Typefully

Write better content
Grow your audience faster

Built for 𝕏 and LinkedIn, powered by AI

Write & schedule, effortlessly

Craft and publish engaging content in an app built for creators.

NEW
Avatar
Avatar
Avatar

Publish anywhere

Post on LinkedIn & Mastodon too. More platforms coming soon.

Make it punchier 👊
Avatar

Typefully

@typefully

We're launching a Command Bar today with great commands and features.

AI ideas and rewrites

Get suggestions, tweet ideas, and rewrites powered by AI.

Turn your tweets & threads into a social blog

Give your content new life with our beautiful, sharable pages. Make it go viral on other platforms too.

+14

Followers

Powerful analytics to grow faster

Easily track your engagement analytics to improve your content and grow faster.

Build in public

Share a recent learning with your followers.

Create engagement

Pose a thought-provoking question.

Never run out of ideas

Get prompts and ideas whenever you write - with examples of popular tweets.

@aaditsh

@aaditsh

I think this thread hook could be improved.

@frankdilo

@frankdilo

On it 🔥

Share drafts & leave comments

Write with your teammates and get feedback with comments.

NEW
Avatar

Easlo

@heyeaslo

Reply with "Notion" to get early access to my new template.

Avatar

Jaga

@kandros5591

Notion 🙏

DM Sent

Create giveaways with Auto-DMs

Send DMs automatically based on engagement with your tweets.

And much more:

Auto-Split Text in Posts

Thread Finisher

Tweet Numbering

Pin Drafts

Connect Multiple Accounts

Automatic Backups

Dark Mode

Keyboard Shortcuts

Creators love Typefully

130,000+ creators and teams chose Typefully to curate their Twitter presence.

Avatar
Marc Köhlbrugge@marckohlbrugge
Tweeting more with @typefully these days. 🙈 Distraction-free ✍️ Write-only Twitter 🧵 Effortless threads 📈 Actionable metrics I recommend giving it a shot.
Avatar
Jurre Houtkamp@jurrehoutkamp
Typefully is fantastic and way too cheap for what you get. We’ve tried many alternatives at @framer but nothing beats it. If you’re still tweeting from Twitter you’re wasting time.
Avatar
DHH@dhh
This is my new go-to writing environment for Twitter threads. They've built something wonderfully simple and distraction free with Typefully 😍
Avatar
Santiago@svpino
For 24 months, I tried almost a dozen Twitter scheduling tools. Then I found @typefully, and I've been using it for seven months straight. When it comes down to the experience of scheduling and long-form content writing, Typefully is in a league of its own.
Avatar
Luca Rossi ꩜@lucaronin
After trying literally all the major Twitter scheduling tools, I settled with @typefully. Killer feature to me is the native image editor — unique and super useful 🙏
Avatar
Visual Theory@visualtheory_
Really impressed by the way @typefully has simplified my Twitter writing + scheduling/publishing experience. Beautiful user experience. 0 friction. Simplicity is the ultimate sophistication.

Queue your content in seconds

Write, schedule and boost your tweets - with no need for extra apps.

Schedule with one click

Queue your post with a single click - or pick a time manually.

Pick the perfect time

Time each post to perfection with Typefully's performance analytics.

Boost your content

Retweet and plug your posts for automated engagement.

Queue

Start creating a content queue.

Write once, publish everywhere

We natively support multiple platforms, so that you can expand your reach easily.

Twitter
LinkedIn

Check the analytics that matter

Build your audience with insights that make sense.

Posts

Writing prompts & personalized post ideas

Break through writer's block with great ideas and suggestions.

Never run out of ideas

Enjoy daily prompts and ideas to inspire your writing.

Use AI for personalized suggestions

Get inspiration from ideas based on your own past tweets.

Flick through topics

Or skim through curated collections of trending tweets for each topic.

Prompts

Write, edit, and track tweets together

Write and publish with your teammates and friends.

@frankdilo
@kandros5591

Share your drafts

Brainstorm and bounce ideas with your teammates.

NEW
@aaditsh

@aaditsh

I think this thread hook could be improved.

@frankdilo

@frankdilo

On it 🔥

Add comments

Get feedback from coworkers before you hit publish.

Read, Write, Publish

Read, WriteRead

Control user access

Decide who can view, edit, or publish your drafts.

Build an automated post machine

Our Zapier integration enables countless no-code workflows.

