Alright guys. Here's what happened. PoWH did not INTENTIONALLY have a backdoor. The entire contract was drained because of something called an overflow bug.
function transfer(address _to, uint256 _value) public { transferTokens(msg.sender, _to, _value); }
The thief passed in an argument value of ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff, the largest possible unsigned integer which overflowed and allow the contract to pass and checks to see if he had any balance.
The transfer function then triggers a sell on tokens he doesn't even have.
SHILL: EthPyramid is patient. We are constantly testing and fixing bugs. Rest assured – this won't happen once we deploy.
>tfw all I had to do was read the code to make 1 million dollars
Thomas Jenkins
can confirm this is true
Jace Ross
232 Ethereum guy here. I hired the Russians to make this happen, you stole me first, though. You know what they say, it's no crime to steal from a thief.
Benjamin Wood
kek id laugh my ass off if this is what happened
Aaron Morgan
>shoulda paid attention in college
Brayden Stewart
>The thief passed in an argument value of ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
How?
Christopher Miller
anyone on Veeky Forums who knows about ethpyramid is on the ground floor of the most well thought out and innovative money maker the ETH blockchain has ever seen. congrats boys, we're all gonna make it
Logan Russell
how did he do it?
curious
Christian Campbell
ethpyramid discord ?
Bentley Phillips
This is the man himself. He's also working with one of the guys who found this backdoor too, they're making it scam proof.
Thomas Anderson
>Discord ARC says he bout to do it to em >Think its FUD >Shows proof with POWHcoin69 >Fuck.jpeg >Not risking it, made back with dividends so im good >Pulles out of POWH >Takes shower >Comes back and POWH is fucked >Thanks ARC for the warning, you saved me 1 ETH bro
Matthew Young
He thinks college teaches you useful stuff like this.
Joshua Butler
I was just about to make a thread on PoWHCoin crashing and I figured it was due to weak hands jumping ship to do something retarded like buy Ripple for the "impending Coinbase addition". But you're telling us you stupid motherfuckers couldn't even code this correctly? I can understand the hastily put together shadowfork shit flopping, but even the original one was a glitchy beta? Fuck you pajeet-tier imbeciles and any retard who buys into their next Jew scam.
Jason Jenkins
I’m so ready for this OP.
This is what happens when you don’t get greedy and actually want to make a sustainable product.
This reminds me of exactly how ethercraft is. Great devs who are takin time to make sure shit doesn’t get fucked.
James Phillips
>tfw majored in finance
how do I learn to read code so I can do stuff like this
gojjam wtf am I doing with my life
Thomas Hill
Nobody is going to put ETH into this now. Anyone willing to take a chance has lost their ETH.
Ryan Lee
My body is so ready. It’s fucking aching
Ian Lee
Lol there’s still people putting eth into POWH
Adam Bennett
How long do I have to wait? I'd much rather the team put up a solid date than keep delaying, especially when it's late at night. I keep staying up late so I can buy in immediately and getting fucked by these delays. Getting pretty sick of this shit, may just forget about it.
Jose Russell
Proof? Also noone stole anything from you lmao.
Bentley Flores
One of the ethpy devs here.
Trust us we’re aching to get it working too - we just REALLY don’t want to Mt Shadow2.0Gox everyone.
Smooth over your jimmies. Soon.
Jaxon Cruz
The alternative is we release something that gets pajeeted as soon as it hits 100 Ether. Would you prefer that?
Carson Baker
you JUST DID Mt. Gox everyone you fucking retards
Charles Rodriguez
Good for you user
Jack Gutierrez
I like how you think I had anything to do with PoWH. I didn’t. Take your finger pointing and fuck off.
Landon Ortiz
No but I'd rather the rescheduled release times not be in the middle of the night
Robert Ross
why hasn't someone done the same thing to the other clones? 3, 69, whatever there is
Jason Gutierrez
Are there Discord screenshots of this? For the lulz
Jason Sanchez
Are you up?
Connor Flores
Meant to quote I do appreciate the effort to make the release solid, and I still plan to buy in. But I know I'll get cold feet if I wait until the next day rather than buying in when it's released. Sometime in the evening would be fine but 2-3AM is pretty hard to keep doing.
Gabriel Russell
Worldwide audience, man. Sucks but we gave ourselves another 24 hours to let everyone try and beat the shit out of it on Ropsten first.
Grayson Adams
You idiot, these are compeletely new and actually competent devs. This is ground floor. Either you get in on the hype or miss out on this ground floor.
>these are compeletely new and actually competent devs
Easton Adams
...
Alexander Powell
And this is all recorded on the Blockchain right? How do I view this?
Justin Murphy
...
Christopher Smith
yeah. He saved me about 750 usd, got out with 20 min to spare. Now hes helping redesign ethpyr with the proper checks to avoid this kind of disaster
Dylan Hill
yeah if you find the contract address you can watch the removal of 900 eth
Alexander Smith
One of us has a PhD if that helps.
It fucking doesn’t matter in the slightest, but we’ve got Dr. Peeramyd on the case.
Daniel Clark
Press ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff to Pay Respects
Joshua Bailey
Want to thanks you guys, I was waiting around for this to launch yesterday and pulled out of powh while I was waiting, at first I was pissed off because pulled out at 920ether after holding for two days and I seen it go up to 1070ether. But so fucking glad I did now
Connor Collins
how do I do the overflow bug?
Matthew Barnes
>How do I steal money? I guess you will have to learn by yourself
Dominic Rivera
How did he do it?
Jackson Rogers
...It does? Ever taken an embedded systems course?
