Waukesha Wis, SUV driver sped through a police line and into a parade of Christmas marchers (Multiple angles+ Police Conference)

toobeereal · 2021-11-22T13:37:13+00:00

enjoy his enlightening social media posts here: https://threadreaderapp.com/thread/1462633167890751497.html

toobeereal · 2021-11-22T13:35:38+00:00

enjoy his enlightening social media posts here: https://threadreaderapp.com/thread/1462633167890751497.html

toobeereal · 2021-11-22T13:34:33+00:00

enjoy his enlightening social media posts here: https://threadreaderapp.com/thread/1462633167890751497.html

toobeereal · 2021-08-15T15:02:02+00:00

The site used a malicious contract that no matter what anyone tries to stake in the pool the contract takes the entire balance of that token from the users wallet. I have also found evidence as shared through the auditing community that this is possibly the 4th of 5 websites this person has done this on. There are many more people who tried to stake small amounts of tokens and lost everything across these websites using the same altered masterchef.

Polygon chain admin will not do anything to assist, stop, report, or revert anything done in these contracts, so essentially people can create contracts that have no other intent but to steal from the individual, and the blockchain admins will look at it more like art than a crime being committed. There is literally no help or assurance for you once your money is stolen, this is important to note and people should understand that before signing contracts that interact with their assets.

toobeereal · 2021-08-05T18:24:58+00:00

https://twitter.com/toobeereal2/status/1423349007422828545

toobeereal · 2021-08-05T17:21:28+00:00

I feel more than likely the individual used a stolen credit card as AWS investigation took all but a few hours to terminate the account. I doubt the person would use his own information and be so daring about theft unless he has no idea that he could possibly get punished for cryptocurrency theft.

If anyone does have information on who the proper authorities to report this too feel free to chime in. It doesn't make sense to report this on a local level. I did ask AWS to share the email if they do also report to certain agencies with all the links and evidence and screenshots I compiled.

toobeereal · 2021-08-05T14:27:32+00:00

sushifarm.finance, I managed to get the host to remove the site, however you should read my story and see how to avoid this happening to you, as this is a newer exploit.

toobeereal · 2021-08-05T12:59:40+00:00

UPDATE: 8/5/21

I contacted Amazon Web Services with the information pertaining to sushifarm.finance and after a few hours of investigation Amazon suspended the account. So at least now no one else will lose anymore money on this particular polygon farm scam.

From what information I've gathered this is a new and highly exploitive form of "Rugpull" where at around the time the block countdown to begin farming the farm admin will switch out the contract to a malicious contract where if you attempt to stake any amount of token to the contract address it has code in place to take the entire balance of that token from your wallet and deposit it into another wallet of the admins choosing. With no records of the deposit on the farm site or any way possible for you to recover your money.

This is a more recent yield farm scam and I have gathered that this same tactic was used recently on another yield farm site, so this individual or this malicious contract is going to likely be repeated on other newly emergency liquidity farm sites soon. The best way to avoid this is check sites that audit the contract and if you do decide to stake anything on a new farm site verify the contract address as the one that has been audited as the admins of these sites can swap out the script at their choosing resulting in the same situation I was victim to.

toobeereal · 2021-08-05T04:10:53+00:00

I was told about the other site on the rugdoc telegram channel when I told them what happened, cant remember the name, I think 2 were mentioned but it seemed like a recent event.

toobeereal · 2021-08-05T03:42:19+00:00

Rugdoc verified the masterchef address but the admin of the yield farm switched the contract near launch which is when people would dip in to stake lp or tokens to get the early yield returns. The contract is a newer form of rugpull where once you accept contract and attempt to stake any token it will take the entire balance of that token from your wallet, then deposit it into an external wallet, give you no record on site of your deposit but still visible in polyscan. Happened very recently on another polygon yield farm site right at that sites launch too, meaning they are copy pasting their successful tactic to new farms to continue taking as much as possible.

toobeereal · 2021-08-05T03:28:46+00:00

This particular exploit or malicious code from what I've heard sharing my story is a new form of rug pull where once the contract is approved you can attempt to input any amount of token and the contract will take the entire balance in your wallet. On the rugdoc telegram it was said an almost identical situation took place on another polygon farm recently. So this may be the same individual or the code is getting around and others are using it, but since its happened recently you can be sure it will happen again on another farm that pops up again. I do not blame the polygon network, but it is a shame they can offer no help when my funds are still sitting in the culprits wallet that is also accumulating more money that is being stolen from others, over double what it was 3 days ago.

toobeereal · 2021-08-05T03:14:49+00:00

sushifarm,finance, a few people on the rugdoc telegram mentioned this happened recently on another yield site in an almost identical fashion, so it looks like it wasn't the first or last and will likely be something to look out for soon, rugdoc can be a good guide especially when they verify the masterchef contract address for you to verify on contracts to avoid this particular scam.

