Proposal Summary: Propose return funds to those individuals who were affected by the webhook bot in the Dev-Announcements channel on 25th, March
Background: On 25th, March in the Arbitrum Discord dev-announcements channel, a robot with an admin's name dropped a link to fake arbitrum foundation website. Some of people entered that site where they could connect wallets. Once anyone connected his wallet, his Arbitrum tokens, USDC and other tokens would be transfered to a hacker's wallet. Many people lost all of their $ARB, USDC and other tokens by clicking to the link.
Reason to propose: The scam link appeared in Official Arbitrum Discord dev-announcements channel, which caused people believe in the link and clicked into it. The victims shouldn't bear the loss by themselves.
Steps to Implement: 1, Download the CSV of sacmmer's address and check the hacked amount of each wallet address 2, Refund these addresses with lost tokens or same valued USDC or $ARB.
Timeline The arbitrum foundation should evaluate this proposal and help make a proposal for voting asap.
Thanks to the Arbitrum foundation.
Proposal Summary: Propose return funds to those individuals who were affected by the webhook bot in the Dev-Announcements channel on 25th, March
Background: On 25th, March in the Arbitrum Discord dev-announcements channel, a robot with an admin's name dropped a link to fake arbitrum foundation website. Some of people entered that site where they could connect wallets. Once anyone connected his wallet, his Arbitrum tokens, USDC and other tokens would be transfered to a hacker's wallet. Many people lost all of their $ARB, USDC and other tokens by clicking to the link.
Reason to propose: The scam link appeared in Official Arbitrum Discord dev-announcements channel, which caused people believe in the link and clicked into it. The victims shouldn't bear the loss by themselves.
Steps to Implement: 1, Download the CSV of sacmmer's address and check the hacked amount of each wallet address 2, Refund these addresses with lost tokens or same valued USDC or $ARB.
Timeline The arbitrum foundation should evaluate this proposal and help make a proposal for voting asap.
Thanks to the Arbitrum foundation.
This is exactly what happened to me. During airdrop withdrawal despite using the official arbitrum foundation site, all my ARB token were drained plus other tokens sent to the account. Please Arbitrum should kindly refund us. MUCH LOVE!
This is exactly what happened to me. During airdrop withdrawal despite using the official arbitrum foundation site, all my ARB token were drained plus other tokens sent to the account. Please Arbitrum should kindly refund us. MUCH LOVE!
I know this is different from the hack in question but i think i should be redunded, even if just partially. I put in the work, did the quests, racked up roughly $2200 in airdrop tokens and was robbed. Meta was hacked a couple weeks before the drop where another couple thousand was stolen. After a few days i realized i still basically had control of the wallet, i was there the second airdrop opened to try and beat the sweeper bot which is not that hard to do. Well the airdrop site would not load for hours, when it finally did i could see the hacker claimed all my tokens and shuffled them off to another wallet, i have a nice 4 page pdf file of proof including original hackers wallet, socials tied to the wallets and any other wallets my funds went to, i know arbitrum is better than this, i wont give my sob story but between the original hack and the loss of arb, that was about the last of my money, there has to be something that can be done.
The key point is that, it is an official announcement channel. The robot is set by admin. If the link is appeared in general channels by any normal person, surely we belive it is fake, but it appeared in an announcement channel. So, I think they should be refunded.
When we double see that announcement now, yes, we can understand it was a scam, but at that time, it was in announcement channel and tag everyone. People have the habit to click into the announcement and see what the link is. So, the key point is that, it appeared in announcement channel, that channel is for official announcement, not a normal channel or in any other place. So, I think they should be refunded.
I know this is different from the hack in question but i think i should be redunded, even if just partially. I put in the work, did the quests, racked up roughly $2200 in airdrop tokens and was robbed. Meta was hacked a couple weeks before the drop where another couple thousand was stolen. After a few days i realized i still basically had control of the wallet, i was there the second airdrop opened to try and beat the sweeper bot which is not that hard to do. Well the airdrop site would not load for hours, when it finally did i could see the hacker claimed all my tokens and shuffled them off to another wallet, i have a nice 4 page pdf file of proof including original hackers wallet, socials tied to the wallets and any other wallets my funds went to, i know arbitrum is better than this, i wont give my sob story but between the original hack and the loss of arb, that was about the last of my money, there has to be something that can be done.
The key point is that, it is an official announcement channel. The robot is set by admin. If the link is appeared in general channels by any normal person, surely we belive it is fake, but it appeared in an announcement channel. So, I think they should be refunded.
