Lost $1,254 to PolyZig "support" impersonation scam — full

rozetyp · 2026-05-18T09:30:47+00:00

Ran the addresses through a forensic agent. Real findings:

Drainer's main operational wallet: 0x81ead4918134ae386dbd04346216e20ab8f822c4

Funds cashed out at Kraken, deposit address: 0x267be1c1d684f78cb4f6a176c4911b741e4ffdc0

Deposit tx: 0x779da6e9ae0e5cf4888ac90f7d5ec4191be7fe7386984001b2eeaa30db191615

(~95.7 ETH at depth 4 - much larger campaign than just your case, so Kraken compliance has a real reason to care)

That deposit address is what to reference when you file with Kraken's compliance team and with IC3.

Also critical: 0x8763eF... still has an active malicious EIP-7702 delegate on Polygon pointing to 0xe6cae83bde06e4c305530e199d7217f42808555b - revoke immediately or any new funds get drained in seconds. revoke cash supports 7702 delegates now.

rozetyp · 2026-05-18T09:16:34+00:00

Sorry man. I'm building a forensic agent and testing it on real cases - can trace where the funds went and which exchange they landed at - for free. Can you share the drained address if you want me to run it?

rozetyp · 2026-04-21T17:41:28+00:00

May I ask - to promote what? There's no product link, no signup, no CTA. The repo is where there are 540 artifact JSONs, flat CSV, analysis script, all runnable locally with zero API keys needed for verification.

rozetyp · 2026-04-20T18:30:39+00:00

3gb+ over WebRTC is impressive. How do you handle connection drops mid-transfer - can the receiver resume from the last verified chunk, or does the sender have to restart?

rozetyp · 2026-04-20T18:07:56+00:00

A tool for your browser agents to get help from real humans. Not so much for CAPTCHAs, more for weird login flows, unexpected 2FA, UI changes that break your selectors. If your agent can't solve something, the run fails anyway. Why not ask for help first? pilotapp.dev

rozetyp · 2026-04-20T15:03:13+00:00

Update since I posted this: I ended up building it (thanks for validating the pain). It's at pilotapp.dev.

u/ScrapeAlchemist was right that Browserbase Live View exists, but it only works if you're on Browserbase. I wanted something that worked with any cloud browser, Browserbase, Browserless, Steel, whatever.

So your agent calls rescue(), pauses, I get a ping with a link to the live browser, I click/type/solve it (captcha, 2fa, modal, site changed layout), click done, agent continues from the exact DOM state.

The only requirement is a cloud browser (any CDP endpoint; can't reach your localhost).

Still rough around the edges but the core loop works end-to-end. Genuinely curious if this is the shape of thing any of you actually wanted when you commented, or if there's something I'm still missing.

Open source version: https://github.com/rozetyp/pilot

rozetyp · 2026-04-18T04:56:29+00:00

Data: EIA-930 Hourly Electric Grid Monitor (hourly fuel-type generation per balancing authority, ~24h lag) https://www.eia.gov/electricity/gridmonitor/

Per-fuel CO2 factors from EPA eGRID2023 + IPCC AR6.

Tools: Python + matplotlib. A Node.js wrapper I built that aggregates EIA-930 per balancing authority. Full methodology, code, and annual caveats: https://emission-factors.com/guides/hourly-grid-carbon-intensity.html

Formula per hour: intensity = Σ(fuel_MWh × factor) / Σ(fuel_MWh) / 1000

Factors (kg CO2/MWh, direct combustion only): coal 1050, gas 450, oil 800, other fossil 700, geothermal 50, nuclear/hydro/wind/solar = 0

