract level this sounds like what happened in our scam.
However later on, this might be what you’re talking about:
I teed it up in the video because he shows some screenshots that might be the twitter stuff you’re talking about. He does mention “stake it”.
But yeah - maybe these tweets could be something where he’s been duped and these people were just scamming. Which is why it’s great to have discussion! I never said I thought this guy was an infallible god. Just that it was good to understand the complete hater perspective as a point of reference.