should i be more edgy on twitter or on lens? my edgiest shitposts go to linkedin
Stop with the fucking tshirts and tote bag swag. Good swag:
- travel adapters
- snacks
- anything hygiene (think bamboo toothbrushes)
- underwear
- writable NFC fob/cards
henlo, a lot of people ask me about EF / Antler, so I wrote up my thoughts. I did the programme, and left before starting peanut protocol (peanut.to)🥜
Here is a weird thing about choice. Imagine you have three buttons, pressing them gives the following random pay-outs : A → $10-20, B → $12-22, C → $9-14. You can press a total of 100 hundred times and you want to maximise your pay-out. The dominant strategy would be to press a number of times (stats nerds can figure it out exactly), say, 6 times on each, get the averages, and then keep pressing on the one that yields the most. Both computers and humans act the same way here. However, introduce an additional rule: after not pressing a button for 10 presses, it disappears. What would you do? Rationally, you should proceed the same way. After all, after your first 24 rounds, you stopped exploring and start exploiting. However, people don’t like disappearing options and will waste their precious presses on lower-yielding buttons. That’s what people do in dating, cofounder, job, shopping search, etc. People love to hedge their bets. However, you need to know when to make the switch and let low-yield options fade, even if it feels bad to have fewer options.
(Experimenting with long form on Lens)
Imagine your clipboard gets compromised - what's the worst that could happen?
Clipboard hijacking malware exploits the fact that when making a crypto payment, you'll usually copy (Ctrl + C) the payment address before pasting (Ctrl + V) it into your wallet. So this kind of malware simply monitors anything you copy to your clipboard and compares it against a bunch of regular expressions matching crypto wallet addresses.
If it finds a match, it'll replace that kind of crypto address with one of its own. So when you hit paste you end up sending your crypto to cyber criminals by mistake.
However, clipboard hijacking is relatively easy to counter. You simply compare the two wallet addresses. This is what a wallet address looks like: 0x983907410272C502Fdb12506D313f6DDabDc3C6F. It would take ages to compare every digit and it’s randomly generated, so it makes sense to only look at the last few digits. Similarly to phone numbers, you would usually remember just a few digits to identify who is calling. So it should be enough to do a decent check on whether you have copied the right address.
But clipboard hijacking has mutated. Laplas Clipper counters this counter. It’s sold on hacker forums via a subscription of $59 per month. A ThaaS, theft-as-a-service business, so to say. In return, cyber criminals get a web interface where they can generate an executable, view their infections as well as their crypto wallets.
Laplas Clipper makes sure to replace wallet addresses with an address where the last few characters are identical, dramatically increasing the chance that even if you checked these last few characters, you wouldn't notice that it's a completely different address.
It probably uses something like Vanitygen to precompute billions of wallet addresses, and then replaces them as needed. That is, they precompute a big database of billions of wallet addresses. An Eth address is hexadecimal, so for the last 4 characters you need 16^4 = 65k addresses! You could even do the first 4 and last 4 characters, which is just 8 characters, for a total of only 4 billion addresses! That fits really easily in a normal database and query time for SQL for this is in milliseconds.
How can you protect yourself from such an attack:
-
Skim through the whole wallet address, not just the beginning and end.
-
Save addresses that you interact with in the contact books of your interface (MetaMask, Ledger Live etc.)
-
Have a separate Linux OS (e.g. a live USB) only for transactions, this reduces malware attack surface.
-
Use Peanut Protocol (peanut.to)) to generate payment links, they are claimable directly through MetaMask, so no clipboard hijacking is possible. Let me know if you decide to use it. @hugo0.lens and I have built it.
Good luck out there!