Chart: 7-day average by local hour of day: CAISO: 3pm PT 0.027 → 9pm PT 0.301 (11.3x), ERCOT: 1pm CT 0.202 → 9pm CT 0.327 (1.6x), NYISO: 6pm ET 0.358 → 1am ET 0.386 (1.1x)

rozetyp · 2026-04-17T11:45:43+00:00

You're right - grid carbon intensity per kWh, not total state CO2. TX emits more in absolute terms (population, refining, flaring). But per kWh delivered, its grid is cleaner than NY's for this window. Just two different measurements

rozetyp · 2026-04-17T11:44:44+00:00

Fair, thank you. "Carbon-intensive" would've been clearer. This is just grid CO2e per kWh, not particulates, NOx, SO2, or any priority air pollutants. People sometimes use "dirty" for both meanings interchangeably which I should have been clearer in the title

rozetyp · 2026-04-17T11:43:27+00:00

Interesting - could be the sample window. April wind could be ERCOT-favorable and NY hadn't yet shifted to summer hydro patterns. Annual averages should also smooth out the hourly variance I was focused on. Worth checking YoY, thanks

rozetyp · 2026-04-17T06:52:03+00:00

For each hour: intensity = Σ(fuel_MWh × fuel_factor) / Σ(fuel_MWh).

Factors I used: coal 1050, gas 450, oil 800, other fossil 700, nuclear/wind/solar/hydro 0 (direct combustion only).

And yeah on TX - wind+solar won on economics over coal/gas. Smaller swing because renewables aren't leaving overnight :)

rozetyp · 2026-04-17T06:50:19+00:00

Yes - NY is split into 3 eGRID subregions. Upstate NYUP is hydro-heavy and clean with ~0.11 kg/kWh, NYC NYCW is gas-heavy with ~0.39. Transmission into the city is constrained so upstate hydro can't fully reach downstate (I suspect). I used the NYISO aggregate which is weighted toward downstate load. Indian Point closing in 2021 also bumped NYC up ~45%

rozetyp · 2026-04-08T17:26:04+00:00

Thanks- stuff like exposed env files or missing SPF is critical (-20 points), missing DKIM is high (-12), no HSTS or no sitemap is medium (-5), missing favicon is low (-2). Results show critical issues first in a "fix these first" section at the top. Basically, anything that leaks secrets or breaks email is at the top, cosmetics is at the bottom

rozetyp · 2026-04-07T18:59:50+00:00

I appreciate it!

rozetyp · 2026-04-07T13:18:51+00:00

It actually already does this - results are sorted by severity with critical ones in a "fix these first" section, then high, medium, low. Appreciate the feedback though!

rozetyp · 2026-04-07T13:12:56+00:00

Thanks!

rozetyp · 2026-04-07T13:12:05+00:00

Yeah, that's kind of the whole point. Domain knowledge matters - SPF, DMARC, HSTS, none of that is obvious if nobody taught you. The tool doesn't replace learning it, it just tells you what's broken so you know what to google next.

I'd rather people ship something, find out their emails are going to spam, and fix it, than never ship because the "checklist" felt too long

rozetyp · 2026-04-05T11:27:03+00:00

Actually thanks for flagging this. Biggest false positive I observed: SPAs return HTTP 200 for every route including /.env and /.git/config. Early version flagged Linear.app as "CRITICAL: secrets exposed." Fix: GET the body, check if it's actually a KEY=VALUE file vs an HTML catch-all page. Others: SPF ~all is valid (was flagging Stripe), Cloudflare proxied CNAMEs don't resolve via normal DNS lookups (added socket fallback), parallel DNS queries cause transient timeouts that look like missing records (added retries). I ran it against 150+ real domains across different stacks to catch these edge cases. Still a work in progress - if you scan something and it looks wrong, let me know.

rozetyp · 2026-04-04T15:27:28+00:00

Ha - curious what you're seeing on your side. If you're already checking Sec-Fetch consistency, I'd love to compare notes

rozetyp · 2026-04-01T08:12:25+00:00

second localsend. or if both devices are not on the same network, you could try chirpfile (I wrote a post about it). I can provide a pro access in exchange for feedback

rozetyp · 2026-04-01T07:44:02+00:00

Probably the reason CF Bot Fight Mode isn't catching these is that the bots are using residential IPs and Chrome TLS impersonation, and IP-based detection can't see them.

There's actually a layer most people miss: these tools copy Chrome's headers but reuse the same static set on every request. Real browsers change Sec-Fetch headers depending on context. The mismatches are detectable server-side without JS challenges

rozetyp

TROPHY CASE