When we double see that announcement now, yes, we can understand it was a scam, but at that time, it was in announcement channel and tag everyone. People have the habit to click into the announcement and see what the link is. So, the key point is that, it appeared in announcement channel, that channel is for official announcement, not a normal channel or in any other place. So, I think they should be refunded.
I am a normal Web3 person, I support this proposal. Don't let the users down.
I am a normal Web3 person, I support this proposal. Don't let the users down.
You are not alone. I followed the link from the announcements on the channel and signed the message (everything was very buggy, and I restarted the browser, but all the funds were sent to the scammer's address) I used to rely on the announcements of the official groups (because only the project team has access to them), now I believe No. I think that in this case we are victims. I'm attaching a message from the announcements. thank you for your attention.
As this scam occurred due to the error of the Arbitrum Foundation and Discord team, I agree that a refund would make sense here.
The amount stolen by the scam was small overall but to those affected it makes a huge difference. Let’s start this DAO off right and not leave a subset of the community already bitterly left behind.
You are not alone. I followed the link from the announcements on the channel and signed the message (everything was very buggy, and I restarted the browser, but all the funds were sent to the scammer's address) I used to rely on the announcements of the official groups (because only the project team has access to them), now I believe No. I think that in this case we are victims. I'm attaching a message from the announcements. thank you for your attention.
As this scam occurred due to the error of the Arbitrum Foundation and Discord team, I agree that a refund would make sense here.
The amount stolen by the scam was small overall but to those affected it makes a huge difference. Let’s start this DAO off right and not leave a subset of the community already bitterly left behind.
I won’t support a proposal. DAO treasury should not be wasted.
around 22000 $arb, 15000 $usdc and some other tokens
agree but it was on official discord server so people should got refund.
agree. Reasonble idea IMHO
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
I won’t support a proposal. DAO treasury should not be wasted.
around 22000 $arb, 15000 $usdc and some other tokens
agree but it was on official discord server so people should got refund.
agree. Reasonble idea IMHO
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
I think arbitrum foundation should refund them lost tokens.
Can we make it a rule such that these kind of proposals include a dollar figure amount? It's hard to voice an opinion, not knowing if the back amount is a couple thousand or a couple million.
refund should be good for them
I can agree with that.
it makes sense to refund them.
Agree with that, they should be refund
I think arbitrum foundation should refund them lost tokens.
Can we make it a rule such that these kind of proposals include a dollar figure amount? It's hard to voice an opinion, not knowing if the back amount is a couple thousand or a couple million.
refund should be good for them
I can agree with that.
it makes sense to refund them.
Agree with that, they should be refund
I actually had not seen the announcement, there's just red flags everywhere tbh. The "team memeber" having a BOT label being the most obvious one imo.
I had a quick look and I think maybe like 20 people felt for it, since it was deleted after a couple minutes but I still agree with @xenos on
I actually had not seen the announcement, there's just red flags everywhere tbh. The "team memeber" having a BOT label being the most obvious one imo.
I had a quick look and I think maybe like 20 people felt for it, since it was deleted after a couple minutes but I still agree with @xenos on
it could be hard to credibly prove ownership of a hacked wallet and bind a new one on a case-by-case basis - it’s an incredible waste of resources. Otherwise you’ll just give more funds to the hackers.
Not a fan of his tone tho, not cool to beat a dead dog ser y'know
agree with hairaa people should get refunded
agree, the people who affected should be refunded.
Sound good, it was their mistake so return assets is good.
Refund assets would be good for these people.
I have created 2 proposals before with wallet address and it has been deleted. I can send you later his wallet address.
Yes I have address of hacker wallet but I don’t posted it here cause bot could ban this proposal. On explorer we can see list of wallets that have connected with website. It was transfer transaction scammer don’t got wallet seed or access to our wallet.
That was their mistake so refund will be fine.
In my opinion people should got refund.
I actually had not seen the announcement, there's just red flags everywhere tbh. The "team memeber" having a BOT label being the most obvious one imo.
I had a quick look and I think maybe like 20 people felt for it, since it was deleted after a couple minutes but I still agree with @xenos on
I actually had not seen the announcement, there's just red flags everywhere tbh. The "team memeber" having a BOT label being the most obvious one imo.
I had a quick look and I think maybe like 20 people felt for it, since it was deleted after a couple minutes but I still agree with @xenos on
it could be hard to credibly prove ownership of a hacked wallet and bind a new one on a case-by-case basis - it’s an incredible waste of resources. Otherwise you’ll just give more funds to the hackers.
Not a fan of his tone tho, not cool to beat a dead dog ser y'know
agree with hairaa people should get refunded
agree, the people who affected should be refunded.
Sound good, it was their mistake so return assets is good.
Refund assets would be good for these people.
