Why is no one talking about this?
I hope none of you have visited ED in the last few hours
Do not visit etherdelta
Why is no one talking about this?
I hope none of you have visited ED in the last few hours
Do not visit etherdelta
Other urls found in this thread:
etherscan.io
youtube.com
twitter.com
etherscan.io
discord.gg
deltabalances.github.io
reddit.com
etherscan.io
etherscan.io
etherscan.io
youtube.com
twitter.com
My first time buying shitcoins in months and this happens literally 10 minutes later
What the fuck man
>last few hours
Is that certain? I haven't seen any info on how long the site was compromised.
Well the Twitter updates aren't that old so we can only pray they posted immediately
RIP 7% of my holdings. Easy come easy go I suppose.
I was on the site, using MetaMask. Didn't do any transactions though.
I have some ETH on the MetaMask wallet. Should I move them? Not sure how it works.
...
I have no fucking idea man
Last time I logged in was about 12 hours ago and I'm shitting about my metamask wallet and my coins on ED
I have thousands of dollars of shitcoins that trade on etherdelta
They're saying people using mm and ledgers are safe.
MetaMask actually blocked the site for me. That's how I learned about it. I still have the money on MetaMask. Guess I should switch them to some place else just to be safe.
Why did our favorite shitcoin bazaar have to get hacked?
Was actually trying to use ED like 30 minutes before the twitter announcement came out, fortunately I was just (attempting) looking at the NAS (unlisted) smart contract to see if anyone's placing orders prior to listing. Noticed the UI was messed up, things like the tweets weren't loading, and it wasn't even taking me to the NAS smart contract, just defaulting to PPT. So I thought something was fishy so I didn't try entering any private keys/sending anything. Wondering if these hackers ended up getting anything. Hoping they were only able to grab a couple pajeets wallets that contained nothing but the shittiest of shit listed on ED as that would be the funniest timeline.
>mm
mm?
I'm not super familiar with MetaMask, but I've read if you use it you're fine. If you use a ledger on ED you're definitely fine.
You should really only be worried if you did something like create a new wallet or import a wallet's private key on the compromised site.
etherscan.io
they only stole eth, about 278 to be exact
hahaha i pulled everything out of there a few days ago
biz btfoooo
MetaMask
Ouch, they didn't want anybody's LINK?
They used a fake site. If you did transactions, your coins would be redirected to the hackers adress. With or without metamask or whatever.
No coins stored are removed though.
as long as you use the real website you're safe, there's a phishing website with fake orders
On Twitter they said not to use the current website. I'm scared that my wallet was emptied but I don't know if I should check it or not.
does this effect the safety of my coins on MEW?
The DNS was hijacked. You can't/couldn't get to the real site. The fake site it redirected to looked 99% the same.
No
Only if you were importing private keys, creating wallets, making transactions, or "depositing to the ED smart contract" (depositing to the hackers wallet) were you at risk I believe.
could you tell based on the URL ? Sorry i dont know what dns is
SAVED BY ETHEREMON!!!!
Last night I was literally 2 minutes away from buying Dragonchain on etherdelta. Just before sending the funds over, I saw the Etheremon thread on Veeky Forums/biz/, said fuck it, and spent all of my Dragon ETH on Etheremon monsters instead.
Not only did I get my original
investment back plus small gains, now it looks like I would have lost my DRGN coins / ETH to this etherdelta hack.
Praise Kek and THANK YOU ETHEREMON!!!!
*BE AWARE* The imposer's app has no CHAT button on the navigation bar nor the offical Twitter Feed on the bottom right. It is also populated with a fake order book.
hacker managed to drive the volume to ED to a fake website from what it looks like.
twitter.com
That's why you don't keep all your coins in one place.
Will this work if you had your ERC20 tokens still on the trading contract, not your ED wallet? Thanks for the share, btw.
i think i gave the fake site my address and key. what can i do
here's an update, i managed to withdraw some of my coins from ED to MEW, the real website works, and your coins should be safe, just don't try to acess if you're not sure about how to do it safely.
anyone tried sending ether to bittrex?, i sent 1.5 ETH an hour ago and still not in my wallet, got 140 confirmations too..
how do I know if I lost something
hmmm... maybe check your wallet?
fml I just logged in to check if my balance was there. ffs
You're not supposed to login...
