Wallet Bot on Telegram Adds Bitcoin Support to Web Interface Following Tether Integration

April 21, 2023 Bitcoin.com

Subway-themed trading bot makes millions using ‘sandwich’ attacks

April 20, 2023 Coin Telegraph

Bot

The anonymous MEV bot operator’s best day was April 18, where he profited about $950,000.

An anonymous Maximal Extractable Value (MEV) bot operator has cashed in well over $1 million this week by executing “sandwich attacks” against buyers and sellers of two new meme coins.

The wallet address, linked to the Ethereum Name Service (ENS) domain “jaredfromsubway.eth,” made $950,000 from the sandwich attacks on April 18 and profited about $300,000 and $400,000 on April 17 and 19, respectively, according to an April 19 tweet from nonfungible token data platform Sealaunch.

After closing the day of yesterday with a profit close to $1M, jaredfromsubway.eth MEV bot is already profiting close to $400K today pic.twitter.com/VxouxAc59s
— sealaunch.xyz (@SeaLaunch_) April 19, 2023

The bot’s ENS domain is a likely tongue-in-cheek nod to the popular sandwich chain and its disgraced former spokesperson Jared Fogle.

Over a 24-hour period between April 18 to 19, 7% of all Ethereum gas fees were spent by the MEV bot, Sealaunch explained in a separate post.

A large proportion of the profits came from attacks on trading activity relating to two new meme coins, Pepe (PEPE) and Wojak (WOJAK), which has helped propel jaredfromsubway.eth to the become the largest gas guzzler over the last day and week, crypto researcher Matt Willemsen explained:

Wondering why gas is so damn high? ‍

jaredfromsubway.eth (lmao) is absolutely cleaning up by sandwich-attacking $PEPE and $WOJAK trading activity. They are #1 gas spender over the past day and week.

MEV sandwich bots on Ethereum have made $100M+ since the weekend. https://t.co/qhxyxlac20
— Matt Willemsen (@matt_willemsen) April 19, 2023

A sandwich attack occurs when an attacker “sandwiches” a victim’s transaction between their own two transactions in order to manipulate the price and profit from the user.

This is possible because the victim’s transaction is first sent to the mempool where it waits to be added to the next block. In the meantime, the attacker sets one transaction with a high gas fee — to ensure it is accepted first — and another transaction with a lower gas fee to ensure it is accepted after the victim's transaction.

The attacker profits by buying the victim’s token at a price cheaper than market value, then sells it within the same block — taking in the difference between the revenue from the transaction minus the gas fees.

The large profits pocketed by jaredfromsubway.eth came from nearly $1.2 million being spent on gas fees between April 18 and 19, according to data shared by Thomas Mattimore, head of platform at the Reserve Protocol.

The MEV bot operator has spent over $7 million in gas fees across 180,000 transactions, according to Sealaunch.

While some are finding the humor in the MEV bot’s domain name and actions, not all are happy.

One analyst for on-chain analytics firm Glassnode questioned the “value” of the work jaredfromsubway.eth is providing to the world.

Other Twitter users went one step further, expressing their hatred and frustration toward the MEV bot operator.

when i see jaredfromsubway.eth on the shitcoin i just aped my entire networth into pic.twitter.com/heK4bnbikf
— DRT (@pepeDRT) April 19, 2023

According to MEV Blocker, MEV bots have extracted more than $1.38 billion from Ethereum users attempting to trade, provide liquidity and mint NFTs.

Several MEV Block projects have been launched in recent months to help protect Ethereum users from sandwich attacks.

Magazine: Magazine: ‘Account abstraction’ supercharges Ethereum wallets: Dummies guide

StabilityAI launches StableLM open-source alternatives to ChatGPT

April 19, 2023 Coin Telegraph

StabilityAI announced the launch of StableLM, a suite of open-source large language models.

The large language model sector continues to swell as StabilityAI, maker of the popular image-generation tool Stable Diffusion, has launched a suite of open-source language model tools.

Dubbed, StableLM, the publicly-available alpha versions of the suite currently contain models featuring three and seven billion parameters with 15, 30, and 65-billion parameter models noted as “in progress” and a 175-billion model planned for future development.

Announcing StableLM❗

We’re releasing the first of our large language models, starting with 3B and 7B param models, with 15-65B to follow. Our LLMs are released under CC BY-SA license.

We’re also releasing RLHF-tuned models for research use. Read more→ https://t.co/R66Wa4gbnW pic.twitter.com/gvDDJMFBYJ
— Stability AI (@StabilityAI) April 19, 2023

By comparison, GPT-4 has a parameter count estimated at one trillion, six times higher than its predecessor GPT-3.