I have created 2 proposals before with wallet address and it has been deleted. I can send you later his wallet address.
Yes I have address of hacker wallet but I don’t posted it here cause bot could ban this proposal. On explorer we can see list of wallets that have connected with website. It was transfer transaction scammer don’t got wallet seed or access to our wallet.
That was their mistake so refund will be fine.
In my opinion people should got refund.
How was a scammer able to post a scam link into the official announcements, can someone post a screenshot of the link/post here for archival and legal purposes? Is anyone pursuing legal action against the criminal?
Don't think your post would be deleted if you post the address, since it's totally relevant to the proposal.
How would you go about with identifying hacked wallets? Like, assuming I was hacked, how can I in a trustless way say: "that's my wallet and this is my new wallet", since just sending anything to the same wallets would just give the hacker more funds.
Also, do you have the hacker's wallet? or a tx hash of a hacked wallet? I did see the webhook on that discord channel but didn't see the website, and an article about the situation showed a website with just a text in it (link bellow). I personally haven't heard from anyone loosing funds because of it, so I'd like to see it for myself.
How would you go about with identifying hacked wallets? Like, assuming I was hacked, how can I in a trustless way say: "that's my wallet and this is my new wallet", since just sending anything to the same wallets would just give the hacker more funds.
Also, do you have the hacker's wallet? or a tx hash of a hacked wallet? I did see the webhook on that discord channel but didn't see the website, and an article about the situation showed a website with just a text in it (link bellow). I personally haven't heard from anyone loosing funds because of it, so I'd like to see it for myself.
Edit to link the article: https://cointelegraph.com/news/arbitrum-discord-hacker-shares-phishing-announcement-amid-airdrop-hype
How was a scammer able to post a scam link into the official announcements, can someone post a screenshot of the link/post here for archival and legal purposes? Is anyone pursuing legal action against the criminal?
Don't think your post would be deleted if you post the address, since it's totally relevant to the proposal.
How would you go about with identifying hacked wallets? Like, assuming I was hacked, how can I in a trustless way say: "that's my wallet and this is my new wallet", since just sending anything to the same wallets would just give the hacker more funds.
Also, do you have the hacker's wallet? or a tx hash of a hacked wallet? I did see the webhook on that discord channel but didn't see the website, and an article about the situation showed a website with just a text in it (link bellow). I personally haven't heard from anyone loosing funds because of it, so I'd like to see it for myself.
How would you go about with identifying hacked wallets? Like, assuming I was hacked, how can I in a trustless way say: "that's my wallet and this is my new wallet", since just sending anything to the same wallets would just give the hacker more funds.
Also, do you have the hacker's wallet? or a tx hash of a hacked wallet? I did see the webhook on that discord channel but didn't see the website, and an article about the situation showed a website with just a text in it (link bellow). I personally haven't heard from anyone loosing funds because of it, so I'd like to see it for myself.
Edit to link the article: https://cointelegraph.com/news/arbitrum-discord-hacker-shares-phishing-announcement-amid-airdrop-hype
I saw the announcement at that time. I just laughed and closed it. This kind of scam happens every week on different project discords. Anyway if a person clicks any crypto-related link they must follow basic security rules, and double check what they are signing, e.g. not give approvals for spending when they are supposed to claim...
This situation is absolutely similar to gambling. When people see a chance of winning they lose the sense of danger and ignore any risk management. Are you willing to refund every gambler who lost it all from your own or your organization's pocket?
I saw the announcement at that time. I just laughed and closed it. This kind of scam happens every week on different project discords. Anyway if a person clicks any crypto-related link they must follow basic security rules, and double check what they are signing, e.g. not give approvals for spending when they are supposed to claim...
This situation is absolutely similar to gambling. When people see a chance of winning they lose the sense of danger and ignore any risk management. Are you willing to refund every gambler who lost it all from your own or your organization's pocket?
For example, my personal rule is that if I see any announcement that is not too ridiculous and requires a wallet interaction I wait for a couple of hours to ensure that it is indeed official. Any rush or pressure is a scammer's number 1 friend.
I think these proposals should not even be considered. Personal negligence must not be fostered this way imo. Only some cases of protocol hacks could be reimbursed.
That was soooo obvious scam lmao 🤣 It was clearly stated that the airdrop distribution was final. Those who followed the link have no one to blame but themselves.
Those official channel hacks have been happening for years now. Everyone should be aware of that. This is not a centralized bank where you can revert your transaction. If you don't like it and are not willing to take responsibility for your actions then just go to your local branch.
Besides, it could be hard to credibly prove ownership of a hacked wallet and bind a new one on a case-by-case basis - it's an incredible waste of resources. Otherwise you'll just give more funds to the hackers.