>WARNING the site is compromised don't use it!
>oh shit I better log in right now
fucking hell Veeky Forums
can i move my tokens to MEW if i have no eth for gas?
Generate new address on my ether wallet and fire the coins off to it.
>tfw oh shit ed is acting funny
>no one knew about the dns hack yet
>dead cert on chrome
>try on firefox
>real cert
>enter private key
>can't add matinance mode
>ok
>moments later fake dns site on firefox
>tfw safe because i entered on right at the right time with legit site
>moved all my shit to a new wallet anyway just incase
phew
Sorry I fucked up. Don't do this. Stay off the site.
there redirecting the site to a copycat site, the exchange is still ok, dont touch your funds/login until this has all been settled and you will be fine
i already gave the fake my keys i believe. It was logged in, it went down then i tried to import wallet and gave my keys
I wonder why they didn't want LINK, aren't they smart enough to know it'll be 100$ by late 2018? Guess they're dumb hackers.
How can a "decentralized" exchange be hacked?
The exchange wasn't hacked. The DNS of the website that most people use to interact with it was. The people who lost money weren't on etherdelta, they were on a phishing site that looked like etherdelta.
etherscan.io
WTFFFFFF 40MIL ALREADY
#1 have you seen the token tracker?
#2 that's not the scam artists wallet
Easter?
Private Keys are compromised.
. . . . .. . . . . . . . . . . ,.-‘”. . . . . . . . . .``~.,
. . . . . . . .. . . . . .,.-”. . . . . . . . . . . . . . . . . .“-.,
. . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ”:,
. . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .\,
. . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
. . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
. . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:”. . . ./
. . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
. . . . . . . /__.(. . .“~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
. . . . . . /(_. . ”~,_. . . ..“~,_. . . . . . . . . .,:`. . . . _/
. . . .. .{.._$;_. . .”=,_. . . .“-,_. . . ,.-~-,}, .~”; /. .. .}
. . .. . .((. . .*~_. . . .”=-._. . .“;,,./`. . /” . . . ./. .. ../
. . . .. . .\`~,. . ..“~.,. . . . . . . . . ..`. . .}. . . . . . ../
. . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-”
. . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . ..\. . /\
. . . . . . \`~.*-,. . . . . . . . . . . . . . . . . ..|,./.....\,__
,,_. . . . . }.>-._\. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
. .. `=~-,_\_. . . `\,. . . . . . . . . . . . . . . . .\
. . . . . . . . . .`=~-,,.\,. . . . . . . . . . . . . . . .\
. . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `\. . . . . . .__
. . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>--==``
. . . . . . . . . . . . . . . . . . . . _\. . . . . ._,-%. . . ..`
Good luck faggot
>Wondering if these hackers ended up getting anything
200k the last i know
fucking retards
come for signals
discord.gg
They sent my eth to this address etherscan.io
Now theyre sending eth for gas to hacked wallets to empty them from tokens.
Attackers site now has the chat Button in the top navbar. Twitter at bottom right still missing.
I have both sites open, the fake one and the real one.
Be careful guys, DNS can refresh at any time and redirect you to the fake site. Better use a geth script to interact with etherdelta for the moment.
I went in, bought a small bag of cob and left.
Nothing stolen.
Maybe my stack is so pathetic they didn't see the margin, or, this is overblone and some guys are just mongs?
Is it possible to move tokens from ED contract side to MEW?
WTF MY TIOTOUR IS GONE
Would love to know this as well. Have some bounty0x on the ED trading side. Haven't logged in for days.
yes. its possible check the ethtrader ED thread. somebody posted how to do that
here's a way you fags can get your alts from ED without having to login to the website.
youtube.com
Holy fuck lads I just had a heart attack.
All my PRL vanished and I freaked the fuck out
Only to realize I was on the PLR tab.
You know that feel when everything seems utterly fucked up that you want to kys, but the next moment you realize everythings ok?
