Fake twitters
UrlScan IoCs
Balancer
Discussed the general workflow with Danko over a conference call
and got added to Balancer Maxi Repo in GitHub.
Came to a mutual agreement the following extra data will start to
be accumulated as data streams in the maxi repo as additional data
to the usual monthly reports.
I am not sure of the format, I plan to use plain text or JSON,
whatever is preferred for easier pipeline integration.
I also have a system which I use, called "IceCream" where i put
the new stuff (Cacao) detected versus the old array (Vanilla) I
can upload those too, as I have them.
I use this system with a few regular expressions to remove
duplicate from huge json arrays (50K lines +) without manual
checks, as manual checks is like looking for a needle in a hay
sack with thus much data.
Sorry about the dumb name, I made it up as a "temporary" thing and
then stuck with it.
So no matter how many scams I find, I stack them, filter duplicates and only then push to pull requests with the IceCream system. Otherwise CI/CD in MetaMask's GH complains and manual work is needed, which is sub optimal.
My role to controlling the damage was limited to:
- Proactively searched for fakers on twitter reported and removed their profiles and scam sites
How it started
How its going
- Proactively searched for fakers and removed their scam sites
Search "(balancеr|balqncer|balancer|balahcer|bqlancer|baIancer|balencer|baiencer|balancer-fi|balancer-fl|baiancer-fi|balencer-fi|balancer\.fi|balancer-fl|ba[l1][ae]ncer|b[ao]l[ae]ncer|b[aq]lancer|fi-balancer|app-balancer|bal-drop|airdropbal|balancerairdrop|[a-zA-Z]*balancer[a-zA-Z]*|[a-zA-Z]*bqlancer-[a-zA-Z]|[a-zA-Z]*balancer[a-zA-Z]*|a-zA-Z]*balancerfi[a-zA-Z]*|a-zA-Z]*bal-[a-zA-Z]*|[a-zA-Z]*baiancer[a-zA-Z]*)" (1902 hits in 31 files of 31 searched) |
As balancer is
a common word and "Load Balancer" is often registered and
present in subdomains alike, there is a lot to filter though,
but the real number of scams is fairly low ~ 2.7%, 46 from
almost 1700. Still higher than usual, presumably due to the
exploit.
Search "walletconnect" (14
hits in 9 files of 31 searched) Search "trustwallet" (36 hits in 18 files of 31 searched) Search "sushiswap" (73 hits in 26 files of 31 searched) Search "pancakeswap" (262 hits in 31 files of 31 searched) Search "metamask" (482 hits in 31 files of 31 searched) Search "elonmusk" (416 hits in 31 files of 31 searched) Search "coinbase" (2044 hits in 31 files of 31 searched) Search "binance" (2565 hits in 31 files of 31 searched) Search "airdrop" (403 hits in 31 files of 31 searched) |
Search "(usdc|claim|coinbase|colnbase|c0inbase|c0lnbase|cornbase|coirbase|balancer|balahcer|bqlancer|baIancer|[a-zA-Z]*1inch[a-zA-Z]*|[a-zA-Z]*1inch-[a-zA-Z]|[a-zA-Z]*oneinch[a-zA-Z]*|a-zA-Z]*1-inch[a-zA-Z]*|a-zA-Z]*1-inch[a-zA-Z]*|[a-zA-Z]*1inch[a-zA-Z]*|[a-zA-Z]*pancakesw[a-zA-Z]*|[a-zA-Z]*pancakesv[a-zA-Z]*|[a-zA-Z]*pancokesv[a-zA-Z]*|[a-zA-Z]*pancokesw[a-zA-Z]*|[a-zA-Z]*pancakosw[a-zA-Z]*|[a-zA-Z]*pancakkesw[a-zA-Z]*|[a-zA-Z]*pancake5[a-zA-Z]*|[a-zA-Z]*uniswap[a-zA-Z]*|[a-zA-Z]*uniswap-[a-zA-Z]|[a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*uni-[a-zA-Z]*|[a-zA-Z]*unisvv[a-zA-Z]*|unlswap"|[a-zA-Z]*uniswap[a-zA-Z]*|[a-zA-Z]*uniswap-[a-zA-Z]|[a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*unisvap[a-zA-Z]*|a-zA-Z]*uni-[a-zA-Z]*|[a-zA-Z]*pancakesw[a-zA-Z]*|[a-zA-Z]*pancakesv[a-zA-Z]*|[a-zA-Z]*pancokesv[a-zA-Z]*|[a-zA-Z]*pancokesw[a-zA-Z]*|[a-zA-Z]*pancakosw[a-zA-Z]*|[a-zA-Z]*pancakkesw[a-zA-Z]*|[a-zA-Z]*uniswap[a-zA-Z]*|[a-zA-Z]*uniswap-[a-zA-Z]|[a-zA-Z]*unisvap[a-zA-Z]*|dapp|wallets|wallect|synchr|rectify|unlock|walet|1inch|airdrop|ethereum|walet|wallet|coinbase|uniswap|pancakeswap|liquidity|vvallet|metamask|metamaks|metemask|metamaks|paraswap|exchange|liquidity|kraken|bitso|dapp|sushiswap|sushlswap|sushisvv|opensea|polygon|walletconnect|waletconect|waiietconnect)" (42811 hits in 30 files of 31 searched) |
Responsible moderator:
dubstard after: 2023-08-01 before: 2023-08-31 in:
👮︲moderation = 144 |
144 offenders banned manually:
As myself and Cosme, Danko, Gerg, Gleb and the rest
of the mods are in somewhat different timezones (I am in EEST),
we sort of "cover" for each other, while one is asleep, the
other continues to monitor and swing the ban hammer, alongside
with the bots, that autoban many offenders!
Also the new bot is doing a lot of automated cleaning up now!
balancer.lat
balancerfi.online
https://twitter.com/BaIencar
https://twitter.com/BaIancers
balancerf.site
balancerr.shop
balancer.my.id
register-balancer.com
balancer.world
defibalancerdao.com
balancers.finance
balancerglobal.org
balancerd.xyz
cryptobalancer.info
balancerglobal.org
revoke-balancer.finance
compensate-balancer.com
compensate-balancer.finance
compensate-balancerfi.com
withdraw-balancerfi.com
balancer.claims
app-balancer.xyz
app.apps-balancer.finance
balancerlab.com
bl0ckbalancer.com
balancers.cc
balancercode.newfinancialmarketworld.com
cjh64likbfgta528qhr0.apps-balancer.finance
cjh8arakbfgta52aclf0.apps-balancer.finance
app-balancer.org
balancerv2.pro
balancer.houseextra.com
balanccer.finance
balancer-dashboard.com
balancer-fi.info
ballanser.fi
v2-balancer.com
wwwbalancer.org
belancer.finance
balancerio.com
balancer.web3-connects.net
balaner.exchange
appbalancer.fyi
wwwbalancer.com
alancer.capital
dg-balancer.com
dg-balancer.net
dg-balancer.org
balancerapp.finance.augurapp.com
Still plenty of Computing Units available - 978K
And one fake Chrome Extension