Etherdelta hacked

MetaMask actually blocked the site for me. That's how I learned about it. I still have the money on MetaMask. Guess I should switch them to some place else just to be safe.

Why did our favorite shitcoin bazaar have to get hacked?

Was actually trying to use ED like 30 minutes before the twitter announcement came out, fortunately I was just (attempting) looking at the NAS (unlisted) smart contract to see if anyone's placing orders prior to listing. Noticed the UI was messed up, things like the tweets weren't loading, and it wasn't even taking me to the NAS smart contract, just defaulting to PPT. So I thought something was fishy so I didn't try entering any private keys/sending anything. Wondering if these hackers ended up getting anything. Hoping they were only able to grab a couple pajeets wallets that contained nothing but the shittiest of shit listed on ED as that would be the funniest timeline.

>mm
mm?

I'm not super familiar with MetaMask, but I've read if you use it you're fine. If you use a ledger on ED you're definitely fine.

You should really only be worried if you did something like create a new wallet or import a wallet's private key on the compromised site.

etherscan.io/address/0x3f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc
they only stole eth, about 278 to be exact

hahaha i pulled everything out of there a few days ago
biz btfoooo

MetaMask

Ouch, they didn't want anybody's LINK?

They used a fake site. If you did transactions, your coins would be redirected to the hackers adress. With or without metamask or whatever.

No coins stored are removed though.

as long as you use the real website you're safe, there's a phishing website with fake orders

On Twitter they said not to use the current website. I'm scared that my wallet was emptied but I don't know if I should check it or not.

does this effect the safety of my coins on MEW?

youtube.com/watch?v=slru097RrfM

The DNS was hijacked. You can't/couldn't get to the real site. The fake site it redirected to looked 99% the same.

No

Only if you were importing private keys, creating wallets, making transactions, or "depositing to the ED smart contract" (depositing to the hackers wallet) were you at risk I believe.

could you tell based on the URL ? Sorry i dont know what dns is

SAVED BY ETHEREMON!!!!

Last night I was literally 2 minutes away from buying Dragonchain on etherdelta. Just before sending the funds over, I saw the Etheremon thread on Veeky Forums/biz/, said fuck it, and spent all of my Dragon ETH on Etheremon monsters instead.

Not only did I get my original
investment back plus small gains, now it looks like I would have lost my DRGN coins / ETH to this etherdelta hack.

Praise Kek and THANK YOU ETHEREMON!!!!

*BE AWARE* The imposer's app has no CHAT button on the navigation bar nor the offical Twitter Feed on the bottom right. It is also populated with a fake order book.

hacker managed to drive the volume to ED to a fake website from what it looks like.

twitter.com/etherdelta?ref_src=twsrc^tfw&ref_url=https://etherdelta.com/

That's why you don't keep all your coins in one place.

Will this work if you had your ERC20 tokens still on the trading contract, not your ED wallet? Thanks for the share, btw.

i think i gave the fake site my address and key. what can i do

here's an update, i managed to withdraw some of my coins from ED to MEW, the real website works, and your coins should be safe, just don't try to acess if you're not sure about how to do it safely.

anyone tried sending ether to bittrex?, i sent 1.5 ETH an hour ago and still not in my wallet, got 140 confirmations too..

how do I know if I lost something

hmmm... maybe check your wallet?

fml I just logged in to check if my balance was there. ffs

You're not supposed to login...

>WARNING the site is compromised don't use it!
>oh shit I better log in right now
fucking hell Veeky Forums

can i move my tokens to MEW if i have no eth for gas?

Generate new address on my ether wallet and fire the coins off to it.

>tfw oh shit ed is acting funny
>no one knew about the dns hack yet
>dead cert on chrome
>try on firefox
>real cert
>enter private key
>can't add matinance mode
>ok
>moments later fake dns site on firefox
>tfw safe because i entered on right at the right time with legit site
>moved all my shit to a new wallet anyway just incase
phew

Sorry I fucked up. Don't do this. Stay off the site.

there redirecting the site to a copycat site, the exchange is still ok, dont touch your funds/login until this has all been settled and you will be fine

i already gave the fake my keys i believe. It was logged in, it went down then i tried to import wallet and gave my keys

I wonder why they didn't want LINK, aren't they smart enough to know it'll be 100$ by late 2018? Guess they're dumb hackers.