TypefullySlack

Share new drafts in Slack channel

RSSTypefully

New draft from RSS feed item content

DocsTypefully

New scheduled draft from Google Doc

TypefullySheets

New spreadsheet row from published post

ScheduleTypefully

Create new template draft every Monday

TypefullyGmail

Send an email for every published thread

FeedlyTypefully

Create draft for new items in feeds folder

TwitterTypefully

Thank new followers with a post

TypefullySlack

Share new drafts in Slack channel

RSSTypefully

New draft from RSS feed item content

DocsTypefully

New scheduled draft from Google Doc

TypefullySheets

New spreadsheet row from published post

ScheduleTypefully

Create new template draft every Monday

TypefullyGmail

Send an email for every published thread

FeedlyTypefully

Create draft for new items in feeds folder

TwitterTypefully

Thank new followers with a post

Ready to write better content and grow your audience?

Get started with our generous free plan.

Typefully

© 2022 Mailbrew Inc.

Privacy

Terms

Contact us

Work with us

Product

Pricing

Changelog

Keyboard shortcuts

Invite teammates

Affiliate program

Grow on 𝕏

Typefully Academy

Get a social blog

Automate with Zapier

Boost engagement

Popular profiles

Twitter Card Validator

X Card Validator

Help & Social

Help pages

Brand assets

Twitter

Blog

Announcements

Typefully

Typefully

How Can a Simple Signature in Metamask Drain Your Wallet?

Avatar

Share

 • 

A year ago

 • 

View on X

Do you know a simple signature in Metamask can drain your wallet? A very experienced user (top 10 by Degen Score) lost almost 500k USDC in an exploit today. You could be next... A short thread how it happened and how you can avoid such exploits in future.
It was a quiet afternoon when Joe (name changed) noticed 469k USDC left his wallet. It wasn't a simple transfer, which meant an attacker apparently didn't have access to Joe's wallet. It was a malicious contract that drained all USDC from his address...
Here we need to pause the story to explain some technicalities. USDC token is a contract on Ethereum. It has many functions which define how we interact with USDC and what can be done with it. Let's focus on two functions: > transfer > transferFrom
> transfer When you move USDC (or other ERC20s) between wallets, you use transfer function. It moves tokens from the caller (the address that calls the function) to other address. To maliciously use transfer on your behalf, someone would have to get control over your wallet.
> transferFrom When you interact with contracts, they use transferFrom to move your tokens. They can take up to the allowance amount which you set in approve function. If you allow a contract to spend infinite amount of USDC, it can take it all. twitter.com/korpi87/status/1549754633882443777
Back to the Joe's story... The aforementioned contract interaction that drained Joe's USDC was indeed transferFrom function. But transferFrom would only work if Joe had approved the contract to spend his USDC. And Joe was 100% convinced he didn't approve anything...
Wait a moment... DeBank history clearly shows infinite USDC approval for the malicious contract 10 minutes before the exploit... Did Joe actually approve it? Yes. But also no. Not directly.
Etherscan discloses that infinite approval wasn't approve function called by Joe himself. It was permit function called by other address and it granted the malicious contract the approval to spend all Joe's USDC. WTF? How can others approve contracts on your behalf?
Permit function was introduced to improve user experience on Ethereum. It allows a user to modify approval amounts without submitting a transaction. A signature is sufficient. With your signature anyone can call permit function and update your allowance for a spender.
You can see permit in action when you use 1inch dApp. If you want to sell USDC, you don't have to approve it first. All you need is to sign a message. This signature grants 1inch the permission to spend all your USDC. 1inch won't do it but a malicious contract could.
Joe must have accidentally signed such a message on a malicious website. Unfortunately, this time he used a hot wallet and signing was just one innocent-looking click. With a hardware wallet, there would be a second-thought moment while signing a message on the external device.
With Joe's signature a malicious actor submitted a transaction with permit function. It gave the malicious contract the permission to spend all USDC from Joe's wallet. Then transferFrom function was called and the malicious contract drained the funds.
Apparently signatures can be catastrophic. In some cases Metamask will warn you that signing a message can be dangereous. But not in case of signed approvals which technically work as designed but can cause a lot of damage if misused. twitter.com/CT_IOE/status/1534658825843683328?s=20&t=jfmnTA1Cv5m6ZLfCA_P2hg
How to avoid similar exploits in future? - Don't sign everything in Metamask. - Spend time to understand what you sign. - Be careful with traditional approvals (see linked thread) twitter.com/korpi87/status/1549754618086694912
Avatar

korpi

@korpi87

DeFi educator, a member of Degen Score Citadel and DeFi Omega. @tapioca_dao pearl club member lenster.xyz/u/korpi Follow me for DeFi-related topics.