Opensea has reassessed our previous case and has offered an additional $25k IF WE KYC.
They have also offered a similar reward for yesterday’s vulnerability, after they’ve gauged the severity.
As of now, we respectfully decline and wish them the best of luck finding the bug.
An individual in the space has fraudulently obtained my private information including my SSN and is now using it as leverage to keep me quiet.
Against the advice of my attorney, I am publishing this thread in an effort to prevent this from happening to someone else.
🍿🧵
OpenSea has agreed to make a donation to
@GirlsWhoCode
in exchange for all information we have on their vulnerability. Working out the particulars now.
I’ve had DMs from people who want to “buy” this exploit, offering close to 100x of what Opensea does.
This illustrates a market for vulnerabilities that would be very difficult for someone more money motivated than myself to not fall into.
Be safe out there anon.
Your favorite 'influencers' use bots to ensure their posts get a baseline number of engagements.
Then they make private deals with struggling founders for promotion based off of the phony numbers.
Let's dive deep into botted accounts so you know what to look out for.
🧵🪡
@MetaNukesEmpire
There’s no dollar amount in mind because our team isn’t money motivated. We just want them to set a better standard for security researchers.
This is one of if not the biggest company in NFTs. If this is the messaging they are sending it scares me.
Do better.
When people realize that the true Opensea competitor isn’t another massive marketplace but collection proprietary micro-marketplaces things start changing rapidly.
The goal of this drop is simple: Allow users to send on-chain notes to any ETH address.
To make it more interesting we created what we believe is the first "double standard"; a contract that can mint both SBTs and NFTs.
Blur is taking your data and building highly invasive profiles that include your job history, browser history, psych profiles and a ton more.
Even worse is that all of this data is shared with their affiliates.
This is all plainly stated in their privacy policy.
@_someone_els
Incorrect, I’m not dropping anything any time soon. Thanks for your concern, No El, but I’m gonna have to ask you to change your name after this one.
The $25k donated earlier by OpenSea was the reassessed bounty from the previous bug we submitted in November.
OS is donating an additional $25k to Girls Who Code shortly for the most recent bug.
We will be working with them to help confirm the fix.
Happy with this outcome.
Finding bugs is often lucrative, especially in blockchain. Companies are willing to pay millions for discovery of mission critical bugs. Opensea however pays next to nothing for discovering potentially platform ending errors in their codebase. (Thread)
Finding bugs is often lucrative, especially in blockchain. Companies are willing to pay millions for discovery of mission critical bugs. Opensea however pays next to nothing for discovering potentially platform ending errors in their codebase. (Thread)
Almost entirely convinced Blur is a data honeypot.
I would advise never connecting your wallet to their site just based on some of the trackers and software on it.
Opensea is getting ready to roll out an update to their Shared Smart Contract that adds new features and precautions. Mark my words: This is going to be a monstrous shit show.
GL to the team.
I've always been an artist.
Most of my life has been supported by art.
It hasn't been until recently that I have made a living in software and product design.
Next week I'm getting back to my roots.
Interacting with this post is step 1.
Don't miss the rest.
Revoking your wallet permissions is not going to help. Make sure you know what you are purchasing is what you intended to purchase.
This is not a vulnerability that will put NFTs in your wallet in jeopardy, but it’s still something that could cause many millions in damages.
Frontrunning the accounts that follow any negativity posted about her to say "Hi!, good to see you again."
Ad Hominem isn't going to work this time either.
There is nothing that excuses holding someone's SSN hostage.
Will not be disclosing the vulnerability until I've spoken with the
@opensea
team and confirm it's been patched. I don't want to see anyone using this nefariously.
@MarioNawfal
Super irresponsible. If you are going to be telling people shit like this please attach facts. The damage you are causing by flagrantly posting hyperbole is quantifiable.
We just signed a contract with one of the biggest companies in the world to build NFT and Web3 tech that I guarantee you will be using in the very near future.
Still in complete disbelief.
👀 👉🏻
@BUILTBYQUANTUM
Almost entirely convinced Blur is a data honeypot.
I would advise never connecting your wallet to their site just based on some of the trackers and software on it.
I feel exposed, and taken advantage of. I've had to move because Aly will not confirm that she hasn't given my information to other parties, and I have to act in the interest of my family's safety.
Today this ends. I'm not going to be quiet about it any longer.
All I want is my information deleted. It is illegal, unethical, and immoral for her to leverage it like she is and I will be escalating this with the IRS via circular 230, and with the Attorney Generals in our respective states.
@JaapyFT
@opensea
@Coinbase_NFT
I don't know why you'd think Coinbase NFT, another MASSIVE company, is going to be the answer here. We need bespoke markets.
We will obviously take the 3 ETH. It’s nice to have something for our work and commitment to doing the right thing. HOWEVER, this sends a huge signal of the value they place on these issues. Lesson learned on our end.
