Is this really happening? Vitalik's brain child is about to be an abandoned orphan left to wither away and die? Vitalik dying was one thing but I can't believe this bullshit.
1. Someone who was quoted on twitter just two days ago saying "Ethereum is me and I am Ethereum" could not just up and leave the project that he is so obviously and narcissistically proud of, could he?
2. Just because Ethereum is running into problems doesn't mean he's going to give up. At least this should be the case....
3. Think how fucked some of our portfolios would be if this news actually gets spread around and he is actually leaving Ethereum for such a shitty team I already moved into Bitcoin and I am suddenly not so bullish on the future of ethereum or the value of ETH for that matter....
NOBODY CLICK THE LINK THIS ISN'T A MEME. I'M NOT FUCKING MEMEING YOU WILL LOSE YOUR MONEY IN ETHERDELTA IF YOU OPEN THAT LINK.
Hudson Sanders
DONT CLICK THAT LINK
Bentley Phillips
damn all my link is gone wtf
Jack Gutierrez
Lololololl
Jeremiah Diaz
OP may have found an exploit on tumblrs website and is hosting a redirect to his virus hosting server which then redirects to etherscan
Sebastian Green
Actually really don't click that link. the last malicious link was a "tumblr" link like this one. This could really wipe out all your shit.
Julian Adams
Where are the fucking mods?!
Jackson Taylor
Unless that tumblr site directs to hourglass figured figured mature housewives spreading there ass, i aint clicking on that shit lad.
James Flores
this thread came up earlier, could be a troll but tumblr shouldn't be redirecting like that. probably a virus. i did a system restore and moved all my link to a 2FA broker just to be sure
I also use a different browser for shitposting than for financials and never use plugins.
Henry White
Joke's on you faggot: You are using MetaMask but you are not logged in. Please log in to MetaMask and refresh.
Also, I don't have shit on Etherdelta.
Suck my dick!
Anthony Stewart
MY LINK IS GONE AAAAAAAAAAAAA
Blake Murphy
wtf my links are fucking gone
Xavier Cook
wtf why are all of my links gone?
Ryan Richardson
hey my links are still here :>)
Anthony Young
MY LINK
Owen Johnson
OH SHIT MY LINK IS GONE!
am i doing this right?
Nathaniel Roberts
My OMG is gone but thats ok they are practically worthless
Chase King
has etherdelta seriously not fixed this huge vulnerability yet? if they havent at this point they're probably in on it.
Zachary Turner
DON'T OPEN
Ian Gray
OMG my Blockfolio was deleted. ALL MY COINS ARE GONE!! AHHHHHHHHHHHHHH
Owen Davis
MUH LINKS ARE GONE LOL XD
Logan Nguyen
this is probably fud for the upcoming fork
I don't hold ETH though, it's not meant to be a currency
Jaxon Perry
How did you redirect like that? Even in the main page you redirect to etherdelta. I'm glad to be a phoneposter.
Blake Green
holy shit no way this is happening what do I do? i just lost everything FUCKING NO FUCKING WAY ARE YOU KIDDING ME?????
Owen Williams
Jokes on you I'm using IE 8.
Asher Turner
Weird. I clicked this and a disembodied hand popped out of my modem port and jerked me off. Neat.
Gabriel Harris
the real MVP here
Jackson Moore
aw shet muh lankz is gawn
David Ross
seriously all my link is gone
Wtf is this shit
Mods please delete this thread
Op is a hacker
Adrian Richardson
Are you cunts LARPing or is this really taking your shit? W/e, I ain't clicking though
Colton Baker
Ahahaaa he's joining ripple! That's why he's speaking at Swell! Lel it's going to 100x
Jayden Gonzalez
u disgusting pile of shit. enjoy
Jack Barnes
have fun felching ur mum after she gets fucking raped by a pack of niggers and Pakistani paedos
ur dog will die a slow death u fucking cunt. I do joojoo. U wait. Kiss the fuck, goodbye. motherfucking cunt.
Kayden Ross
joke on you faggot, I'm using BRAVE!
Angel Ross
Nice, just lost 100k
Brayden Bennett
Ahhh NoScript. How I love you.
Evan Sanders
Wow. Genuinely malicious links on Veeky Forums. So surprising. Glad I don't do any trading from my phone and shitposting from my laptop
Noah Lewis
Seriously, it's a redirect to an etherdelta trading script. I don't use etherdelta or trade crypto from my phone, but I'd be hella mad if I did.
Parker Mitchell
WHAT HAVE YOU LEARNED ABOUT CLICKING TUMBLR LINKS. HAVE FUN GETTING YOUR ETHERDELTA WALLET DRAINED
Jason Perry
WHY HAVE NO MODS REMOVED THIS SHIT
PLEASE ANONS DO NOT CLICK ON THIS FAGS LINK. IT IS MALICIOUS.
Samuel Scott
>tumblr
not this shit again
Michael Garcia
why is this fucking thread still up and why is it being bumped
Isaac Garcia
Nigga I ain't touching that link and you ain't touching mine.