The parameter count may not be an even measure of LLM efficacy, however, as Stability AI noted in its blog post announcing the launch of StableLM:

“StableLM is trained on a new experimental dataset built on The Pile, but three times larger with 1.5 trillion tokens of content […] The richness of this dataset gives StableLM surprisingly high performance in conversational and coding tasks, despite its small size of 3 to 7 billion parameters.”

It’s unclear at this time exactly how robust the StableLM models are. The StabilityAI team noted on the organization's Github page that more information about the LMs capabilities would be forthcoming, including model specifications and training settings.

Provided the models perform well enough in testing, the arrival of a powerful open-source alternative to OpenAI’s ChatGPT could prove interesting for the cryptocurrency trading world.

As Cointelegraph reported, people are building advanced trading bots on top of the GPT API and new variants that incorporate third-party tool access, such as BabyAGI and AutoGPT.

The addition of open-source models into the mix could be a boon for tech-savvy traders who don’t want to pay OpenAI’s access premiums.

Those interested can test out a live interface for the 7B-parameter StableLM model hosted on HuggingFace. However, as of the time of this article’s publishing, our attempts to do so found the website overwhelmed or at capacity.

In-Chat Tether Transfers Introduced in Telegram

March 25, 2023 Bitcoin.com

‘Infected by fraud’ — Projects claim CoinMarketCap airdrops were gamed

January 10, 2023 Coin Telegraph

Airdrop

A crypto project claims a promotional token airdrop campaign led by CoinMarketCap was riddled with "fraud" that left its token price crumbling.

Two crypto projects have cried foul play over promotional airdrops conducted by CoinMarketCap (CMC) on their behalf, which they allege was "gamed" for the benefit of a small group of exploiters.

These promotional airdrops — designed to be distributed to thousands of wallets to raise awareness of a crypto project — ended with the tokens funneling to just a handful of wallets, suggesting potential manipulation of the system.

SATT token drop

Blockchain advertising solution SaTT alleged to Cointelegraph that a promotional airdrop it paid CMC to conduct in Dec. 2022 ended with 84% of the airdropped tokens funneling to just 21 wallets.

The promotion was meant to see 25,000 winning wallets receive 4,000 SATT each, worth $6.30 at the time per CoinGecko data.

However, SaTT claimed that shortly after the airdrop was distributed, 20,953 wallets “automatically transferred the tokens to 21 wallet addresses” which then sold off their token holdings days later around Dec. 10, netting around $142,000 for those 21 wallet owners.

The sell-off plunged the price of SATT by 70% between the end of the airdrop on Dec. 1 to when the wallets sold their tokens on Dec. 10.

*SaTT claims wallet* *0x929…* *(pictured) has over 4,500 transactions of its token, the largest it found out of the 21. Blockchain data shows the wallet sold over 4.3 million tokens through PancakeSwap.* *BscScan*

TokenBot token drop

A similar experience was shared by TokenBot co-founder Shaun Newsum, who told Cointelegraph that it did a similar CMC-led airdrop of its TKB token on Dec. 9.

Newsum said CMC provided its 30,000 airdrop winners but he chose to “stagger” the airdrop “just in case something happens.”

TokenBot sent out its tokens to a batch of 4,000 winners to start, but around 3,300 ended up sending the funds to one wallet, said Newsum.

*Blockchain data shows thousands of TKB transactions flowing to wallet* *0x5AF…* *before initiating a cross-chain swap and then selling its holdings.* *BscScan*.

Newsum said around $20,000 was lost by TokenBot in the incident and the project had to deploy more liquidity from its treasury.

“Obviously some person figured out how to game CMC,” he added. “If we were to have bulk sent, the whole airdrop would’ve been a complete disaster.”

Newsum however said he has since received an apology from CMC and was told that it was investigating the airdrop and would return with an updated winners list for the project.

In its investigation, SaTT claims to have found another 18 tokens or nonfungible tokens (NFTs) airdrops conducted by CMC since Jul. 2022 that were also allegedly “infected by fraud” to the tune of $6.6 million.

This included airdrops for projects including TopGoal, OwlDAO and AgeofGods.

SaTT theorized two possibilities of how the “fraud” occurred:

“Either a group of hackers injected tons of fake accounts [into the airdrop on CMC’s website] [...] or it was actually an inside job.”

CoinMarketCap responds

Speaking to Cointelegraph, a CMC spokesperson addressed some of these claims, arguing that at least four of the projects identified by SaTT have yet to distribute rewards, meaning it would be “impossible” for them to have faced “malicious” activity.

