Every scam has its unique characteristics, demanding meticulous investigation to extract lessons and enhance our digital practices. We've initiated an interview series featuring prominent community figures. In this edition, we're thrilled to introduce Paddy Stash, a renowned NFT collector and crypto influencer. Immerse yourself in our comprehensive audio interview with Paddy, or browse the succinct, edited text version below for the highlights.
Quickotter [00:00:00] Our guest today is Paddy Stash, a well-known figure in the digital animal community and a respected collector of 3D art and pop artists. Paddy will be sharing their experience of realizing that some great art was missing from their wallet. Instead of discussing general security measures, let's focus on how Paddy discovered the issue. With such an extensive art collection, how did they become aware that something was wrong?
Paddy [00:00:58] Firstly, thank you for having me here to discuss a regrettable situation that I hope can be resolved in the future. To answer your question, it's actually quite simple. As you mentioned, I had noticed that the balance in my wallet had decreased from 2.6 K to 2.5 K while I was on my computer. I realized that a significant number of NFTs had been transferred out of my wallet, and I knew I hadn't done it.
“Upon checking the activity, I discovered that about 18 minutes earlier, 20 NFTs had been moved out of one of my wallets.
“
What's even more surprising is that it wasn't just one wallet, but two, that were compromised due to my own foolishness in thinking I had done something wrong. I can't explain it because it's completely out of character for me, as I am always cautious about what I do. Please, go ahead.
Quickotter [00:02:18] Let's focus on the most interesting part. I remember when you first started tweeting about it and initially made a mistake in your writing. Over the next four or five days, you realized your error. Can you explain what happened during this time? We often hear about being cautious and following best practices, but we rarely discuss the process of unraveling and investigating what went wrong. Your situation is quite unique. So, please walk us through how you discovered and resolved the issue.
“When it happened, it was my own stupidity. I clicked on a bad link. Paddy (00:03:21)
“
Others have been hacked before. I thought about revoking my cash and started scrolling through my transactions. I found the one I clicked on and revoked it. I contacted people who were recently hacked and they confirmed my wallet wasn't compromised. However, to be safe, I followed the protocol suggested by Simona, an NFT artist from Italy who helped me out. I wasn't fully compromised, but the hacker was able to exploit my wallet and take some NFTs. I lost 17 pieces from one artist alone. Simona's guidance was invaluable. If soul or safe soul was available, I wouldn't have clicked that link. It could have been avoided, but it happened.
“Quickotter [00:06:46] One interesting aspect that is often overlooked is the patience of the attackers.
“
They wait for people to click on their links in order to exploit them and empty their wallets. It's important to understand that an attack may not happen immediately after clicking a link, but could occur weeks, months, or even a year later. The more patient the attacker, the more they can gain. This highlights the need to regularly review and revoke permissions for things we interacted with in the past. Considering your own experience, have you changed your protocol for ensuring security?
Paddy [00:08:19] I have modified things before, but I'm always careful and hyper-analytical. I run through my checks when clicking a link. Even if you're careful, mistakes can happen. I know I'm not invincible, but I'm more careful than most. I will continue to go through the same checks and now have additional knowledge on preventing and handling mistakes. I understand the steps to follow afterward to prevent a meltdown.
“Quickotter [00:09:47] This is a hot topic we should cover in the future. What should you do after being hacked?
“
We often hear stories of people trying to move their assets quickly to prevent further loss. I'm interested in your checklist, but we can discuss it another time. One thing I find interesting is how to grow the faith and add more people into the community. You have experience in crypto and have developed protocols for safety over the years. Are there any challenges you think are too difficult for people or areas we need to improve to get more people involved?
“Paddy [00:10:41] If you take the time to learn the proper steps, you should have no issues.
“
However, there's always a chance. Many people are getting into cryptos when the market picks up, but they often don't understand what they're doing. They just jump in and buy stuff. It's important to understand security and how to move your funds when purchasing something. Experience is key in this space. If you understand security and take precautions, you should be well-protected most of the time. However, there are always outlier situations where something unexpected happens, like a delayed link that redirects you to another page. So be cautious.