Austin Morales
Evidently my link hath absconded
Hudson Thomas
Report the OP
David Sullivan
>not blocking scripts by default >not using a separate browser for financial trading
Haha cucks
Juan Hill
>tumblr lmfao I can't believe you all fell for it again.
Christopher Scott
... the etherdelta xss issue was fixed forever ago. What are you doing? Your thing isn't working at all now.
Nathan Ramirez
heh...should have not clicked that....LINK
Brody Lewis
Stop saying you lost shit, show us the transaction if you really did.
Fking faggots
Clicked on it and nothing happened, this shit was fixed months ago.
Aiden Martin
Clicked on it just for fun. Good thing I don't use ED. Pretty sneaky, sis.
Adrian Collins
fuck just got 100k link, thanks OP
Mason Morales
Oh noo my BCC is gone.. oh it's not, actually it's just sunk..
Logan Phillips
go fuck yourself nigger
Nicholas Anderson
>> Clicking links on Veeky Forums This is why you will stay poor.
Jeremiah Garcia
Vitalik is under constant pressure by faggots who want to capitalize on his name, etc. I don't blame him for ever wanting to distance himself from the project.
Matthew Turner
holy fuck they're GONE. MY FUCKING PANTS. I WAS WEARING THEM JUST A MINUTE AGO.
Mason Sanchez
PRaNK PaTROLEUM
Jose Cooper
Well user. Might as well make the most of it.
James Barnes
...
Eli Jackson
pls sir i have 0 funds in my account. can you please help me out sir? we can share my private key sir!
William Brooks
I'm new here, what is this meme?
Cooper Perez
The meme is that EtherDelta is really fucking insecure and if you've got a wallet attached to it and browse the web on the same browser then literally ANY website has the capability to steal your coins. The link in the OP is one such website. Your only protection would be addons like NoScript and NoRedirect to block all attempted redirects that you don't explicitly allow, but even that isn't 100% foolproof; it's just enough to prevent the current wave of exploits. If you're not retarded you have a browser (or private browsing session) that is only used for EtherDelta anyway.
Hudson Perez
you think you clever guy
Matthew Ross
if you want to have a blast reply to any of frenchhudini's comments on plebbit asking him why he released such a big piece of shit
Jeremiah Anderson
...
Kevin Hall
Cant belive I went to this link.
Anyway, OP must be slow if they did get my private key. I just transferred everything to another wallet.
Jose Parker
EDIT [9/25, 4:35pm PDT] This exploit is now patched on EtherDelta, but the patch has not been independently audited or verified. See here for verification from the developer of the patch. EDIT [[9/25, 6:07pm PDT] I have reviewed the security patch for this and can confirm the exploit is no longer working. Thank you to the devs and community members who assisted on this. tl;dr There are malicious links floating around (most common one is a tumblr link) that redirects to etherdelta with a tag in the URL. This script searches for private keys and sends them to an endpoint the attacker controls. It is assumed that the attacker then automates transfers of any tokens on EtherDelta. Long explanation: There are several malicious links floating around formatted as FUD tumblr articles. An example of one such link is: emotionaltrader.tumblr.com/blah-blah-blah These links issue an instant redirect to EtherDelta and append a malicious script to the URL. The malicious URL can be found at this pastebin: pastebin.com/uraxVMTh. DO NOT enter this into your browser! It is only provided for research purposes and full disclosure. The script will search for all private keys of the currently logged-in EtherDelta account and send them to the requestb.in endpoint. RequestBin is a legitimate service used to capture and inspect HTTP requests, often for debugging purposes. It is assumed that this endpoint is being used as a proxy or gateway to collect the keys, and in turn the attacker is automating the process of exporting tokens found with those private keys to his address: etherscan.io/address/0x4daa00c6944ef98cd7529121a0bbca353fd23d72#tokentxns EDIT [9/27, 2:55pm PDT]: It appears this exploit only is able to access private keys uploaded directly to EtherDelta and may not affect those imported using e.g. MetaMask.
Nolan Garcia
also affecting people who have unlocked metamask? (no funds on ED but in the eth wallet)
what i do: running scriptsafe or noscript addons in your browsers.
also nice to have is: EtherAddressLookup which blocks scam sites
Apparently just attempting to view that token on EtherDelta is enough to get hacked. I'm not entirely sure how it works or what it compromises but this is NOT the javascript injection exploit that got patched a couple weeks ago.
Julian Barnes
And to be clear, the link I posted there is just the etherscan view of it. It's save to click. The malicious URL in the OP points EtherDelta to that contract by attempting to view its exchange against ETH, the same way you'd view any other unlisted token. This probably means that viewing any custom token on ED is potentially dangerous as well whether you click a link to do it or not, so be very careful with that.
Ryan Clark
Finally, please remember to sage if you reply to this thread. Mods are asleep and you don't want to bump it.