234817
Officer’s Notes
@officercia #234817
Threat Researcher & Author
3648 Follower 17 Following
Reminder guys: now with PECTRA ethereum upgrade, you only need to sign a message to get completely drained! Before, you actually had to sign the TX.
Be very careful of what you sign now - even an offchain message!
Be very careful of what you sign now - even an offchain message!
Save this post if you've been scammed or hacked!!!
First things first, you should contact: t.me/seal_911_bot ,or t.me/rata0x
• Next, for recovering the rest (untouched assets) please use: hackedwalletrecovery.com made by @buidlguidl @austingriffith ;
• Or this tool: https://app.buidlguidl.com/build/yIj6q9TZnzAUMR6B4eFX
• For recovering unclaimed tokens from airdrops: https://serveth.notion.site/How-to-securely-transfer-unclaimed-tokens-from-a-compromised-wallet-7c5f5e3762474851b92c159f797e406e ;
• Order an investigation (optionally): t.me/rata0x
• You should also report your case to chainabuse.com !
Please RT! Stay safe!
First things first, you should contact: t.me/seal_911_bot ,or t.me/rata0x
• Next, for recovering the rest (untouched assets) please use: hackedwalletrecovery.com made by @buidlguidl @austingriffith ;
• Or this tool: https://app.buidlguidl.com/build/yIj6q9TZnzAUMR6B4eFX
• For recovering unclaimed tokens from airdrops: https://serveth.notion.site/How-to-securely-transfer-unclaimed-tokens-from-a-compromised-wallet-7c5f5e3762474851b92c159f797e406e ;
• Order an investigation (optionally): t.me/rata0x
• You should also report your case to chainabuse.com !
Please RT! Stay safe!
"Where is the line between market making and market manipulation?"
'Crime szn' no more; the Department of Justice is circling.
Dr. Rasit Tavus, founder of LegalBlock, explains how certain trading tactics could lead to criminal charges.
https://www.dlnews.com/research/internal/why-crypto-market-makers-could-face-charges-over-price-manipulation-tactics/
'Crime szn' no more; the Department of Justice is circling.
Dr. Rasit Tavus, founder of LegalBlock, explains how certain trading tactics could lead to criminal charges.
https://www.dlnews.com/research/internal/why-crypto-market-makers-could-face-charges-over-price-manipulation-tactics/
Announcing the debut of a new service!
Now you can contact me and my friend @rata0x for legal services and advice. We've known my dear friend t.me/rata0x for 5 years, and we've helped a lot of individuals in the most desperate situations!
So, if you need to:
1. Resolve the issue of unauthorized blocking of funds on the exchange.
2. You have had a huge sum of money stolen from you and must immediately block it on exchanges and return it as soon as possible.
3. You or your project require legal assistance and advice.
Contact t.me/rata0x ! When I refer him, I use my name because I've worked with him for a long time and know him well.
Now you can contact me and my friend @rata0x for legal services and advice. We've known my dear friend t.me/rata0x for 5 years, and we've helped a lot of individuals in the most desperate situations!
So, if you need to:
1. Resolve the issue of unauthorized blocking of funds on the exchange.
2. You have had a huge sum of money stolen from you and must immediately block it on exchanges and return it as soon as possible.
3. You or your project require legal assistance and advice.
Contact t.me/rata0x ! When I refer him, I use my name because I've worked with him for a long time and know him well.
Three Good Multisig Operations Tips!
1) You can create multisig with Safe, and sign transactions off-chain and send them using any other wallet that doesn't control multisig at all. So, you could use Safe contract alternatively to any ERC2771 smart contracts (like Openzeppelin Defender is).
2) How to choose a better number of signers? Pick a M-of-N multisig where M is less than N, such as 2-of-3. Give yourself some leeway, a 2-of-2 requires all your backups to work perfectly.
3) Implement Web3 Front-end monitoring, use a tool by @koda (link below)!
P.S. That’s an awesome app: pilot.gnosisguild.org
1) You can create multisig with Safe, and sign transactions off-chain and send them using any other wallet that doesn't control multisig at all. So, you could use Safe contract alternatively to any ERC2771 smart contracts (like Openzeppelin Defender is).
2) How to choose a better number of signers? Pick a M-of-N multisig where M is less than N, such as 2-of-3. Give yourself some leeway, a 2-of-2 requires all your backups to work perfectly.
3) Implement Web3 Front-end monitoring, use a tool by @koda (link below)!
P.S. That’s an awesome app: pilot.gnosisguild.org
Support me by trying my proven partners:
1. Get an audit from hexens.io (EVM - Solidity) or guvenkaya.co (Solana/Near - Rust)
2. Host on r.xyz - tier1 bug bounty platform
3. If funds stolen/blocked on CEX, contact my lawyer @rata0x for crypto legal advice or/and investigation
4. Best service for on-chain investigations: legalblock.com
5. Exchange crypto/cash worldwide via t.me/Mr_Hermes1
Feel free to cross-check everything!
1. Get an audit from hexens.io (EVM - Solidity) or guvenkaya.co (Solana/Near - Rust)
2. Host on r.xyz - tier1 bug bounty platform
3. If funds stolen/blocked on CEX, contact my lawyer @rata0x for crypto legal advice or/and investigation
4. Best service for on-chain investigations: legalblock.com
5. Exchange crypto/cash worldwide via t.me/Mr_Hermes1
Feel free to cross-check everything!
A victim lost $510,294 due to copying the wrong address from transaction history!