Fingers crossed the
@CakedApes
marketplace will launch tomorrow at around this time.
- Zero Opensea dependencies
- Zero platform fees
- Zero cost to the CA team
- Zero fucks given
@BUILTBYQUANTUM
We do not work with scammers, we make no efforts to hide transactions, and we constantly take the long route to keep above board in our business dealings.
There is no "ample evidence" just an individual abusing government reporting and my SSN to coerce me into deleting a tweet.
Fuck each and every one of these do-nothing influencers who got gobs of ETH this summer to sit on Twitter and act better than us. A gaggle of dipshits with god complexes flying too close to the sun. The wax is melting. You're falling now.
This is just scratching the surface. There are SO MANY ways your attention is hacked for very little effort or cost.
Be more skeptical online. Social media numbers mean nothing and never have.
Aly refused. Only offering to delete my information unless I removed the "false and defamatory" tweet which I refuse to do as well.
Nothing about the tweet is defamatory. She has no law license, she admitted it only when pressed. Full stop.
I met Aly Sosa (
@ASosagui
) around this time last year on Clubhouse. At the time she was one of the only NFT lawyers around and had made a name for herself as knowledgable, thorough, and adept at handling herself in this industry.
Here are the 250 accounts we stole tweet data from to make . Each time one of their tweets get minted, they get paid directly to their wallets.
(thread)
Are you frustrated with the state of Web3?
Angry with the status quo?
Enraged with the powers that be that dictate the trends?
Good.
In a rare instance, we are all united in disgust with the current meta.
It's time for a change.
It's time for War.
Are you ready?
The catch here is that by reporting us, Aly has to concede that she was in fact acting as our legal counsel and does have access to private information.
Today, Aly wrote us an email and informed us that she was going to be fraudulently reporting us to any government agency she could recite unless we deleted the tweet. This is extortion.
Dropping a $farokh coin imminently. Claimable through the newly purchased .
Qualifiers: Interacting with any of
@farokh
's tweets since he entered the space in Feb. You must also have your ENS name as your twitter name.
DQs: Owning any of his projects.
We hired another attorney to help us finalize what was now left unfinished. The first matter was sending a cease-and-desist to Aly with the request for an affidavit confirming the deletion of my confidential info.
I have every legal right to request this.
I don’t think Phunks have ever had a worthy adversary.
Anyone that has tried with any serious effort has made themselves look completely foolish in the process.
Holdings 0
Respect 100
She also insinuated that we were never her client, despite having a signed engagement letter, and months of proof that she was acting as our legal counsel.
This screenshot is of a conversation that took place on February 8 of this year.
.005Ξ + gas.
Unlimited supply.
Available forever.
Fully on-chain.
Zero royalties.
SBT or NFT, you decide.
Interact with this post to be on the allow-list.
.
@CakedApes
marketplace update:
- Subgraph is being created (no OS dependencies).
- Our 1155 contract is being rewritten for 721.
- Interface reskin is under way.
Once done I will put onto a domain and give it to their community free of charge with no trading fees.
Since posting that tweet I have been contacted by a lot of people that have had very similar dealings. All of them assumed that she was a lawyer, hired her for services, and then were left vulnerable when they found out that was a lie.
.
@CakedApes
Marketplace will have zero platform fees. Royalties are setup to go right back to the artist/team.
@BUILTBYQUANTUM
will pay the contract deployment fees. We will then transfer ownership to the caked team.
It will have no contact form to submit DMCA notices.
Last week the team at
@RUG_TECH
discovered a smart contract scenario that made it possible to mint NFTs that appear to be created by any ETH wallet you choose. With no consent or notification required.
When collectors harass creators for utility they are dog-whistling for exit liquidity and throwing shade because your economics aren't working on their schedule. Fuck em.
People are using my experience as an opportunity to dunk on me which is fine, I fucked up big time by not vetting her fully. I fell for the same bullshit that a lot of others did, I was just the only one willing to speak out. There were over a dozen projects that worked with her.
'Seasoned' Twitter accounts have long been available to purchase and the most popular category is NFTs.
These accounts have ran for months auto-liking and following our community to amass their numbers.
There are hundreds of these accounts for sale. You definitely follow some.
Influenzas takes the tweet data of 250 NFT "influencers" and creates algorithmically generated art from them. "influencers" receive the ETH for each mint at the time of transaction. The "influencers" haven't been clued off. We did not ask for permission. Forgive us?
When she wouldn't answer the community, I reached out and asked her myself via text. She called me immediately in a conference call with another attorney I had never met to inform me that no, she does not have a license to practice law.
Friendly reminder that M*TAM*SK IS NOT YOUR WALLET. It is an interface for your wallet. If you have your private keys you are good to migrate to another wallet interface.