LobsterDAO 🦞

27 Feb 2025 09:16

you can fork the repo and build it yourself

LobsterDAO 🦞

27 Feb 2025 08:46

I don't think there is an opt-out from autoupdate in Rabby

LobsterDAO 🦞

27 Feb 2025 06:34

Is there a way to find deleted tweets?

LobsterDAO 🦞

27 Feb 2025 04:12

Now imagine a similar attack to a Rabby dev, that pushes a compromised update to their wallet extension
🙈🙈🙈

LobsterDAO 🦞

26 Feb 2025 22:46

I'm not sure if I'm missing something, but if the signers laptops were not compromised, they could have decoded the data field with the contracts ABI

LobsterDAO 🦞

26 Feb 2025 22:17

We basically need an ABI for Signatures data

LobsterDAO 🦞

26 Feb 2025 22:16

If the eip712 signature in the wallet e.g.metamask shows the domain, chain, etc, but can't "decode/verify" the parameters that conforms the data that then is hashed to be signed, then the signer is blind

LobsterDAO 🦞

26 Feb 2025 22:00

you should proof read your tweets before sending bro

LobsterDAO 🦞

26 Feb 2025 21:22

Especially once you start counting all those perp trades at notional

LobsterDAO 🦞

26 Feb 2025 20:56

highly doubt they do $3T revenue, maybe volume

LobsterDAO 🦞

26 Feb 2025 20:48

If they can infiltrate clouds/on-prems, they can potentially get into banking/SWIFT/treasury systems (where 1.5b may be a small amount in comparison). Its a valid attack vector nevertheless.

LobsterDAO 🦞

26 Feb 2025 20:47

but appreciate your point

LobsterDAO 🦞

26 Feb 2025 20:46

They would have to physically break into a Google datacenter or infiltrate Intel supply chains for that

LobsterDAO 🦞

26 Feb 2025 20:43

A slightly different take on how the hack could have been prevented. Since there are multiple layers to security, this TEE-based approach is specifically targeted at making server-side deployments more robust.

https://x.com/MarlinProtocol/status/1894834665585787200

LobsterDAO 🦞

26 Feb 2025 01:53

Whatya mean? Reduces yield rates for stables in a bear or

LobsterDAO 🦞

27 Feb 2025 09:16

Yep, good point
We should demand one

LobsterDAO 🦞

27 Feb 2025 08:21

OpSec suggest to not install updates right after they come out
Wait some time always

LobsterDAO 🦞

27 Feb 2025 04:53

think it's on wayback machine

LobsterDAO 🦞

26 Feb 2025 22:48

Do someone have a link to the malicious JS?

LobsterDAO 🦞

26 Feb 2025 22:26

Or were the messages used by safe already structured with something else than a big "data" field?

LobsterDAO 🦞

26 Feb 2025 22:17

Or do metamask / rabby supports to send all parameters somehow to create the signature?

LobsterDAO 🦞

26 Feb 2025 22:13

I think that the conversation should go into "how we make that eip-712 signatures are really verifiable in the wallet software"

LobsterDAO 🦞

26 Feb 2025 21:43

was trying to answer here: https://x.com/koeppelmann/status/1894792743303479340

LobsterDAO 🦞

26 Feb 2025 20:57

that would be bonkers 🤣

LobsterDAO 🦞

26 Feb 2025 20:55

does anyone know how much it security people (in ops) Binance has?

Binance does > $3 trillion annual volume (lots will be washtrading, but let's assume this volume would all be from hard fiat currencies).

stock exchanges with that kind of volume have 50-100 people on payroll to secure their infra. I doubt that most crypto exchanges have even 10.

LobsterDAO 🦞

26 Feb 2025 20:47

and as additive security, why not?

LobsterDAO 🦞

26 Feb 2025 20:46

Think you are referring to home-owned SGX compromises. These days you can get attestations from clouds for TDX boxes.

LobsterDAO 🦞

26 Feb 2025 20:44

U think NK wouldn't infiltrate TEE supply chain for 1.5b?

LobsterDAO 🦞

26 Feb 2025 19:36

My version how the hack could happen and how we could avoid such kind of attacks: https://x.com/0xmikko_eth/status/1894816726384079014

LobsterDAO 🦞

26 Feb 2025 01:27

Lets build more cool primatives with it, its long term bullish