Isaiah Rodriguez
Also why not shill the test net now and have the test net up for a week and have a release date, get anons to use the test net for the week so they can be sure this is finally safe? This would be a good idea because the anons can see how much they can make once the real one is up and running
I'm not very familiar with Solidity, but I'm trying to figure out why this was able to happen.
So the thief passed the maximum possible uint value to the transfer() function, meaning that if you added anything to _value, it would overflow (and become 0 again).
But shouldn't the check of (balanceOfOld[_from] < _value) in transferTokens() still return true, thus reverting the transaction? Nothing was added to _value, so how did it overflow?
Can someone with more experience pls explain how this happened so I never make a mistake like this in any of my softwares
Henry Walker
>tfw I spotted someone make a valid transaction on shadowfork with wonky additional data like 12 after that crashed >post it to Veeky Forums >get told it means nothing >wake up to this
Ryder Rivera
So if the thief now has that much Eth, how the fuck is he going to cash out and put it on his taxes?
This was the state of it as of yesterday, could have changed significantly now though. Try asking in their Discord for an updated version.
Jackson Garcia
maybe he shoud programmed an input validation for those numbers, so mad ..
Connor Long
Bump. Props to the sploiter for figuring this out while we were all playing with our dicks, he earned his haul.
Liam Young
Academic question; is it possible to make the ERC20 token transferrable to other wallet but still able to receive the dividends?
Luis Flores
underrated
Isaiah Price
I think he'll definitely get caught eventually, there's no way he'll be able to make it look like he just had some lucky investments when he tries to put it in the bank or put it on tax forms.
Christopher Hernandez
>Illegal hacking an illegal pozi scheme on an illegal cryptocurrency network
lol
Nicholas Davis
Is the all dividends gone also?
Brody Fisher
Im from the Powh Discord
Get out of your ERC20 tokens NOW
Jacob Campbell
what do you mean how? by writing a program to do it...
Nicholas Parker
NOOOOOOOO MY LINKS ARE ALL GONE AHHHHHHHHHHHHHHH
Sebastian Edwards
it really depends on the college
start with a python hello world. go from there.
Lucas Jackson
can this fuck me if i got ERC20 tokens on exchanges? it only matters if the tokens are on the contract adress r-right?
Ryder Mitchell
I majored in Accounting and now a law student and I regret not knowing code. It's like, you can't be a millionaire these days without knowing code.
Anthony Wood
>this time will be different goys BUY BUY BUY
Tyler James
>got all in into this ponzi scheme >it crashed >RAGE >*throws things around* >RAGE >LETS MESS WITH THOSE MORONS >total IT brainlet >*rightclick* show source >delete some lines >want to write giant FFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUUUUCCCCCCCKKKKKK >acidentaly hit enter after typing "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" >mfw bankroll 1000000 USD
Mason Thomas
become an IT lawyer
Andrew White
Dubs confirm this shall be a thing
Justin Stewart
Exchanges hold the tokens themselves. If their wallets are drained, you're essentially praying they will honor their clients' balances. Some have proved they would (Bitstamp), some have made shitty socialized losses schemes (Bitfinex), some just exitscam (too many to list). Good luck.
Angel Cox
Correct, because your tokens are in an exchange wallet. If someone hacks the exchange wallet, then the exchange has got a problem... and a lot of motivation to fix it in a way where you don't get hurt (too much).
Dylan Carter
Guys just try to trick me again and u ded... Btw. There is quantstamp for contract audit... Like, seriously see it
Camden Nguyen
Im new to eth and smart contracts. How does a hacker execute some of his own code on someone else's contract?
Jacob Thompson
He doesn't, he sends inputs that trigger a bug in the contract. Input validation 101.
Real nigga talk, what happened is you invested in a pyramid scheme and it blew up.
Adrian Kelly
So we want it back, right Cmok guys! We can do this. Ethpyramid will be the choosen one. Og powh dęba were retards and failed
Cameron Jenkins
>"oh these, I mined them back in the day and forgot about them because eth was worth nothing then lol"
Lincoln Myers
Never going in to anything like this after this fiasco.
The blame is on devs, who fucking released buggy contract and didn't save the ETH for us before the hack, they fucking must have known about this, instead they were fucking with shadow.
I would also be suspicious that devs themselves did this to us.
Aaron Torres
Aa ahhhhhhh hahahahahaba I told yall OG had bed bugs like shadow did but no one listened hahahahhahahahahahahha fuck you in the mouth, I told you so. Why didn't you listen?
WE'RE GETTING PRELIMINARY REPORTS THAT THIS WORKS ON OTHER ERC20 TOKENS
DUMP DUMP DUMP
Nolan Martin
brb giving this a try lol
Adam Sullivan
its not how you do it user...
David Rodriguez
What is happenning? Can somone explain to a beginner? What are the consequences?
Jack Harris
All the money so gone
Cameron Ward
>Give money to a currency made by Veeky Forums user >Their token gets 'hacked' >Easiest one mil of their lives
The actual fuck is wrong with you people?
Jackson Gonzalez
I am legitimately happy that all you powh fags got your shit taken and I hope lessons were learned but I know you'll all be buying the next pajeet scam tomorrow
John Ross
can anybody tl;dr what is this, have been missing out on Veeky Forums few days
Blake Price
I'm guessing the problem is before that line. This is what tickles my exploit bone:
It seems they were using signed int256 and unsigned uint256 later, so it was overflowing and then getting smashed into a uint256.
Google's coding style guidelines explicitly said "NO UNSIGNED DATA TYPES" because it is all too easy to silently truncate, or extend values due to signed/unsigned mismatches.