It also noted that while three projects, including SaTT, AgeOfGods and TokenBot have spoken to the CMC team about their concerns, it has not received any communications from other projects about the alleged issues.

The spokesperson however acknowledged that “bots are an issue that touches nearly every industry.”

“The industry has been facing this issue among airdrop programs for some time and the reality is that not a single industry has been able to solve the bot issue entirely.”

“We are continuously working to improve our systems and services to limit this issue and will work closely with these projects to find solutions and help resolve any current issues,” the spokesperson added.

CMC added that any claims of bot participation in its airdrops are taken “very seriously” and itis “working on resolving each case individually.”

It also shared several features it has employed to deter bot participation, such as a CAPTCHA challenge and email verification requirements for participants. It’s also developing a two-factor authentication integration.

Cointelegraph contacted TopGoal and OwlDAO for comment but did not receive a response at the time of publicati. AgeofGods could not be reached for comment.

Ripple CTO shuts down ChatGPT’s XRP conspiracy theory

December 6, 2022 Coin Telegraph

An AI chatbot alleged Ripple can secretly control its blockchain through an undisclosed backdoor in the network's code and has been ridiculed by the firm's CTO.

Ripple’s chief technology officer has responded to a conspiracy theory fabricated by Artificial Intelligence (AI) tool ChatGPT, which alleges the XRP Ledger (XRPL) is somehow being secretly controlled by Ripple.

According to a Dec. 3 Twitter thread by user Stefan Huber, when asked a series of questions regarding the decentralization of Ripple’s XRP Ledger, the ChatGPT bot suggested that while people could participate in the governance of the blockchain, Ripple has the “ultimate control” of XRPL.

Asked how this is possible without the consensus of participants and its publicly-available code, the AI alleged that Ripple may have “abilities that are not fully disclosed in the public source code.”

At one point, the AI said “the ultimate decision-making power” for XRPL “still lies with Ripple Labs” and the company could make changes “even if those changes do not have the support of the supermajority of the participants in the network.”

It also contrasted the XRPL with Bitcoin (BTC) saying the latter was “truly decentralized.”

However, Ripple CTO David Schwartz has called the bot’s logic into question, arguing that with that logic, Ripple could secretly control the Bitcoin network as it neither can be determined from the code.

If it's final argument is that Ripple Labs "may have" some secret way to control the XRP Ledger that cannot be determined from the public code, why not argue that Ripple Labs "may have" some secret way to control the bitcoin blockchain that cannot be determined from the code?
— David "JoelKatz" Schwartz (@JoelKatz) December 5, 2022

The bot was also shown to contradict its own statements in the interaction, stating that the main reason for using “a distributed ledger like the [XRPL] is to enable secure and efficient transactions without the need for a central authority,” which contradicts its statement that the XRPL is managed centrally.

ChatGPT is a chatbot tool built by AI research company OpenAI which is designed to interact “in a conversational way” and answer questions about almost anything a user asks. It can even complete some tasks such as creating and testing smart contracts.

The AI was trained on “vast amounts of data from the internet written by humans, including conversations” according to OpenAI and warned because of this some of the bot's reponses can be “inaccurate, untruthful, and otherwise misleading at times.”

OpenAI CEO Sam Altman said upon its release on Nov. 30 that its “an early demo” and is “very much a research release.” The tool has already seen over one million users according to a Dec. 5 tweet by Altman.

Ethereum founder Vitalik Buterin also weighed in on the AI chatbot in a Dec. 4 tweet saying the idea that AI “will be free from human biases has probably died the hardest.”

Of all the optimistic 00s era takes, "AI will think logically from first principles so it will be free from human biases" has probably died the hardest. https://t.co/5rz33AEgKb
— vitalik.eth (@VitalikButerin) December 4, 2022

Bank of Thailand Needs More Time to Complete and Launch Retail Digital Currency

October 31, 2022 Bitcoin.com

3Commas issues security alert as FTX deletes API keys following hack

October 23, 2022 Coin Telegraph

Bot

3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX.

Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange.

3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. The duo identified that hackers used new 3Commas accounts to perform the DMG trades adding that “The API keys were not taken from 3Commas but from outside of the 3Commas platform.”

A subsequent investigation found fradulent websites posing as 3Commas were being used to phish API keys as users linked their FTX accounts. The FTX API keys were then used to perform the unauthorized DMG trades.

3Commas further suspects that hackers used 3rd-party browser extensions and malware to steal the API keys from users, adding:

“To reiterate and clarify, there has been no breach of either 3Commas account security databases or API keys. This is an issue that has affected multiple users who have never been customers of 3Commas so there is no possibility that it is a leak of API keys originating from 3Commas.”