Those official channel hacks have been happening for years now. Everyone should be aware of that. This is not a centralized bank where you can revert your transaction. If you don't like it and are not willing to take responsibility for your actions then just go to your local branch.
Besides, it could be hard to credibly prove ownership of a hacked wallet and bind a new one on a case-by-case basis - it's an incredible waste of resources. Otherwise you'll just give more funds to the hackers.
I don't support this kind of spreading several individuals' mistakes to all community. In the end, somebody will have to pay or somebody will not receive a grant because of their fault. Not acceptable.
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
Edit: I accidentally edited a post instead of replying. What I basically wrote that people should always double-check before the interact with any links, just as I should've check that I didn't edit the wrong post.
I saw the announcement at that time. I just laughed and closed it. This kind of scam happens every week on different project discords. Anyway if a person clicks any crypto-related link they must follow basic security rules, and double check what they are signing, e.g. not give approvals for spending when they are supposed to claim...
This situation is absolutely similar to gambling. When people see a chance of winning they lose the sense of danger and ignore any risk management. Are you willing to refund every gambler who lost it all from your own or your organization's pocket?
I saw the announcement at that time. I just laughed and closed it. This kind of scam happens every week on different project discords. Anyway if a person clicks any crypto-related link they must follow basic security rules, and double check what they are signing, e.g. not give approvals for spending when they are supposed to claim...
This situation is absolutely similar to gambling. When people see a chance of winning they lose the sense of danger and ignore any risk management. Are you willing to refund every gambler who lost it all from your own or your organization's pocket?
For example, my personal rule is that if I see any announcement that is not too ridiculous and requires a wallet interaction I wait for a couple of hours to ensure that it is indeed official. Any rush or pressure is a scammer's number 1 friend.
I think these proposals should not even be considered. Personal negligence must not be fostered this way imo. Only some cases of protocol hacks could be reimbursed.
That was soooo obvious scam lmao 🤣 It was clearly stated that the airdrop distribution was final. Those who followed the link have no one to blame but themselves.
Those official channel hacks have been happening for years now. Everyone should be aware of that. This is not a centralized bank where you can revert your transaction. If you don't like it and are not willing to take responsibility for your actions then just go to your local branch.
Besides, it could be hard to credibly prove ownership of a hacked wallet and bind a new one on a case-by-case basis - it's an incredible waste of resources. Otherwise you'll just give more funds to the hackers.
Those official channel hacks have been happening for years now. Everyone should be aware of that. This is not a centralized bank where you can revert your transaction. If you don't like it and are not willing to take responsibility for your actions then just go to your local branch.
Besides, it could be hard to credibly prove ownership of a hacked wallet and bind a new one on a case-by-case basis - it's an incredible waste of resources. Otherwise you'll just give more funds to the hackers.
I don't support this kind of spreading several individuals' mistakes to all community. In the end, somebody will have to pay or somebody will not receive a grant because of their fault. Not acceptable.
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
Edit: I accidentally edited a post instead of replying. What I basically wrote that people should always double-check before the interact with any links, just as I should've check that I didn't edit the wrong post.
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
agree but it was on official discord server so people should got refund.
These Discord scams have been around for longer than I can remember. You should trust nobody - if this were the official Airbitrum code or website that had been exploited, then I would have a different view. However, you shouldn't trust anyone posting a link into a Discord channel without checking for spelling errors. I'm sorry, but it's naive to automatically trust whatever is put into a Discord channel, whether it's an official account or not. Double-check every time.
It really doesn't feel fair that other users should pay for you not taking the time to double-check a link when interacting with a contract. Besides this would just let anyone careless trust any link in the future because they would be in this forum within 5 sec and demanding the DAO to pay back if they clicked a link from somebody who had the same name as a admin or such.
It is right that individuals should double check before their click any link. But, the scam link is appeared in official discord announcement channel, so, it makes individuals believe the link is real. So, personally, I don’t think individual should bear all the lost themselves.
agree but it was on official discord server so people should got refund.
These Discord scams have been around for longer than I can remember. You should trust nobody - if this were the official Airbitrum code or website that had been exploited, then I would have a different view. However, you shouldn't trust anyone posting a link into a Discord channel without checking for spelling errors. I'm sorry, but it's naive to automatically trust whatever is put into a Discord channel, whether it's an official account or not. Double-check every time.
It really doesn't feel fair that other users should pay for you not taking the time to double-check a link when interacting with a contract. Besides this would just let anyone careless trust any link in the future because they would be in this forum within 5 sec and demanding the DAO to pay back if they clicked a link from somebody who had the same name as a admin or such.
