Twitter followers were migrated, but anyone "following" using something like a crontab that retrieves a link based on the old Twitter name might be fooled.
Even that is apparently not to fringe to work for phishing.
This works because we've been conditioned to install videochat plugins, no matter the security warnings.
Personally I installed a few of these. I remember when running Google Meet without Chrome required some plugin and when Zoom required admin password every now and then to perform an update (even after the Mac vulnerability incident[1]).
I hope I'll think twice next time I see a prompt to install a plugin like this.
Why installing an app allows to "drain wallets"? Why does a video chat app, which is installed from untrusted source, have an access to a wallet private key? Why OS allows this?
There is no way to prevent this on the OS level without making an OS as locked down as iOS.
Anything less, and the user will find a way to accidentally give admin permissions to random apps.
NB: I don't believe that it's the OS's job to protect the user from themselves. Shielding people from consequences of their own actions results in people making worse mistakes later on.
The OS's job is to protect user from malicious apps or apps with vulnerabilities. It does its job very poorly, for example, I have to manually build sandboxes and create users for every app, and I don't understand why this cannot be built-in and automated.
Honestly, trusting the OS to save you is a bad idea. Why people have one omni device that owns their identity and assets and they will install software "someone online" asked them to on it is beyond me. Horrible opsec all around.
The barrier to entry of making legit-looking scams has never been very high, to the point where I don't believe them being even easier to generate makes any difference
Yes, it reads fairly legit too, not LLM copypasta. Wonder if the scammer was literate or they hired an actual copywriter? Probably just reworded a legit writeup of another product, though. But looking for all the "Vortax" bs they put ou there could be a trail to find them.
I'm still thinking about this. There must be a enough money in this endeavor for it to be worth expending this kind of energy in making it seem legitimate.
This raises questions.
What other endeavors, corporations, or practices do we accept as legitimate that are clearly not? FTX is one example that's obvious in retrospect. How about suspect practices that have become legitimized because of the sheer money and power accrued? I'm thinking for example banks that have been caught red-handed doing business with mafias or terrorists but have not been punished. But those are knowns. What are the unknowns?
Twitter (I refuse to use the artist formerly known as bs), considering its great leader, should have detected this before it even went out.
Instead, a user who hasn't been active on Twitter for some time can do something totally benign, not even including messaging or posting, and get flagged as suspicious.
Meanwhile, an account handle changes, and the old one is reclaimed by someone else. And then very suspicious messages get sent. This should be reasonably detectable with less false negatives than what they subject the rest of us to already.
Repudiation is one of the most important features of existing commerce systems and until there's a crypto system that considers that a requirement instead of a cute little non sequitur then nobody serious will ever take crypto currency seriously.
It's just a bunch of pyromaniacs repeatedly burning themselves an each other and saying, "huh, that's weird."
