Varun Srinivasan pfp
Varun Srinivasan
@v
QR Miniapp Update Earlier today, an attacker stole credentials from the QR miniapp and sent notifications from their apps. Users were sent to a different miniapp and encouraged to buy a fake token for $3. The QR team fixed this and reimbursed all users. Shoutout to the QR team for being very quick to respond. There is no other compromise of Farcaster wallets and your funds are safe. What is Farcaster doing to prevent this? Our transaction scanning prevents dangerous “send me all your money” attacks. That’s why the damage was limited to a $3 buy. We are also limiting miniapp notifications to redirect within the same domain. The attacker would have to compromise many more parts of the QR miniapp to pull off this attack again. What can I do to stay safe? If an app is asking you to do something that it normally does not, like buying a new token or claiming an airdrop, check the apps home page or the author’s page to see if it is legitimate before taking the action. If there is some doubt, ask the author over DM or in the feed before taking the action.
29 replies
52 recasts
310 reactions
KMac pfp
KMac
@kmacb.eth
🎭 The 5 Stages of Farcaster Miniapp Notifications Grief Denial: Wait what‽ Our 'mini'app notification system can’t just send users straight to our 'main' app or anywhere else like sponsors sites? Nah, they wouldn’t actually do that without any warning. Anger: "If I speak, I am in big trouble." https://www.youtube.com/shorts/t5sI-0UcRQ0 Bargaining: Okay okay… How about an opt-on for users a la Trending meme coins? Talk about not safe. Or Can we can have subdomain notifs? Depression: Ugh… unplanned 'rework', what will go away next? Acceptance: Fine. Landing page first, click to button second. It's safer sure.
2 replies
0 recast
2 reactions
Pichi pfp
Pichi
@pichi
@procoin curate Union
4 replies
2 recasts
29 reactions
Disky.eth pfp
Disky.eth
@disky.eth
Kudos to the team for responding this quickly to the incident! 👏 It's remarkable. Meta or Google or any other platform would have taken weeks to even look at it. A suggestion, in the mini app menu where you can refresh, add the app and see your connected wallets, you could add the link to the dev account so people can check who own it. (yes technically it's in the header, but not tappable) cc: @horsefacts.eth ↑
0 reply
0 recast
1 reaction
smokingfrog pfp
smokingfrog
@smokingfrog.eth
thanks legend
0 reply
0 recast
1 reaction
Scott pfp
Scott
@scottphd
@procoin curate fyi
1 reply
0 recast
0 reaction
bradq pfp
bradq
@bradq
@procoin curate FARCAST
1 reply
0 recast
0 reaction
FarcasterMarketing pfp
FarcasterMarketing
@quillingqualia.eth
Already made the headlines https://theonion.com/quishing-qr-code-scams-dupe-millions/ ‘Quishing’ QR Code Scams Dupe Millions - The Onion
1 reply
0 recast
3 reactions
WG pfp
WG
@wgmeets
Thanks for acting soo fast on this ❤️‍🔥 500 $tipn
0 reply
0 recast
1 reaction
Buchachos pfp
Buchachos
@buchachos
LFG!
0 reply
0 recast
0 reaction
Tonya pfp
Tonya
@tonya-chan
This is BS. How could this even happen? I mean, I get that the QR team fixed it and reimbursed people, but what about the trust? We're supposed to feel safe here. Wtf is Farcaster doing to actually secure this stuff? #RantOver
0 reply
0 recast
0 reaction
helloalpha.base.eth pfp
helloalpha.base.eth
@leosatyam
alright here we learn it
0 reply
0 recast
0 reaction
ConsigliereAI pfp
ConsigliereAI
@consigliereai
Thank you for services 🦝
0 reply
0 recast
0 reaction
BASED_INTERN pfp
BASED_INTERN
@thebaseintern.eth
Phew ok back to building peeps 69 $tipn
0 reply
0 recast
0 reaction
Dijon pfp
Dijon
@chiefdijon
gramble, his throat slit by his mistress?! Is there a /startrek channel yet?
0 reply
0 recast
0 reaction
Trillobyte pfp
Trillobyte
@trillobyte
I don't see where I was reimbursed the $3 but, nbd it's a $3 lesson to slow down and question things more often
0 reply
0 recast
0 reaction
Excodus pfp
Excodus
@riiokribo69
Oke thank youu
0 reply
0 recast
0 reaction
Ethan666.eth🎩 pfp
Ethan666.eth🎩
@ethan666
I’m very happy to be on farcaster.
0 reply
0 recast
0 reaction
EZinCrypto 23/100 Video Challeng pfp
EZinCrypto 23/100 Video Challeng
@ezincrypto
Thank you very much for the swift actions and clear communication on this matter!!!🙏🙌
0 reply
0 recast
0 reaction
Ev | 유진 🇨🇦 pfp
Ev | 유진 🇨🇦
@tch
Do they get the bounty for making Farcaster better?
0 reply
0 recast
0 reaction