How can a "decentralized" exchange be hacked?

The exchange wasn't hacked. The DNS of the website that most people use to interact with it was. The people who lost money weren't on etherdelta, they were on a phishing site that looked like etherdelta.

etherscan.io/address/0x8d12a197cb00d4747a1fe03395095ce2a5cc6819

WTFFFFFF 40MIL ALREADY

#1 have you seen the token tracker?
#2 that's not the scam artists wallet

Easter?

Private Keys are compromised.

. . . . .. . . . . . . . . . . ,.-‘”. . . . . . . . . .``~.,
. . . . . . . .. . . . . .,.-”. . . . . . . . . . . . . . . . . .“-.,
. . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ”:,
. . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .\,
. . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
. . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
. . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:”. . . ./
. . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
. . . . . . . /__.(. . .“~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
. . . . . . /(_. . ”~,_. . . ..“~,_. . . . . . . . . .,:`. . . . _/
. . . .. .{.._$;_. . .”=,_. . . .“-,_. . . ,.-~-,}, .~”; /. .. .}
. . .. . .((. . .*~_. . . .”=-._. . .“;,,./`. . /” . . . ./. .. ../
. . . .. . .\`~,. . ..“~.,. . . . . . . . . ..`. . .}. . . . . . ../
. . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-”
. . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . ..\. . /\
. . . . . . \`~.*-,. . . . . . . . . . . . . . . . . ..|,./.....\,__
,,_. . . . . }.>-._\. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
. .. `=~-,_\_. . . `\,. . . . . . . . . . . . . . . . .\
. . . . . . . . . .`=~-,,.\,. . . . . . . . . . . . . . . .\
. . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `\. . . . . . .__
. . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>--==``
. . . . . . . . . . . . . . . . . . . . _\. . . . . ._,-%. . . ..`

Good luck faggot

>Wondering if these hackers ended up getting anything
200k the last i know

fucking retards
come for signals
discord.gg/srFAtER

They sent my eth to this address etherscan.io/address/0x3f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc

Now theyre sending eth for gas to hacked wallets to empty them from tokens.

Attackers site now has the chat Button in the top navbar. Twitter at bottom right still missing.

I have both sites open, the fake one and the real one.

Be careful guys, DNS can refresh at any time and redirect you to the fake site. Better use a geth script to interact with etherdelta for the moment.

I went in, bought a small bag of cob and left.

Nothing stolen.

Maybe my stack is so pathetic they didn't see the margin, or, this is overblone and some guys are just mongs?

Is it possible to move tokens from ED contract side to MEW?

WTF MY TIOTOUR IS GONE

Would love to know this as well. Have some bounty0x on the ED trading side. Haven't logged in for days.

yes. its possible check the ethtrader ED thread. somebody posted how to do that

here's a way you fags can get your alts from ED without having to login to the website.
youtube.com/watch?v=slru097RrfM

Holy fuck lads I just had a heart attack.
All my PRL vanished and I freaked the fuck out

Only to realize I was on the PLR tab.
You know that feel when everything seems utterly fucked up that you want to kys, but the next moment you realize everythings ok?

WTF MY VERTASIUM! OONOOO

If you have them in your ethereum wallet simply transfer them with metamask.

If you have them IN the etherdelta contract (this is if you used the etherdelta deposit function) then you have to call the etherdeltas withdraw function first. you can do this without the etherdelta website by using metamask or a geth script.

Any clue when this shit will be back up?

clone the repo and run on localhost faggot

$390000 so far (with token values):

deltabalances.github.io/#0x3F8a37BDe9B15b65C82F9Cdd00192e0BA36CC5fC

100% sure that they don't have any dns address in the repo? Only hardcoded IPs or what?

its decentralized it has no backend server only smart contracts .

dns = domain = "etherdelta.com"

which hosts only static files ( no backend ) in a server ( for those who cant host themselves )

so its 110% safe.

