Do you know a simple signature in Metamask can drain your wallet?
Do you know a simple signature in Metamask can drain your wallet?
— korpi (@korpi87) August 19, 2022
A very experienced user (top 10 by Degen Score) lost almost 500k USDC in an exploit today.
You could be next…
A short thread how it happened and how you can avoid such exploits in future.
It was a quiet afternoon when Joe (name changed) noticed 469k USDC left his wallet.
— korpi (@korpi87) August 19, 2022
It wasn't a simple transfer, which meant an attacker apparently didn't have access to Joe's wallet.
It was a malicious contract that drained all USDC from his address… pic.twitter.com/pTgTjfMMeu
Here we need to pause the story to explain some technicalities.
— korpi (@korpi87) August 19, 2022
USDC token is a contract on Ethereum. It has many functions which define how we interact with USDC and what can be done with it.
Let's focus on two functions:
> transfer
> transferFrom pic.twitter.com/gekVmjmwvW
> transfer
— korpi (@korpi87) August 19, 2022
When you move USDC (or other ERC20s) between wallets, you use transfer function.
It moves tokens from the caller (the address that calls the function) to other address.
To maliciously use transfer on your behalf, someone would have to get control over your wallet. pic.twitter.com/3Z3pYbBnRq
> transferFrom
— korpi (@korpi87) August 19, 2022
When you interact with contracts, they use transferFrom to move your tokens. They can take up to the allowance amount which you set in approve function.
If you allow a contract to spend infinite amount of USDC, it can take it all.https://t.co/QdUgLuZfZH
Back to the Joe's story…
— korpi (@korpi87) August 19, 2022
The aforementioned contract interaction that drained Joe's USDC was indeed transferFrom function.
But transferFrom would only work if Joe had approved the contract to spend his USDC.
And Joe was 100% convinced he didn't approve anything… pic.twitter.com/HH9xxYeQms
Wait a moment…
— korpi (@korpi87) August 19, 2022
DeBank history clearly shows infinite USDC approval for the malicious contract 10 minutes before the exploit…
Did Joe actually approve it?
Yes. But also no. Not directly. pic.twitter.com/AqQQs7GZAV
Etherscan discloses that infinite approval wasn't approve function called by Joe himself.
— korpi (@korpi87) August 19, 2022
It was permit function called by other address and it granted the malicious contract the approval to spend all Joe's USDC.
WTF? How can others approve contracts on your behalf? pic.twitter.com/TS3iDbhOXu
Permit function was introduced to improve user experience on Ethereum.
— korpi (@korpi87) August 19, 2022
It allows a user to modify approval amounts without submitting a transaction. A signature is sufficient.
With your signature anyone can call permit function and update your allowance for a spender. pic.twitter.com/hem0lPsnW1
You can see permit in action when you use 1inch dApp.
— korpi (@korpi87) August 19, 2022
If you want to sell USDC, you don't have to approve it first.
All you need is to sign a message.
This signature grants 1inch the permission to spend all your USDC. 1inch won't do it but a malicious contract could. pic.twitter.com/Dd7ggJFWtl
Joe must have accidentally signed such a message on a malicious website.
— korpi (@korpi87) August 19, 2022
Unfortunately, this time he used a hot wallet and signing was just one innocent-looking click.
With a hardware wallet, there would be a second-thought moment while signing a message on the external device.
With Joe's signature a malicious actor submitted a transaction with permit function.
— korpi (@korpi87) August 19, 2022
It gave the malicious contract the permission to spend all USDC from Joe's wallet.
Then transferFrom function was called and the malicious contract drained the funds. pic.twitter.com/1U6lWr9pmw
Apparently signatures can be catastrophic.
— korpi (@korpi87) August 19, 2022
In some cases Metamask will warn you that signing a message can be dangereous.
But not in case of signed approvals which technically work as designed but can cause a lot of damage if misused.https://t.co/5H9rNWVR3b
How to avoid similar exploits in future?
— korpi (@korpi87) August 19, 2022
– Don't sign everything in Metamask.
– Spend time to understand what you sign.
– Be careful with traditional approvals (see linked thread)https://t.co/549NmPly5s
I hope you've found this thread helpful.