Victim:
0x0d534863a71d5e68d5c919a4c2ef47c3a7a792c0
Fake address:
0x4049Ebf479Fa49924e120490d119f0827cAa9aeC
Legitimate address:
0x40491fe2bA81621475c894Ebe8bcad56C7da9aec
How transaction history poisoning works:
1. Scammer sends fake/dust transfer with similar address;
2. Their fake address appears in your history;
3. You copy address from history thinking it's legitimate;
4. Funds get sent to scammer instead.
How to stay protected:
1. Always double-check the addresses you're sending funds to;
2. Never copy addresses from transaction histories;
3. Use a wallet that supports whitelisting or bookmarks.
My article on topic: https://officercia.mirror.xyz/n-sXszeDoNU3wtUUxRQEYvxQlZ6loaFElILzm2gnMzw
Victim:
0x0d534863a71d5e68d5c919a4c2ef47c3a7a792c0
Fake address:
0x4049Ebf479Fa49924e120490d119f0827cAa9aeC
Legitimate address:
0x40491fe2bA81621475c894Ebe8bcad56C7da9aec
How transaction history poisoning works:
1. Scammer sends fake/dust transfer with similar address;
2. Their fake address appears in your history;
3. You copy address from history thinking it's legitimate;
4. Funds get sent to scammer instead.
How to stay protected:
1. Always double-check the addresses you're sending funds to;
2. Never copy addresses from transaction histories;
3. Use a wallet that supports whitelisting or bookmarks.
My article on topic: https://officercia.mirror.xyz/n-sXszeDoNU3wtUUxRQEYvxQlZ6loaFElILzm2gnMzw
Best crypto books & researchers for newcomers ⬇️
https://telegra.ph/Books--Researches-01-30
https://telegra.ph/Books--Researches-01-30
Front-running — Making trades based on insider information that the rest of the market doesn’t have access to or before it can respond. In crypto, front-running is part of MEV.
Check out my compilation ⬇️
https://graph.org/MEV-PACK-06-10
Check out my compilation ⬇️
https://graph.org/MEV-PACK-06-10
The ultimate, most advanced, security, DeFi, assembly, web3 auditor course ever created!
Thank you for mentioning my blog!
https://github.com/Cyfrin/security-and-auditing-full-course-s23
Thank you for mentioning my blog!
https://github.com/Cyfrin/security-and-auditing-full-course-s23
Safeguard Your OpSec with These Vital Tips
https://officercia.mirror.xyz/S2ZQ6kkRVUfZzJx9Pv72ZWvVf5EaZPjr2yjiHbRDaZk
https://officercia.mirror.xyz/S2ZQ6kkRVUfZzJx9Pv72ZWvVf5EaZPjr2yjiHbRDaZk
How to Protect Your Devices from Pegasus Spyware: Essential Countermeasures and Best Practices
https://officercia.mirror.xyz/ZuT6zYuAsQYNnuVTGkejiWqhmT5U8qT9u56VGQFDi08
https://officercia.mirror.xyz/ZuT6zYuAsQYNnuVTGkejiWqhmT5U8qT9u56VGQFDi08
Think you’ve got what it takes to dominate Web3 security?
The Remedy CTF 2025 by Hexens is here!
💰 $50K+ in prizes
🧠 Solve cutting-edge challenges
🌍 Gain global recognition
🚀 Unlock career opportunities
Registration: https://ctf.r.xyz/?utm_source=Web3secNews&utm_medium=Banner&utm_campaign=CTF2025
The Remedy CTF 2025 by Hexens is here!
💰 $50K+ in prizes
🧠 Solve cutting-edge challenges
🌍 Gain global recognition
🚀 Unlock career opportunities
Registration: https://ctf.r.xyz/?utm_source=Web3secNews&utm_medium=Banner&utm_campaign=CTF2025
There are currently 5,564,420$ available in rewards at @remedy
Sign up for the bug bounty platform and participate in 17 programs!
Remedy provides high-quality triage. So try the only platform powered by Zero Knowledge Proof of Duplicates, which offers an extra layer of security for researchers!
https://r.xyz/bug-bounty/programs
Sign up for the bug bounty platform and participate in 17 programs!
Remedy provides high-quality triage. So try the only platform powered by Zero Knowledge Proof of Duplicates, which offers an extra layer of security for researchers!
https://r.xyz/bug-bounty/programs
Check out this tool made by @hexens
engram.r.xyz - free, lightweight, and UX-friendly ZK prover to verify data ownership.
Three simple steps to use Zero Knowledge technology:
1. Hash your data;
2. Create immutable blockchain record;
3. Get your proof of ownership.
engram.r.xyz - free, lightweight, and UX-friendly ZK prover to verify data ownership.
Three simple steps to use Zero Knowledge technology:
1. Hash your data;
2. Create immutable blockchain record;
3. Get your proof of ownership.
There are currently 5,564,420$ available in rewards at @remedy 🔥
Sign up for the bug bounty platform and participate in 17 programs!
Remedy provides high-quality triage. So try the only platform powered by Zero Knowledge Proof of Duplicates, which offers an extra layer of security for researchers!
https://r.xyz/bug-bounty/programs
Sign up for the bug bounty platform and participate in 17 programs!
Remedy provides high-quality triage. So try the only platform powered by Zero Knowledge Proof of Duplicates, which offers an extra layer of security for researchers!
https://r.xyz/bug-bounty/programs
Me. Old photo.
Kaluga fish… 00
+1 to #2024privacyproof awards!
Playing Nintendo 😅
