530 sats \ 13 replies \ @fiatjaf 11 Dec 2023 \ on: How To Get Robbed 4 BTC And Be Ignored by Anycoin.cz and BTCPay team bitcoin
As someone who has been robbed multiple times because of software bugs while running a service trying to be helpful and not make any money from it, I understand your feelings completely. In my case too the attackers knew what they were doing and sent the money to other wallets like Bitrefill or WoS and from there they quickly vanished with the money, I'd say it's impossible to track even if everybody cooperates. I toyed with the idea of creating a federation of bona fide wallet providers that would be able to automatically and immediately track and halt the accounts of thieves in these cases, but ultimately I think this would be too hard to make work, so we're left with emails and 6-hour-late responses.
In many of my cases, too, the people responsible for the bugs that caused money loss never apologized, which would have been a nice gesture at least. On the other hand I understand that bugs are unavoidable and it would be mentally overwhelming for them if they were to feel responsible for every satoshi lost due to their bugs.
As I said in a previous reply, an apology costs nothing and starting a crowdfund using their influence in the community would be greatly appreciated. They're known all over the world after all...
reply
Pavlenex here. I've apologies to you, I've spent multiple hours chatting with your and connecting you with an exchange. Your claims here aren't true. We have processes for security vulnerabilities, and nostr is definetly not the best way to reach out to me, as soon as I was made aware, I've reached out to you on Telegram. I understand you're frustration but you can't just fabricate things to fit the narrative.
Once again, I apologise for your loss and pain this has caused.
reply
deleted by author
reply
Hey Pavlenex, I hope you understand I never met you before and didn't know the best way to contact you. It was @DarthCoin that helped me on how to contact you.
Also I never said you didn't apologise. On my article, I said @d11n (the extension developer) never did. And my first contact with him was AFTER he published the patched version of LNbank as you can see by the Nostr screenshot.
Also I want to be clear! NOTHING in my article is a fabrication. All that I describe there really happened.
reply
As someone who has been robbed multiple times because of software bugs while running a service trying to be helpful and not make any money from it, I understand your feelings completely. In my case too the attackers knew what they were doing and sent the money to other wallets like Bitrefill or WoS and from there they quickly vanished with the money, I'd say it's impossible to track even if everybody cooperates. I toyed with the idea of creating a federation of bona fide wallet providers that would be able to automatically and immediately track and halt the accounts of thieves in these cases, but ultimately I think this would be too hard to make work, so we're left with emails and 6-hour-late responses.In many of my cases, too, the people responsible for the bugs that caused money loss never apologized, which would have been a nice gesture at least. On the other hand I understand that bugs are unavoidable and it would be mentally overwhelming for them if they were to feel responsible for every satoshi lost due to their bugs.
Funny to see fiatjaf saying such kind words. The same guy who magically disappeared a few thousand satoshis from my property in his infamous telegram bot and blamed me for putting money in his stupid code.
I hope you get robbed a lot more asshole.
reply
Hey, how many satoshis have disappeared? What is your Telegram username? The withdrawals from lntxbot have been happening for many months now and are still ongoing. You have probably gotten a message from the bot notifying you of that. Please join https://t.me/lntxbot_dev and tag me so we can fix this.
reply
Can confirm, I got my withdrawal from lntxbot recently.
reply
Can confirm this to. Was able to withdraw all sats that I had there. Vere recently, after receivong message to do so.
reply
In my case too the attackers knew what they were doing and sent the money to other wallets like Bitrefill or WoS and from there they quickly vanished with the money, I'd say it's impossible to track even if everybody cooperates.
I feel like I should mention here that attackers most of the times know exactly who they should target. They are not going to waste their time with a target that may be too hard if there are tons of other targets that are easier to exploit.
For example, many people ask other people who got scammed:
How could you get scammed by someone like this? Wasn't it obvious?
It's selection bias: Most people who got scammed will think in hindsight: Why didn't I see all the red flags?
For example, scammers are using errors in their scam emails on purpose.
These errors are there to filter out exactly the people that are too smart anyway to get scammed. So only the "less smart" people actually contact the scammer so the scammer doesn't waste his time with people who are just going to waste his time.
Knowing stuff like this is the reason why I am very hesitant to connect https://delphi.market to mainnet since I might have to say one day: I wasn't smart enough myself to not get my funds drained, lol
Or I will at least put only very little funds first to see if there are some script kiddies who can already exploit my code - since I don't really know how secure my code is until it's live and ready to get exploited by real attackers.
But then again, can't be sure if I put more funds into it, if I am now going to attract new, more sophisticated attackers ...
we really need more security around LND nodes, lol
reply
federation of bona fide wallet providers This seems to be a great idea. How would this work? We are open to discuss about this, even privately if needed.
reply
I didn't think about the details, but it could be a simple thing based on Nostr.
You would make a list of other wallet providers you trust and listen to some specific Nostr relays for a specific kind.
Whenever there was some suspicious activity in any wallet provider they would publish payment hashes of transactions made by the suspicious people. You would then check your internal database for those hashes and temporarily freeze the involved accounts immediately, then try to hash it out with the other providers manually and understand the situation.
reply
This is an interesting idea, but it could quickly be adapted into a kind of industry best practice in the same way that many exchanges are using Chainalysis to screen incoming onchain transactions.
Lets say this gets built and Chainalysis offers up a free service that you can point to in order to freeze lightning payments on a best effort based on payment hashes of transactions made by suspecious people. Now every regulated wallet provider or exchange would be pressured into using such a service.
reply
There is a pattern on most of these hacks. Hackers move the funds from one wallet (node) to another just to hide their trace. Hard to follow the money. Probably the easiest way to reduce these hacks is a temporary hold of the funds for a certain period of time. For example, if a wallet / account receives 1M Sats in a transaction, you would only allow out max 20% of this amount in the next 24 hours. If in 24 hours you receive information from other wallets concerning suspicious transactions, you can still return 80% of the funds.
Yes, I know, it can be a inconvenience for legitimate wallets / accounts, but for safety reasons it could be acceptable.
reply