— korpi (@korpi87) August 19, 2022
Follow me @korpi87 and check my Notion: https://t.co/ZTqYKmhCNk for more.
Like/Retweet the first tweet below to protect others from similar exploits: https://t.co/9pqCSXi9JH
Will Ethereum merge lead to regulatory capture?
#Ethereum’s problems are caused by constantly optimizing for tokenomics over decentralization, security, and resilience. It looks like the Merge and POS will lead to complete regulatory capture by centralized exchanges & staking platforms, and there’s no way out for them. 🧵👇 pic.twitter.com/Ur9tf42K5p
— Samson Mow (@Excellion) August 19, 2022
So how did they get here? Deciding on a 32 ETH requirement to stake as part of the protocol (in order to lockup supply and maximize tokenomics). That pretty much made POS as centralized as possible, and plus they don’t have the #Bitcoin culture of not your keys, not your coins. pic.twitter.com/Ml4QV93ECP
— Samson Mow (@Excellion) August 19, 2022
So now you have 66% of validators that need to adhere to OFAC regulations. And the ETH they have deposited to stake can’t be withdrawn because the withdraw functionality wasn’t coded – because tokenomics. 📈 pic.twitter.com/BdjFqYk70J
— Samson Mow (@Excellion) August 19, 2022
But wait! Ethereans can just #UASF like those Bitcoin Maxi’s right? Like totally show Coinbase who’s the boss! pic.twitter.com/LBSRDOF79o
— Samson Mow (@Excellion) August 19, 2022
No. First, Ethereans don’t run their own nodes and second, most services depend on Infura, but that’s not the main problem. pic.twitter.com/8rI1FsDwuU
— Samson Mow (@Excellion) August 19, 2022
I’ll preface this next part and state that arresting developers for writing code is horrible and sets a terrible precedent. That said…
— Samson Mow (@Excellion) August 19, 2022
To #UASF you need software to run. Now all Ethereum forks have cool city names like Istanbul, London, Berlin, etc. Let’s call this hypothetical Ethereum UASF fork “Pyongyang.” Pyongyang would prevent Coinbase and the 66% majority from censoring OFAC sanctioned transactions.
— Samson Mow (@Excellion) August 19, 2022
Another way of saying “prevent the censoring of OFAC sanctioned transactions” could be “helping evade sanctions.” Maybe we forgot about Virgil. So anyways, who is going to code Pyongyang up? The Tornado Cash guy was arrested so the Pyongyang devs will likely be arrested too. pic.twitter.com/HQNtkyTQkg
— Samson Mow (@Excellion) August 19, 2022
Who’s going to run Pyongyang? The guys signaling with “X 🏴”? Are they going to link their Pyongyang node to their .eth account too? Coinbase, Kraken, Bitcoin Suisse, and the others making up the 66% majority are definitely not running Pyongyang.
— Samson Mow (@Excellion) August 19, 2022
Alright so an Ethereum #UASF is off the table.
— Samson Mow (@Excellion) August 19, 2022
“But we can just slash Coinbase and others if they dare comply!” pic.twitter.com/rmlgn8Cb2Y
I may be a Pathetic Bitcoin Maxi™ but I did spend 10 minutes researching and found there is no mechanic to slash Coinbase. There is no code to detect and punish anyone for censoring transactions. The Slashing mechanic only works to punish downtime or double-signing.
— Samson Mow (@Excellion) August 19, 2022
So we’re again back to needing the Pyongyang fork which no one will code up or run. Even if Pyongyang could exist, there’s no way for users to withdraw ETH. And even if they could withdraw, it doesn’t matter because only Infura matters. pic.twitter.com/RQ44BWUqzE
— Samson Mow (@Excellion) August 19, 2022
Assuming all the stars magically aligned and there was a way for Ethereum users to slash Coinbase etc, what does that mean? It means the minority stakeholders would have a mechanism to arbitrarily punish the majority. That’s not going to work in the long run.
— Samson Mow (@Excellion) August 19, 2022
And this is why we call #Ethereum a #shitcoin. It’s an exercise in futility, riddled with atrocious design choices, and engineered for the sole purpose of pumping the token. pic.twitter.com/irYDrzJcOO
— Samson Mow (@Excellion) August 19, 2022