Best crypto threads of the day – September 22nd

Do you need to learn Solidity/Rust to get started with Blockchain?

NO

You can check out these GitHub projects:

· JavaScript → Web3.js/Ethers.js
· Go → go-ethereum
· Python → Vyper
· C# → Nethereum
· PHP → web3.php
· Java → Web3j

a thread ↓ pic.twitter.com/wkPooFuzzV

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(JavaScript) Web3.js @ChainSafeth

web3.js is a collection of libraries that allow you to interact with a local or remote Ethereum node using HTTP, IPC, or WebSocket.https://t.co/NPUmYDP2Cp

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(JavaScript) Ethers.js @ethersproject

Complete Ethereum library and wallet implementation in JavaScript.https://t.co/Idq8hxB11M

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(GO) Go Ethereum @ethereum

Official Go implementation of the Ethereum protocolhttps://t.co/GTK9Rg4ijR

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(Python) Vyper @vyperlang @ThePSF

Vyper is a contract-oriented, pythonic programming language that targets the Ethereum Virtual Machine (EVM).https://t.co/wZcoDay7AX pic.twitter.com/mkT4dPMzeM

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(C#) Nethereum @nethereumteam

Ethereum .Net cross-platform integration libraryhttps://t.co/RvlqWZsElk

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(PHP) Web3.php @official_php

A PHP interface for interacting with the Ethereum blockchain and ecosystem. Native ABI parsing and smart contract interactions.https://t.co/Lw8IxrXoXp

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

(Java) Web3j @web3labs @java

Lightweight Java and Android library for integration with Ethereum clientshttps://t.co/xLfNAfzk52

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

I post Web3 content every day.

To support the project, leave a star herehttps://t.co/tj0HjpI5hm

— Francesco Ciulla (@FrancescoCiull4) September 22, 2022

NEW SOPHISTICATED SCAM ALERT

Communities are being targeted by putting malicious javascript at the end of known real links to steal discord auth tokens (which results in a full account compromise, with or without 2FA enabled)!

A small

— Boring Security (@BoringSecDAO) September 22, 2022

So recently the Boring Security founder became the target of a new discord scam involving a seemingly legitimate interaction of a partnership request.

They even were willing to play the long-game. They setup a call in calendly – the whole nine yards…

— Boring Security (@BoringSecDAO) September 22, 2022

However, we caught word from a partner of a brewing that scam that looks like this:

1) They will direct you to click a link with extra instructions at the end which will log your discord auth token (see screenshot)…. pic.twitter.com/7PYxeCCkJQ

— Boring Security (@BoringSecDAO) September 22, 2022

2) Then they will have you try something which won't work, (in this case a test mint of their metaverse land).

3) IN CHROME (This doesn't work in Firefox) they will get you to open dev tools and paste a small identifier (our partner was sent 'oxz57hoc').

— Boring Security (@BoringSecDAO) September 22, 2022

And then your discord auth token is sent to the scammer – your discord account is fully compromised. 2FA doesn't matter.

Likely they are using tools to see what permissions you have across your discords, and will target your communities accordingly. pic.twitter.com/Z7wpYQDtlt

— Boring Security (@BoringSecDAO) September 22, 2022

This means that in theory someone could send you a link that was opensea(dot)io/listinginfo/{Attacker-Payload-Here} and you think you're going to an opensea listing, but then you realize…(GIF)

This type of attack really emphasizes that clicking links in web3 is super dangerous pic.twitter.com/KUXAa2I5kh

— Boring Security (@BoringSecDAO) September 22, 2022

Your Discord auth token is too easy to steal!

Please spread the word, as I have a feeling this will be very prolific.

Note: Firefox has some protections built-in against things like this, but Chrome will not warn you about dev-tool access and how dangerous it can be…

— Boring Security (@BoringSecDAO) September 22, 2022

Special shoutout to @Plumferno @Server_Forge and all the help from @techie_club for helping investigate this issue.

It is always better to find out about these issues before they effect our communities at large. Please spread the word!!!!

— Boring Security (@BoringSecDAO) September 22, 2022