As many of you all have asked countless times over DM and other, we have finally put together a censorship-free page for us to host our various written content.

This has been an issue that has plagued us for awhile now. We've been banned on Medium, Twitter, and other social networks countlessly.

https://www.cryptovigilante.news/welcome-to-cv-network/

🚨 If you have a tip or just want to chat, please reach out to any of our various social mediums!

- https://www.cryptovigilante.news/contact/

Investigating Twitter Reply Scam Rings.

https://blog.mycrypto.com/investigating-twitter-reply-scam-rings/?utm_medium=social&utm_source=reddit&utm_campaign=twitterscams

🗳 United States Senate talks regarding the controversial crypto provisions to the U.S. infrastructure bill have ended without any amendments, suggesting the original bill will be voted on come Tuesday.

💰The provisions aim to raise $28 billion for infrastructure funding through expanded digital asset taxation and will impose broad third-party reporting requirements on any crypto firm deemed to be a “broker.”

Poly Network Hack Clarification

📕 WHO DID THE HACK TARGET?

This is a big question to ask. I've seen a couple of comments like "Not your keys, not your Crypto" and likening it to BitConnect or Mt. Gox. It's similar but with a big caveat, these types of attacks don't typically target users crypto in their wallet. Custodial exchange and centralized lending will often target users crypto just sitting in a spot wallet.

When you supply liquidity to a protocol on DeFi it is not your crypto. You're keys should still be able to authorize the withdrawal of that crypto or your wallet will have a receipt of supplying like cETH or LP tokens. You are still ultimately the custodian of your own crypto in DeFi

If you've been interacting with DeFi protocols, it is highly unlikely you will wake up to a drained Metamask after one of these hacks. You are too small of a fish for those types of attacks to target. You are more likely to have to fall for a phishing scam if that is the case.

Typically hacks like this target liquidity pools. Liquidity pools often have immense value in them. You may lose crypto you have deposited in a hacked pool or farm, but often times protocols come up with solutions to reimburse any lost crypto like PancakeBunny earlier this year that suffered a flash loan attack.

Poly Network holds large liquidity pools to facilitate cross chain transfers. Holding a lot of exit liquidity on each chain. The money that was hacked from this event is likely to have been stolen from those who have large amounts of liquidity staked. This is not likely to be you farming CAKE on PCS!

Cross Chain protocols are incredibly hard to code, and they should be treated with caution when supplying liquidity to them.

📗 HOW DID THE ATTACK TAKE PLACE?

I want to keep this part simple for those not technically minded but there are currently two working theories as to how the hack took place. They both involve the private keys for the ownership of the liquidity pools.

🔑 Theory 1: Leaked Key

Poly Network has a big security problem from the outset. They had a single sig key to the pools which means that only one signer would need to authorise any changes to the liquidity pool, including withdrawal of funds. This is like leaving a vault of gold with only one key. If you wanted to access this, there wouldn't be any other parties involved.

Current theories suggest that this key was leaked or hacked via another method off-chain. This is the story from early official post mortem from Poly Network

EDIT: This theory has been disproved by Poly Network, but I wrote it so I thought I'd leave it here as an example of an early working theory

🖋 Theory 2: Hacked Contracts

There are two important contracts. A "manager" contract and a "data" contract. The data contract specifies the address which can submit transactions which can withdraw funds from the pool. If someone was to replace this address in the contract to theirs, they could withdraw as much from the pools as possible.

In solidity there is a concept called ownership. A smart contract can set certain functions to only execute if the owner executed them. Typically, when constructed the owner is the wallet who deployed the contract, which is typically the developer. However, in this case the owner of the "Data" contract was the "Manager" contract.

So now, if you were to call a function which could replace the address in the data contract with theirs from the manager, it would be allowed.

But here's another flaw in the design of Poly Network. The "manager" contract exists to run transactions on different chains. It has a function called verifyHeaderAndExecuteTx which verifies that a transaction exists on one chain, and if it does, runs it on another. This is needed for cross chain interoperability.

But wait... we've now got a way to run arbitrary functions from the "manager". If the attacker devises a specific input they can now freely set the most important address, the one which says who can withdraw from the pools, to theirs.

Confirmed by Poly Network

Binance's Long-Standing Domination for Liquidity is Dwindling Rapidly.

https://www.cryptovigilante.news/binance-fraud/

IOTA is a Centralized Scam

🎚IOTA foundation since the beginning has been using single controlling node called coordinator.

📠 The coordinator is authority node operated by the IOTA foundation and it's a single point of failure for the IOTA network, which makes the network centralized.

🔦 IOTA has suffered attack after attack and network outages as a result of bugs in the coordinator and it is proven to be insecure to DDos attacks.

⌨ IOTA first used a custom made hash function which was broken from the start and let you forge transactions.

🔌 Last year the coordinator had an outage for twenty days after their wallet got hacked. The network did not process any transactions during that time. Private keys of users and associated IOTA tokens worth around two million dollars got stolen.

🪙 Just few weeks before this outage one of the founders Sergey Ivancheglo AKA Come-from-Beyond/CFB decided to quit the project and had a fight with other founder David Sonstebo over splitting the founders IOTA tokens.

💰As they were fighting the third founder who is Dominik Schiener claimed that he “single-handedly conceived” the IOTA brand. It was a messy fight and they were all trying to claim the founders tokens for themselves.

📈 Now since the bull market is back IOTA is saying they are doing tests without coordinator. Thats the DevNet testnet. IOTA said the same thing in May 2019. Quote from founder David Sonstebo in 2019,

“We have been working towards the removal of the Coordinator since IOTA's inception. Now with the maturity and growth of the protocol, and the quality of our research team, we are bringing that promise to fruition.”

📮It never came to fruition. Another false promise. Now IOTA foundation is claiming they have a new solution to replace coordinator.

📂 IOTA is full of claimed research and pilots, but no working product and they have no clients using their protocol.

Twitter FUDster "CryptoWhale" is really just a scam artist CryptoRandy, and a BSV supporting fraud.

There is a prominent account CryptoWhale which posts bearish news about crypto all of the time.

🚨Recently this scammer also posted in favor of BSV, the scam ran by serial fraudster Craig Wright.

❌ BSV and their associated entities (coingeek) have been expelled from regular crypto communities a long time ago.

📻 New users may not be aware, but these are some of the biggest fraudsters in this space. Craig Wright infamously lies that he is Satoshi, and here "Crypto Whale" shows his support for the scam BSV.

🔌 Who was CryptoWhale before?

CryptoWhale is actually just a new account for CryptoRandy, a well known scammer from the past. Other names are BitKrabs, BitHades etc, who stole BTC from a lot of people in the name of helping them out, private groups and such schemes.

On July 27, 2020 he put his entire portfolio into BTC shorts. You know which way Bitcoin went after that.

Use extreme caution with Twitter influencers like him who use some truth to bait you into his awaited lies.

⏳Nobody on Twitter has any form of classified or insider news about which direction Bitcoin will go. Most Twitter influencers will bait you into thinking they do.

QR Code Generator Scam

🔖 Use extra caution when you Google Bitcoin QR generator. Some of the links Google shows you are scams.

🗄 Name of the file will show as your address, but after you double check to see if the QR is right you will notice it leads to a different public address.

📓 Many people don’t double check what they send. Always remain extra vigilant and please always double check what you do!