- 2nd biggest (right after the treasury / CZ reserve).
Also, if ECC decides to release a new contract and swap NFTs, please ban only those NFTs that were stolen, but not sold yet, i.e. if the stolen NFTs were bought by someone (for example these treasury NFTs as they actually were bought, can be checked on blur), let them be swapped for new ones.
Did you buy the stolen NFT’s?
It amazes me that only two addresses have done signature overrides, one of them still has a transaction hanging in execution.
These concrete (21) CZNFTs stolen from the treasury have been bought by the biggest CZNFT holder and shouldn’t be restricted/banned/flagged. No other stolen NFT has been sold.
#6584
#8801
#8807
#8808
#8921
#8929
#8934
#8935
#8943
#8949
#8951
#8956
#8960
#8962
#8967
#8973
#8976
#8988
#8999
#9000
#9004
Can be also checked here when you check sells on the history page here: 0x3c440 - Portfolio | Blur This is the second address of the hacker that is also used to sell these NFTs.
found 8 few more, so it looks like 29 in total.
#431
#602
#2145
#2147
#2148
#2757
#4923
#6110
With revoke.io should we just be checking that there are no approvals for CPZ or are we meant to be going to signatures and cancel signatures to prevent NFTs being stolen through this exploit?
Don’t you think this guy has something to tell us? He first takes one NFT each from different people, then he robs the treasury, then he sends ETH to an untraceable smart contract: ResolvedDelegateProxy | Address 0x866e82a600a1414e583f7f13623f1ac5d58b0afa | Etherscan
2 Likes
Thanks, if a wallet shows 100% health before cancelling signatures do we think they still need to be cancelled?
1 Like
I think the main “accesses” tab should be empty. After I canceled the signatures on the second tab, revoke still offers to do it again. I didn’t duplicate the commands. If it’s showing 100%, I think it’s fine.
1 Like
Would be good if someone from ECC could confirm if cancelling signatures is required @adjychris
It has everything to do with them. For one, they created this NFT. Secondly, they promoted it. Instead, they should have been working on more meaningful things to give value to the chain vs. chasing a trend.
Hello!
There’s a vulnerability on ledger web3 connector affecting a huge range of projects.
If you look at the link of the tweet it appears that revoke{dot}cash is also affected.
I’ve consulted this with a friend who is a web3 specialist and he confirmed that it appears so. The latest ledger web3 connect vulnerability affects revoke{dot}cash
please be careful.
5 Likes
2 Likes
Many things can and should be done in parallel. There is no diversion of resources here, because engineers do their own thing and managers do theirs. This is how absolutely any company works. I personally really like the idea of CPZ and despite the current problems I’m glad to have these NFTs.
3 Likes
Pin your dependencies, don’t load CDN garbage on the fly. Control your build pipeline. These are basics for any good web development. To see this happen with money on the line blows my mind.
Free2Z has a very conservative approach where it doesn’t ask to play with your wallet on your behalf at all, much less with unknown, non-deterministic dependencies loaded from untrusted sources.
Zcash community should let web3 flail and focus on private, p2p, electronic cash (sent and received outside of the web browser).
4 Likes
If I can’t trust the Open Sea (the platform on which millions of dollars worth of deals are made every day) certificates that I signed, what can I trust? In my eyes WEB3.0 has moved into the very distant future.
3 Likes
I’ve been saying that ever since Sand Hill road has commandeered the term. It’s crypto. It’ll always be crypto. Web 3 is a filter to sus out charlatans.
2 Likes