WTF MY VERTASIUM! OONOOO
If you have them in your ethereum wallet simply transfer them with metamask.
If you have them IN the etherdelta contract (this is if you used the etherdelta deposit function) then you have to call the etherdeltas withdraw function first. you can do this without the etherdelta website by using metamask or a geth script.
Any clue when this shit will be back up?
clone the repo and run on localhost faggot
$390000 so far (with token values):
deltabalances.github.io
100% sure that they don't have any dns address in the repo? Only hardcoded IPs or what?
its decentralized it has no backend server only smart contracts .
dns = domain = "etherdelta.com"
which hosts only static files ( no backend ) in a server ( for those who cant host themselves )
so its 110% safe.
I tried this but it says i dont have balance. I have my tokens on the trade side not wallet. So,method lets you move tokens from ED wallet and not the ED trade contract side?
no
dns is the part of the internet that translates from domain name to ip address. so if their dns is hijacked = the domain name point to a different server
but it does has websockets connecting to etherdelta.com so replace that too
you need some eth in your wallet to do this.
How to access the real website?
Teach me senpai
But it will work for the trade side if you have tokens there as long as you have some ETH in your ED wallet? Kind of a noob here, may just pray ED fixes this shit before attempting. First time to buy a shitcoin on ED a few days ago.
don't stress it out user as long as you don't get caught on the phishing website and enter your private key your alts should be safe, just don't use Ether Delta for the moment until the attack is finished.
How easy is it for them too get your alt coins?
Literally have .004 ETH in my ED wallet, but I'm holding tons of alts there too
Thanks, friendly user. Will take it easy and not login.
FUCK YES im safe. Sent all my tokens from delta to binance using MEW. Thanks guys for the help I love you! I had about $7,000 worth of tokens at ED and they only took my eth gas money ~$60.
Clarification for anyone who might be compromised:
I HAVE TOKENS ON ED WALLET
- log in using MEW and send them out. You need to have eth in your ED wallet for gas
I HAVE TOKENS ON ED TRADE CONTRACT
- use MEW contract function to withdraw tokens to your ED wallet then send them out using MEW. You need to have eth in your ED wallet for gas.
guide: reddit.com
too bad the pyramid isnt growing.
What if I have only ETH on the contract address?
>reddit.com
How do I specify the address where I want to send my ETH before clicking write?
QUICK someone tell me.
Send eth to your ED wallet
Access the contract throught MEW and move move your ETH from contract to wallet. Use MEW log in to your ED wallet and send your ETH to a safe address
Don't use the website at all (at the moment). Interact only with the smart contract. This is possible with geth. This is 100% secure because it does only interact with the ethereum network.
it sends them to your ED wallet. Then you use MEW to send them out from your ED wallet
this
Thanks.
Hope they're not going to grab them with a bot while I do this.
IT WORKED
THANK YOU GUYS I LOVE YOU
You know they're coming if you see a small eth incoming transaction on your etherscan.They send you the eth for gas you can see it going on here
etherscan.io
Some dude just lost his PowerLedgers
640k now:
deltabalances.github.io
This is huge for a simple DNS server vulnerability.
They last sent 0.2 ETH to this address:
etherscan.io
But half of the out transactions failed and they don't return to the hackers address.
So this one OUT transaction
etherscan.io
What's that *to* address?
etherscan.io
thx. bought 100k.
Big for 0x and Airswap. EtherDelta won't recover from this.
>EtherDelta won't recover from this.
Yeah, how is one supposed to trust ED again when they fucked up so bigly?
I lost ETH in this hack.
When I realised what had happened, I quickly transferred my tokens out of the compromised address and onto another. I accessed the 'safe' wallet using my private key - not MM or similar. After I did this, I realised I had left a tab open on etherdelta the whole time.
I never entered my 'safe' wallet private key onto the hacked site, but the tab was open while I was copy/pasting it onto MEW. Should I move the tokens, are they safe?
youtube.com
Who else got hit?
No one will, especially as the attacker stole $1mil in funds. Users should sue the exchange.
etherscan.io
Look at the last OUT holy shit he just stole another $ 4000 in ART someone stop him!