| ▲ | nodesocket 4 days ago |
| Yikes, looks legit. Curious what are the destination addresses? Would like to monitor them to see how much coin they are stealing. |
|
| ▲ | FergusArgyll 4 days ago | parent | next [-] |
| 0x66a9893cC07D91D95644AEDD05D03f95e1dBA8Af 0x10ed43c718714eb63d5aa57b78b54704e256024e 0x13f4ea83d0bd40e75c8222255bc855a974568dd4 0x1111111254eeb25477b68fb85ed929f73a960582 0xd9e1ce17f2641f24ae83637ab66a2cca9c378b9f Source: https://github.com/chalk/chalk/issues/656#issuecomment-32670... |
| |
| ▲ | dbdr 4 days ago | parent [-] | | Next comment: > Those are swap contract addresses, not attacker addresses. E.g. 0x66a9893cC07D91D95644AEDD05D03f95e1dBA8Af the Uniswap v4 universal router addr. > Every indication so far is that the attacker stole $0 from all of this. Which is a best-case outcome. | | |
|
|
| ▲ | mcintyre1994 4 days ago | parent | prev | next [-] |
| There's a lot, looks like they start at line 103 in the gist here: https://gist.github.com/sindresorhus/2b7466b1ec36376b8742dc7... |
|
| ▲ | hunter2_ 4 days ago | parent | prev [-] |
| In terms of presentation, yes. In terms of substance, short deadlines are often what separate phishing from legitimate requests. |
| |
| ▲ | mrguyorama 4 days ago | parent [-] | | There is NO reliable indicators, because every single one of these "Legit requests don't ..." recommendations has been done by a local bank trying to get their customers to do something. My local credit union sent me a "please change your password" email from a completely unassociated email address with a link to the change password portal. I emailed them saying "Hey it looks like someone is phishing" and they said, "nope, we really, intentionally, did this" Companies intentionally withhold warning emails as late as possible to cause more people to incur late fees. So everyone is used to "shit, gotta do this now or get screwed" You can't hope to have good security when everyone's money is controlled by organizations that actively train people to have bad OPSEC or risk missing rent. | | |
| ▲ | cataflam 4 days ago | parent | next [-] | | > There is NO reliable indicators Completely agree. The only reliable way is to never use an email/SMS link to login, ever. | | |
| ▲ | hunter2_ 3 days ago | parent [-] | | Or go ahead and use them, but abort if your password manager doesn't auto fill. Such abort scenarios include not only a password field without auto fill, but also a total lack of password field (e.g., sites that offer OTP-only authentication), since either way you don't have your password manager vetting the domain. |
| |
| ▲ | hunter2_ 4 days ago | parent | prev [-] | | I agree: any of the potential indicators of phishing (whether it's poor presentation, incorrect grammar, tight deadlines, unusual "from" addresses, unusual domains in links, etc.) can easily have false positives which unfortunately dull people's senses. That doesn't mean they can't continue to be promulgated as indicators of possible (not definite) phishing, though. I used the word "often" rather than "always" for this reason. |
|
|
