Dumped this shitcoin a while ago.
Dumped this shitcoin a while ago
uncle chang? it was you? you stole the eth?
No, just pointing out how stupidly trivial this exploit is.
Why did you do it uncle chang?
HOLY SHIT HE'S GOING TO PUT IT ALL INTO ARK
BUY ARK NOW
how would one go about stealing from the parity wallets with eth still in them?
i wish i had the knowledge to pull shit like this
Who is this shit coder Gav Wood?
the inventor of the language you use to write ethereum contracts lol
this is why you dont fucking use any third party wallet, not even hardware
there is always some kind of flaw in it
Just goes to show the stupidity of people for holding so much money in this coin. And they're STILL holding.
how do i find parity using eth addresses?
Peter Pan, literally.
How do you hack these wallets gouiys? And how do you find parity addresses?
github.com
What a retarded bug
Original author - github.com
If an exploit is trivial, we have no reason to believe there arn't more exploits in Parity
the only coin worth holding is tether
rest is literally manipulated like all hell by gooks and miners
bitcoin, ethereum, litecoin, you name it, all scamcoins and vulnurable either to hacks or greedy gook miners
IOTA is the new coin that will kill them all
> tfw actaully pretty good at solidity and would have seen this bug on code review
WHY DIDN'T I LOOK :(
there must be a lot of vulnerable wallets left. start stealing user!
I have that exact same cactus
>they built their network on javascript
explains everything really
So if i have access to a computer with parity installed on it why wouldnt i just send the eth to my own wallet anyway? am i missing something here?
>taking what I told you in Discord and parading it on Veeky Forums
I see how it is Chang.
But yes, it is trivial to do this and anyone can currently swipe wallets with multisig in a split second.
gib discord
Is eth going to 5$ or 0$ ?
I saw it first in another discord :^)
well what do you use then? I use a paper wallet from myetherwallet. Are you going to tell me that's no good either?
Ethereum isn't going anywhere as it wasn't a bug in Ethereum itself.
However, the vulnerability existed in a smart contract shipped with one of the largest consumed wallets, Parity.
To top it off, the person who shipped the faulty contract was Gavin Wood, who used to be part of Ethereum's team (he left, wasn't fired) and a big Bitcoin developer.
Ethereum itself is not compromised, but trust in the ecosystem is absolutely fucking shot. We can't even trust some of the veteran developers to look over their code.
This is bad.
0
not one cent more
Get out of here with your logic.
Eth is an absolute shitshow. The only reason anyone buys it is because of fomo sourced from redditors who missed out on bitcoin early. That first hack leadimg to the fork should have been a warning but then there was that status ico which exposed how slow the network is when in actual use and then the recent coindash hack and now this. Absolute joke.
Use a first party wallet which you can download from the Ethereum website. Myetherwallet is known to be very insecure, move your funds away from there IMMEDIATELY.
I agree on most points, except CoinDash. That was completely unrelated to anything crypto, their site just got hacked.
Oh look it's another "thing built for/on ethereum has a security hole but ethereum itself is still solid" situation.
Fake news, Ethereum still new gold standard, FUDDers just FUDing.
Correct but still if its based on ETH just write a smart contract to enforce the address or something. It did eth no favors.
Nice! Just sold 100k Ark!
Nice comprehension fuckwits. You realize GW submitted the fix, right?
Yes, and he was also responsible for letting the vulnerability through because it's his wallet.
The two aren't mutually exclusive.
>when the inventor of a new language can't even properly review code written in that language
JUST
>not understanding how development works
>when the system that should run the economy of the future can't handle 1 ICO
JUST
ETH is a MESS
They're both developers brainlet.
The only one that doesn't understand is you. Letting shitty code through doesn't get brushed off. As technical lead YOU are responsible for fuck ups, not the first day newbie you just let commit a $300m bug.
Charlie Lee wrote that.
New theory
Hacker uses exploit in Bancor contract to Move BAT out of Eth wallets
More and more the Eth alliance is looking more like the blockchain equivalent of Windows
44,000 - 37,000 = ~7000 ETH stolen from Swarm City
>Eth alliance is looking more like the blockchain equivalent of Windows
kek
>So if i have access to a computer with parity installed on it why wouldnt i just send the eth to my own wallet anyway?
You expose your keys on the local machine so make sure you don't have any zero day exploits on your machine
is ETH the biggest tech blunder of our times?
Uncle chang what happened to responsible disclosure?
next to linux, yes. don't even begin to look at kernel security flaws over the past 2 years wew
>the only way the mainstream public has heard about ethereum is through security flaws and money lost
really will encourage boomers to throw their 401k in this shitcoin
E V E R Y O N E in this thread is retarded.
initWallet, as the name suggest, is called to initialize a new wallet. You can see the "only_uninitialized" modifier after the function parameters..
No wonder this ICO shit works, everyone is dumb as a brick
I linked to the current codebase. At the time that wasn't there which is why the exploit worked.
It was added in this PR a few hours ago: github.com
It was already disclosed. I didn't find this vuln.
jesus fuck how did no one spot this
Someone did :)
>33million lost because somebody didn't properly scope a function
jesus christ
Another person is starting to siphon wallets now
> 60 replies
> Nobody shares the guide how to steal
Link?
I figured out how WhiteHat is finding vulnerable wallets. Technically someone can race them and beat what they're doing quite easily... they're crawling backwards through the blockchain and looking for vulnerable contract hashes.
It's literally in the OP you fucking retard. Execute initWallet with your address.
> Execute initWallet with your address.
How to?
kys it executes automatically after that.
You're hours too late.
White knights have rescued all the funds.
Why did the hacker only steal $30m? Could have stolen more no?
why would you waste your chance to be a millionaire i don't understand these people, just to be hailed as a hero?
>muh sekrit club
The contract source code was discussed on Reddit minutes after the hack.
> i don't understand these people
You don't understand what it's like to have a conscience? That's a shame.
They're smart enough to know they won't get away with stealing it. They know they'll be tracked down. So they pretend to be helpful and expect employment offers and bla bla bla.
Is this satire?
Did anyone try to steal anything yet?