This one sold for $500k.
1 Like
I donāt think 3500 actually has anything to do with it, my understanding is that anyone calling bid with amount >1 would make bidIndex permanently < totalBids and thus refundProgess also < totalBids forever.
So they decided to bet $34 million on a contract that they clearly didnāt test at all.
Yeah that makes sense.
One of my poker dealers just told me his phoneās sim card was hijacked and switched to a different number this week (while he has the phone in his hand) and his Coinbase account was drained and heās also on the hook for money from his PayPal that was linked to Coinbase. Is there anything I can tell him?
No heās probably screwed. My buddy is still trying to get any money back and heās a lawyer. In his case it was BofA linked to coinbase. BofA said the transaction was legitimate as far as theyāre concerned. And coinbase is useless.
Ask the dealer if it was T-Mobile. If so, the good news is at least he can get put on the secret special T-mobile fraud setting so this doesnāt happen again. But they only give that out to verified fraud victims.
Iām pretty sure he uses a cheap MVNO.
I think the hackers are working off various leaked databases of information. They go fishing to see if the user they have an email and mobile number for also has a coinbase account. They can probably tell if the user a) exists on coinbase and b) has basic default security where the password can be reset with a text code. Itās very bad security practices to make that stuff ping-able, but it wouldnāt shock me in the least of coinbase does it.
Then they either trick of pay off employees at cell provider stores (T-mobile seems to be the worst) to switch the existing number to a new phone. They have enough information about the user to satisfy the questionnaire. Apparently ID isnāt even required.
I called T-mobile after my friend got hacked and asked to be put on the fraud program he was put on. They said they couldnāt because I wasnāt the victim of fraud yet. But they put a note on my account to never switch my number unless I show up in a store with several forms of ID. Iām sure that will be honored when someone goes to hack me. 
Lucy for you, you have no crypto!
2 Likes
Yup, another reason Iām not in any rush to go out and buy any crypto. Iām not worth hacking apparently.
I did still have my coinbase account though. And I got a reset password attempt email when I never tried to reset my password. Thatās when I logged on and shut the whole account down. I had already disconnected my bank account though so it probably didnāt matter.
One thing I wonder about is can the hackers figure out how much crypto someone has in their coinbase account, or do they just know you have one?
Also the level of just flat out not caring between T-mobile and coinbase on this shit infuriates me. How about having a special code the user has to type every time when they make a transfer from their bank or PayPal or w/e? Like the CVV # on a credit card. Oh thatās too inconvenient? Well then just make it the default setting and let the user turn it off if desired.
And of course T-mobile is pure shit. Hey maybe donāt switch my number to a new phone w/o asking for ID? Fuckers.
He uses Straight Talk, which is owned by TracFone, which is apparently owned by Verizon.
Sim swap hacks are a real menace. I checked with my provider the other day and someone could sim swap me with some personal info plus a four digit pin and there is nothing I can do to make this more secure. Iām considering changing providers. I donāt think attackers could get into my Google account that way (requires possessing my phone) and most of my crypto is inaccessible short of gaining access to my hardware, but God knows what havoc they might wreak with my internet banking or something.
Update on our Canadian teen math wizard crypto thief:
The civil case will be heard in Toronto if he can be located.
He was given four days to put the crypto tokens āin the hands of a neutral custodian.ā The judge told him if he failed to do so, he could be ordered to show why he should not be held in contempt of court.
The judge said it appears Medjedovic has āgone into hiding.ā
āThis strikes me as the worst outcome for everyone involved,ā he said. āWhile it may let Mr. Medjedovic hold the disputed cryptocurrency tokens for now, he does so under the cloud of a dispute and in the capacity as a wanted person.ā
The fuck are yāall doing up there? The is the most straightforward shoot to kill case Iāve seen in a long time. Isnāt there a Canadian Dog the Bounty Hunter they can put on this thing?
2 Likes
Cool?
I dunno. Congrats to the buyer on acquiring a piece of low-res pixel art for half a mil I guess?
When Gary Vee is involved, I reflexively gouge my eyeballs out and tune out.
The Jim Cramer of NFTs
Did someone call T-Mobile customer support to swap him?
No they walked into a store and did it, claiming they had lost their phone. Unclear if the T-mobile employee who executed the swap was in on it or not. This happened in Florida, which apparently is a hotbed for this kind of fraud.
God forbid the T-mobile employee tries to call the number to see if anyone picks up before doing the swap. Thatās a bridge too far apparently. Could be a thief impersonating the real phone owner on the other end. Better just swap with few questions asked.
Same with coinbase. My friend was on the phone with them while the hack was happening, pleading for them to just shut the account down until he could come back with all the proof they need that heās the owner of the account. Obviously he didnāt have access to the phone number anymore. But no, coinbase wouldnāt lift a finger until he jumped through a bunch of hoops, which was too late.
Just temporarily blocking any transactions on the account is too dangerous apparently. You might inconvenience a legitimate user who a) just changed their password minutes ago, b) just transferred all the crypto out of the account, and c) is now trying to drain their BofA account to buy more crypto and transfer that too.
Wouldnāt want to do anything like say email the user that their password was just changed using text, and then maybe put a cooling off period on unloading everything in the account and draining the bank account for more, at least until the user responds via email. Crazy talk. Actually they may have hacked his gmail too. I canāt remember. Still though, maybe just cool off on draining the account for a couple of hours immediately after a password change?
All you need to do to be safe from the sim swap thing is to use a non phone number related 2fa option.