I tried this but it says i dont have balance. I have my tokens on the trade side not wallet. So,method lets you move tokens from ED wallet and not the ED trade contract side?

no
dns is the part of the internet that translates from domain name to ip address. so if their dns is hijacked = the domain name point to a different server

but it does has websockets connecting to etherdelta.com so replace that too

you need some eth in your wallet to do this.

How to access the real website?
Teach me senpai

But it will work for the trade side if you have tokens there as long as you have some ETH in your ED wallet? Kind of a noob here, may just pray ED fixes this shit before attempting. First time to buy a shitcoin on ED a few days ago.

don't stress it out user as long as you don't get caught on the phishing website and enter your private key your alts should be safe, just don't use Ether Delta for the moment until the attack is finished.

How easy is it for them too get your alt coins?
Literally have .004 ETH in my ED wallet, but I'm holding tons of alts there too

Thanks, friendly user. Will take it easy and not login.

FUCK YES im safe. Sent all my tokens from delta to binance using MEW. Thanks guys for the help I love you! I had about $7,000 worth of tokens at ED and they only took my eth gas money ~$60.

Clarification for anyone who might be compromised:

I HAVE TOKENS ON ED WALLET
- log in using MEW and send them out. You need to have eth in your ED wallet for gas

I HAVE TOKENS ON ED TRADE CONTRACT
- use MEW contract function to withdraw tokens to your ED wallet then send them out using MEW. You need to have eth in your ED wallet for gas.
guide: reddit.com/r/EtherDelta/comments/6hrxjw/etherdelta_guides_for_first_time_users/dn6heno/

too bad the pyramid isnt growing.

What if I have only ETH on the contract address?

>reddit.com/r/EtherDelta/comments/6hrxjw/etherdelta_guides_for_first_time_users/dn6heno/
How do I specify the address where I want to send my ETH before clicking write?
QUICK someone tell me.

Send eth to your ED wallet
Access the contract throught MEW and move move your ETH from contract to wallet. Use MEW log in to your ED wallet and send your ETH to a safe address

Don't use the website at all (at the moment). Interact only with the smart contract. This is possible with geth. This is 100% secure because it does only interact with the ethereum network.

it sends them to your ED wallet. Then you use MEW to send them out from your ED wallet

this

Thanks.
Hope they're not going to grab them with a bot while I do this.

IT WORKED
THANK YOU GUYS I LOVE YOU

You know they're coming if you see a small eth incoming transaction on your etherscan.They send you the eth for gas you can see it going on here

etherscan.io/address/0x3f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc

Some dude just lost his PowerLedgers

640k now:

deltabalances.github.io/#0x3F8a37BDe9B15b65C82F9Cdd00192e0BA36CC5fC

This is huge for a simple DNS server vulnerability.

They last sent 0.2 ETH to this address:
etherscan.io/address/0x9e42be0eaf9c553db9dbee719c82289d717ea748
But half of the out transactions failed and they don't return to the hackers address.
So this one OUT transaction
etherscan.io/tx/0x1d599f056a73248107d9bbcea0310ffe4e383c14cd020e2c1833b9d9262186dc
What's that *to* address?
etherscan.io/token/0x595832f8fc6bf59c85c527fec3740a1b7a361269?a=0x3f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc

thx. bought 100k.

Big for 0x and Airswap. EtherDelta won't recover from this.

>EtherDelta won't recover from this.
Yeah, how is one supposed to trust ED again when they fucked up so bigly?

I lost ETH in this hack.

When I realised what had happened, I quickly transferred my tokens out of the compromised address and onto another. I accessed the 'safe' wallet using my private key - not MM or similar. After I did this, I realised I had left a tab open on etherdelta the whole time.

I never entered my 'safe' wallet private key onto the hacked site, but the tab was open while I was copy/pasting it onto MEW. Should I move the tokens, are they safe?

youtube.com/watch?v=lCSS_HHMKUQ
Who else got hit?

No one will, especially as the attacker stole $1mil in funds. Users should sue the exchange.

etherscan.io/address/0x3f8a37bde9b15b65c82f9cdd00192e0ba36cc5fc

Look at the last OUT holy shit he just stole another $ 4000 in ART someone stop him!