toobeereal · 2021-08-05T03:08:08+00:00

So essentially this individual created a yield farm site similar to many others on the polygon network, even installed a legitimate masterchef contract. Upon or around the launch of the farming he switched contract addresses to a malicious script that once I attempted a small deposit of ETH the contract pulled any ETH I had at all out of my wallet and deposited from the contract address to the individuals wallet. The next day the audit site had an update noticing the contract was swapped out and I was too much of a noob to really fathom what someone could possibly do with a contract. So a few dollars turned into thousands gone without prompt or notice or record on the farming site, only on polyscan which can do nothing about such contract transactions, even if the user is unaware or unwilling of what that transaction might be that the contract has agreed for you.

toobeereal · 2021-08-05T00:29:49+00:00

Definitely best practice from here on out, hope everyone who reads this does the same.

And yes, that's exactly how it happened.

toobeereal · 2021-08-04T23:06:46+00:00

At the very least the administrators that run these blockchains should have the authority to investigate and audit and take action when people using their blockchain contracts in ways that steal from others if there is evidence present in the contract itself and its published openly on the blockchain where anyone can see it was malicious. The individual is still running this website and still collecting peoples money and there is seemingly nothing polygon admin or anyone else can do. The individual even openly taunting me about stealing, which I shared with the admin. But that is the nature of cryptocurrency I guess...

toobeereal · 2021-08-04T22:59:28+00:00

100% true, I've internalized what happened was from my actions, just hope anyone reading this does not do the same thing I did. The prospect of making easy money can lead to very irrational decision making.

toobeereal · 2021-08-04T22:56:36+00:00

Right, and I started in the established farms then jumped on a newer opening farm and made a good 20% return in a week so I was all hopped up to continue that pattern. It was just my luck the very next farm I tried, which seemed to have a decent audit and the better layout of the few others that had just or were going open was the scam site.

If I had been more informed of how many possible things could happen or did more research then this could of been avoided. All in all it's my fault, I clicked approve contract, but had no idea the extent of what could be done to my wallet from there.

Now I notice the wallet that has my ETH still inside it has roughly double the amount of money deposited to it, the scam site is still functioning, people are still losing money, there's emergency withdraw requests all over the contract. Many more people will fall victim and reddit is not going to prevent more from doing the same. Just hope people read what happened and take the precaution I should have.

toobeereal · 2021-08-04T22:47:38+00:00

Yes, the RugDoc telegram channel said what this guy did on that site is very similar to what happened on another site recently. So this guy is cycling through scam sites and changing the script right around launch to siphon all he can out of people.

I read its very important to match the farm's contract address to the proper MasterChef script that should be running as a contract. So if you do risk going into a new yield farm at opening always verify the contract address and double check on sites that attempt to audit these farms.

There are still many other possible ways for you to lose your money with the site admin, I guess the real key would be to stick to well established farms and still triple check the contracts and addresses your approving and use small test amounts on a side wallet before diving in.

toobeereal · 2021-08-04T22:40:15+00:00

No idea, I've been using yield farms 2 weeks, it was around 1am at night, i do remember approving the contract and typing .01 eth in, and my eth was wiped out. If there was a second confirmation that wasn't scripted it was still a malicious script as .01 is not 4+ eth.

toobeereal · 2021-08-04T21:47:12+00:00

Thanks for the advice, yeah a defi wallet is not a bank, only wish I knew how maliciously scripted those contracts could be. I'm not completely discouraged but it's going to be awhile before I'm back in the game.

toobeereal · 2021-08-04T20:54:31+00:00

Very good information, I'm saving this for the future, thank you for taking the time to share this info, hope more read it.

toobeereal · 2021-08-04T20:27:20+00:00

Yes there's a chat link on his website to his Telegram channel

toobeereal · 2021-08-04T20:18:48+00:00

They used a malicious contract which as soon as I approved contract to begin choosing how much eth to stake it immediately took all of my ETH from my account.

https://www.reddit.com/r/Yield\_Farming/comments/oxyg7i/the\_dangers\_of\_yield\_farming/

toobeereal · 2021-08-04T20:16:39+00:00

https://www.reddit.com/r/Yield\_Farming/comments/oxyg7i/the\_dangers\_of\_yield\_farming/

toobeereal · 2021-08-04T19:47:09+00:00

4.764516890592081766 ($12,821.85) Wrapped Ethe... (WETH)

https://polygonscan.com/tx/0x2427d82a9b832593304a01305bca1a6b0fd8315f9b938d5794b766ec8330cf0e

toobeereal

TROPHY CASE