Both FTX and 3Commas identified suspicious accounts based on user activity and suspended the API keys to avoid further losses.

*A set of guidelines shared by 3Commas for user's safety. Source: 3Commas*

FTX users that have connected their accounts with 3Commas and receive a message regarding their API being “invalid” or “requires updating” must create new API keys. In such cases, 3Commas suggested that:

“It is possible your API details were compromised and the API key has been deleted by FTX.”

Users have the option to create a new API key on FTX and link it to their 3Commas account to ensure no disruption to active trades.

3Commas are currently working with the victims to provide assistance and gather more information about the hackers.

FTX recently partnered with Visa to roll out debit cards in 40 countries worldwide. The partnership allows FTX users to pay for goods and services using debit cards that boast “zero fees” and no yearly charges.

The market reacted to the development as the FTX token spiked 7%, momentarily reaching a trading price of $25.62.

MEVbots backdoor drains users’ Ethereum funds via arbitrage trading bot

September 24, 2022 Coin Telegraph

Bot

An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether from its users' wallets.

MEV gain, an Ethereum (ETH) arbitrage trading bot built by MEVbots, which claims to provide stress-free passive income, has been actively draining its users’ funds via a fund-stealing backdoor.

Arbitrage bots are programs that automate trading for profits based on historical market information. An investigation of MEVbots’ contract revealed a backdoor that allows the creators to drain Ether from its users' wallets.

Our analysis confirms what the @mevbots promotes for the so-called "MEV gain" has a fund-stealing backdoor. Do *NOT* fall prey to it https://t.co/z2eDqMF36b. And thanks @monkwithchaos for the heads-up https://t.co/dhSNGljoH0 pic.twitter.com/HWfCAwbae4
— PeckShield Inc. (@peckshield) September 23, 2022

The scam was first pointed out by Crypto Twitter’s @monkwithchaos and later confirmed by blockchain investigator Peckshield.

*Suspect account @chemzyeth promoting MEV services. Source: Google cache*

Following the revelation, primary promoter of MEV @chemzyeth disappeared from the internet.

*@chemzyeth's Twitter account deleted after community callout. Source: Twitter*

Peckshield further confirmed that at least six users had fallen victim to the backdoor attack.

*Transaction of stolen funds from MEV gain's fund-stealing backdoor. Source: Peckshield*

However, considering that the contract is still active, at least 13,000 unwary followers of MEVbots on Twitter remain at risk of losing their funds.

Carrying forward the success of scalability-focused layer-2 solutions, Ethereum co-founder Vitalik Buterin shared his vision for layer-3 protocols. He stated:

“A three-layer scaling architecture that consists of stacking the same scaling scheme on top of itself generally does not work well. Rollups on top of rollups, where the two layers of rollups use the same technology, certainly do not.”

One of the use cases for layer-3 protocols, according to Buterin, is “customized functionality” — aimed at privacy-based applications which would utilize zk proofs to submit privacy-preserving transactions to layer 2.

Axie Infinity’s Discord bot compromised, hackers issue fake minting message

May 18, 2022 Coin Telegraph

Axie Infinity

The developers have managed to delete the fake message and remove the MEE6 bot from the main server.

Axie Infinity, the popular play-to-earn nonfungible token game, faced another attack on its Discord server earlier on Wednesday, leading to a compromise of its MEE6 bot.

MEE6 is a popular discord bot mainly used for automating roles and messages and is used by numerous crypto projects. The attackers used the compromised bot to add permissions to a fake Jiho account, and later issued a fake announcement regarding a mint.

The developers managed to remove the compromised MEE6 bot from the main server and deleted the fake messages as well. However, the official Twitter account of the project warned that many users might still see the fake message until they restart their Discord.

2/ The announcements have been deleted but some users may still see the message until they restart their Discord.
We have removed the Mee6 bot from the server and will never do a surprise mint.
— Axie Infinity (@AxieInfinity) May 18, 2022

The developers also claimed that the compromise of MEE6 is not a new phenomenon and many projects have faced similar issues. However, the official MEE6 Discord support channel denied allegations of a hack and claimed they have verified with their engineers and didn't see any unusual activity.

Many believe that the hackers compromised the admin accounts first and then got access to the alternate admin account using MEE6. This helped them to send out webbook messages while hiding the compromised administrator account.

The Discord bot compromise comes within a month of one of the biggest heists on Axie Infinity’s Ronin bridge resulting in a loss of over $600 million worth of crypto assets. The recent slew of security breaches has brought down the confidence of the community in the game, which was once seen as a revolutionary project for the gaming world.

Bot

SATT token drop

TokenBot token drop

CoinMarketCap responds

Share this video