DeFi: Trolling the unTrolled
This is a small write up about some of the stuff that happens in the backstage when creating a Ethereum application. It’s been two months we’re creating a blockchain game with some DeFi components called Very Nifty. The goal is to give life to NFTs in a simple yet fun tamagotchi like game.
DeFi might bank the unbanked in few years but it is definitely trolling the untrolled already.
TLDR: We didn’t do any presale/premint and have no “free magical internet money” to give to all blood suckers; so no need to contact us :)
We already wrote a similar essay describing the behind the scene of Very Nifty a few weeks ago that might be a good introduction to understand our mindset:
Since this last article our shipping rate didn’t decrease, same as our sleeping rate didn’t increase. The only things that have been increasing are the metrics we are watching:
- Natural liquidity provided by people who likes the project without giving away fake APY for monkeys.
- Player base
- Burn rate of our in game token (cause people actually play)
So basically, when you reach a 700K$ in volume a day in Uniswap trading on your token not marketed (or less if you did premint/presale and weird partnerhips), you get listed on CoinGecko and CoinMarket Cap. The word spread fast and many moonboys join the fun. Then you get 100 messages a day offering a wide range of services: Get listed on exchanges for xK$, do an AMA on a pump and dumper telegram group, community managers who never read anything about your project that suddenly apply saying they are the biggest fan…
All of this get cleared so fast with polite answers or basic trolling..
But Monday evening someone actually had an interesting service to offer to us. He could DDOS our website, his demo made the website unavailable for few minutes.. This happened at the worst time as we were focusing on development as usual and about to go on a livechat with a telegram community to explain our game mechanics. Those kind of events make your brain disturbed to focus on the 100 other things you are already trying to do running development, community, token economics...
The attack was a DDOS focused on our frontend, smart contracts and funds were safu, it was just about disabling the website to be accessed by other players and asking money to restore it. While we tried to do our best with money on blockchain we didn’t have time to do basic security on the server that is used by the players to access the game… So it was so easy for him. As soon as the person attacked the server, he contacted us through telegram to discuss how we can pay him to fix the “issues” and we created a chat with us two and him:
After receiving his email with proposal of fixing the “critical issue” for 4k$ and being already drown in things to do we decided to basically win time. We’re just two devs with no funding so we had to innovate:
This conversation led us to know that this attacker had no idea about our project and might just scan all recent listing from popular crypto websites to find simple prey to attack. We went a little further and even asked him to prepare a resume when our fictional manager would be available the next day:
We spent the next hours doing the basics for hardening the server to handle any attacks. And the next day he contacted again. I asked for a demo and he managed to put our frontend down again..
As the logic of the game lives on the blockchain, we don’t really care about this kind of show off because we could host the frontend anywhere else in few minutes and the contract interaction would always be possible from Etherscan or other platforms in case of emergency:
Playing using Etherscan
to get redirected to etherscan. Once you're on the Etherscan contract page you'll first need to connect your Ethereum…
So it was time to pull the rug on him.. And tell him that everything about the project manager and office was a joke:
For a short instant, everything he thought to be true melted in front of him. Did he really thought Cathy wanted to see his resume? Our high level management was chilling in SF offices?
That’s how you rug pull the troller as we suppose this person has some cost runing his DDOS attack and just saw his magical internet money disappear..
We’ll publish really soon a frontend version on different websites like Github/Surge to make sure any risk is completely removed from DDOS attack..
This ecosystem is evolving so fast, if you’re looking to get some value out of it, don’t lose your time threatening people or ask for something... Just use your skills in a community to make it evolve without waiting for something back..
You’ll be rewarded!