Quickotter [00:13:05] Paddy, one of the things I remember hearing you talk about is the importance of trust in security. It's about who you trust, what you sign, what you interact with, and what you buy. For example, do you trust your laptop to hold your secrets? Probably not. You might use a hardware device instead. This idea of trust and convenience also relates to where you keep your funds. Do you have a custodial account where someone else owns them, or do you have them in a wallet that you control, like Celsius audio? Can you discuss this further and how it connects to security? When it comes to your funds, you want to ensure that you have access and control over them. Do you see it the same way?
“Paddy [00:13:58] I got into crypto to be self-reliant and accountable for my actions. I don't blame others for my mistakes. I prefer to hold my own funds and use my own wallets.
“
I have used various types of wallets, including Bitcoin and ERC 20 wallets. I hold multiple cold wallets, such as Trezor and Ledger, to distribute and protect my funds. I use hot wallets for active trading and move funds to cold wallets for offline storage. I also use air-gapped wallets like I'll tighten for added security. I understand that some people prefer custodial services, but I prefer to have control over my own funds.
Quickotter [00:16:46] Paddy, this has been really helpful. This is great. Thanks for sharing the story of what you know, what you had to deal with. And it's not. But I think one of the great things is having someone who is such a well-known collector come on and just share the experience, you know, what you're doing. And it's something that unfortunately happened to you as well. So it should be a good lesson for everybody that even if you're doing all the best things, you can still make a simple mistake. And to your point, you know, links and things like this. This is the kind of thing that the community will like people and hopefully we can reduce the number of people thinking I'm bad link by using a tool that can kind of harvest those links and highlight them right in the bowels of the people. Thank you. Thank you so much. We really appreciate it. Seni going to I'm going to kick things back over you.
Seni [00:17:42] Oh, yeah. Yeah, sure. Thank you so much for sharing this story. I think it's very important to talk about it. Like for people who have such a great experience, like a big experience in space, and still become a victim of some scammers, and hackers. This is crazy that people like the level of expertise do not guarantee you anything, actually. So I really love the point when you said that you want to be responsible for your own actions. This is really what makes sense because we can never blame anyone. Then our digital life, like my screen, my screen time is something like 10 hours a day or maybe even more. So it means that my digital life is a yeah, almost a half of my life. So it means that my digital hygiene or how to call it buyer is the most important thing that I can do because I have some digital assets, right? I have my digital life, I have my digital assets. And if we're speaking about wallet security, actually it's a part of the digital security because the story that Paddy just shared is about losing some NFTs from the wallet because of clicking on some suspicious link.
“Unfortunately, there was no SafeSoul to highlight that 'Hey, this is suspicious, be careful, please'
“
So yeah, but there are many cases when people do some mistakes connected to some digital activity, not crypto activity, but some digital activity that leads to...
“Paddy [00:19:26] I just want to mention something about the situation that happened. It may seem like a plug for SafeSoul, but it could have prevented the issue. The link I clicked on was bad and had been around for over a week.
“
It was a link for Tyler Hobbs' for Danza NFT collection. If SafeSoul existed, it would have alerted me that the link was false and I wouldn't have clicked it. I'm a fan of digital animals and I think SafeSoul is great. If I had the warning, I wouldn't have made that mistake. Sorry for interrupting, I just wanted to mention this before finishing up. Thanks.
Seni [00:21:32] Yeah, it's ridiculous. The link was seen by so many people. Remember when they had a case last year? They showed a suspicious tweet about collaborating with a brand, but the details were unclear. That's why many people saw it. But there was no way to report it. That's what I love about safe. You can report if you're unsure about something, and ask others to check and help you. It makes your digital experience feel less lonely. We are all responsible for our actions, but it's great to have a community that has your back. When multiple people find something suspicious, it becomes more powerful. Did you want to add something?
Quickotter [00:23:05] There's no perfect security system. Every computer system we've created has been hacked. Building behaviors that help make good decisions and avoid dangerous situations is important. An active database with community input can be useful, like the beta program. It's an arms race with the bad guys, but we can look at solutions that may help.