• she/they

38, irish-american
גִיוֹרֶת

Header from here


0xabad1dea
@0xabad1dea

so as many of y'all likely know, literally every single thing I say on twitter for many months now (over a year, I think?) has been plagued by cryptocoin scam bots in the replies. Someone got curious enough to click the link and retrieve the actual contract they're trying to get you to run and sent it to me, and since I am supposed to be learning Rust anyway, I reverse-engineered it into a simulator in Rust. It's obfuscated, naturally, but it wasn't too hard. The fact that it has to execute in a tightly controlled VM environment, and one with a CPU-usage-based monetary fee at that, sharply constrains just how crazy it can get.

  • Here is the actual address the funds are transferred to and the transactions (the ones labeled "internal"); there's $26,000 just on this wallet and they may have several

  • Here is a gist with the actual contract (do not, somehow, bumble your way into actually executing this on the real blockchain, it WILL drain your wallet) and my simulator. It turned out that most of the code was pure dazzle camouflage that's just there to look complicated and mysterious and distract you from how it's just constructing the address from concatenated integers. The bait, of course, is that this claims to be an exploit that will hack the blockchain for you and cause free money to appear.

It does that for someone, I guess...