[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]
2023-11: Warosu is now out of extended maintenance.

/biz/ - Business & Finance

View post   

File: 8 KB, 200x200, file.png [View same] [iqdb] [saucenao] [google]
2826157 No.2826157 [Reply] [Original]


ctrl+f "initWallet"
You pass the function your own address as the owner and it overwrites the original owners. Voila you now have control over that wallet.

>> No.2826173

Dumped this shitcoin a while ago.

>> No.2826182

uncle chang? it was you? you stole the eth?

>> No.2826186

No, just pointing out how stupidly trivial this exploit is.

>> No.2826188

Why did you do it uncle chang?

>> No.2826191



>> No.2826205

how would one go about stealing from the parity wallets with eth still in them?

>> No.2826212
File: 225 KB, 2400x2400, feels.png [View same] [iqdb] [saucenao] [google]

i wish i had the knowledge to pull shit like this

>> No.2826225

Who is this shit coder Gav Wood?

>> No.2826239

the inventor of the language you use to write ethereum contracts lol

>> No.2826243

this is why you dont fucking use any third party wallet, not even hardware

there is always some kind of flaw in it

>> No.2826246

Just goes to show the stupidity of people for holding so much money in this coin. And they're STILL holding.

>> No.2826253

how do i find parity using eth addresses?

>> No.2826254



Peter Pan, literally.

>> No.2826262

How do you hack these wallets gouiys? And how do you find parity addresses?

>> No.2826267



>> No.2826269
File: 4 KB, 165x157, ulxq.jpg [View same] [iqdb] [saucenao] [google]


What a retarded bug

Original author - https://github.com/ngotchac - confirmed absolute spastic

>> No.2826271

If an exploit is trivial, we have no reason to believe there arn't more exploits in Parity

>> No.2826288

the only coin worth holding is tether

rest is literally manipulated like all hell by gooks and miners

bitcoin, ethereum, litecoin, you name it, all scamcoins and vulnurable either to hacks or greedy gook miners

IOTA is the new coin that will kill them all

>> No.2826298
File: 57 KB, 600x691, 1500204122915.jpg [View same] [iqdb] [saucenao] [google]

> tfw actaully pretty good at solidity and would have seen this bug on code review


>> No.2826329

there must be a lot of vulnerable wallets left. start stealing anon!

>> No.2826339

I have that exact same cactus

>> No.2826355

>they built their network on javascript

explains everything really

>> No.2826374

So if i have access to a computer with parity installed on it why wouldnt i just send the eth to my own wallet anyway? am i missing something here?

>> No.2826384
File: 2 KB, 125x116, kikebook.jpg [View same] [iqdb] [saucenao] [google]

>taking what I told you in Discord and parading it on /biz/

I see how it is Chang.

But yes, it is trivial to do this and anyone can currently swipe wallets with multisig in a split second.

>> No.2826389

gib discord

>> No.2826406

Is eth going to 5$ or 0$ ?

>> No.2826416


I saw it first in another discord :^)

>> No.2826428

well what do you use then? I use a paper wallet from myetherwallet. Are you going to tell me that's no good either?

>> No.2826437

Ethereum isn't going anywhere as it wasn't a bug in Ethereum itself.

However, the vulnerability existed in a smart contract shipped with one of the largest consumed wallets, Parity.

To top it off, the person who shipped the faulty contract was Gavin Wood, who used to be part of Ethereum's team (he left, wasn't fired) and a big Bitcoin developer.

Ethereum itself is not compromised, but trust in the ecosystem is absolutely fucking shot. We can't even trust some of the veteran developers to look over their code.

This is bad.

>> No.2826444


not one cent more

>> No.2826462


Get out of here with your logic.

>> No.2826465

Eth is an absolute shitshow. The only reason anyone buys it is because of fomo sourced from redditors who missed out on bitcoin early. That first hack leadimg to the fork should have been a warning but then there was that status ico which exposed how slow the network is when in actual use and then the recent coindash hack and now this. Absolute joke.

>> No.2826470

Use a first party wallet which you can download from the Ethereum website. Myetherwallet is known to be very insecure, move your funds away from there IMMEDIATELY.

>> No.2826472

I agree on most points, except CoinDash. That was completely unrelated to anything crypto, their site just got hacked.

>> No.2826511

Oh look it's another "thing built for/on ethereum has a security hole but ethereum itself is still solid" situation.

Fake news, Ethereum still new gold standard, FUDDers just FUDing.

>> No.2826512

Correct but still if its based on ETH just write a smart contract to enforce the address or something. It did eth no favors.

>> No.2826521

Nice! Just sold 100k Ark!

>> No.2826727

Nice comprehension fuckwits. You realize GW submitted the fix, right?

>> No.2826748

Yes, and he was also responsible for letting the vulnerability through because it's his wallet.

The two aren't mutually exclusive.

>> No.2826771

>when the inventor of a new language can't even properly review code written in that language


>> No.2826790
File: 102 KB, 500x282, gasp.jpg [View same] [iqdb] [saucenao] [google]

>not understanding how development works

>> No.2826814

>when the system that should run the economy of the future can't handle 1 ICO


>> No.2826824
File: 17 KB, 500x333, DUMP IT.jpg [View same] [iqdb] [saucenao] [google]


>> No.2826842

They're both developers brainlet.

The only one that doesn't understand is you. Letting shitty code through doesn't get brushed off. As technical lead YOU are responsible for fuck ups, not the first day newbie you just let commit a $300m bug.

>> No.2826848

Charlie Lee wrote that.

>> No.2826852

New theory

Hacker uses exploit in Bancor contract to Move BAT out of Eth wallets

More and more the Eth alliance is looking more like the blockchain equivalent of Windows

44,000 - 37,000 = ~7000 ETH stolen from Swarm City

>> No.2826864

>Eth alliance is looking more like the blockchain equivalent of Windows

>> No.2826877
File: 234 KB, 589x534, 0PxNRCV.png [View same] [iqdb] [saucenao] [google]

>So if i have access to a computer with parity installed on it why wouldnt i just send the eth to my own wallet anyway?

You expose your keys on the local machine so make sure you don't have any zero day exploits on your machine

>> No.2826918
File: 494 KB, 654x653, 1500248142064.png [View same] [iqdb] [saucenao] [google]

is ETH the biggest tech blunder of our times?

>> No.2826951
File: 28 KB, 380x250, 1475415544754.png [View same] [iqdb] [saucenao] [google]

Uncle chang what happened to responsible disclosure?

>> No.2826966

next to linux, yes. don't even begin to look at kernel security flaws over the past 2 years wew

>> No.2826996

>the only way the mainstream public has heard about ethereum is through security flaws and money lost
really will encourage boomers to throw their 401k in this shitcoin

>> No.2827028
File: 58 KB, 960x842, sqbcH1Y.jpg [View same] [iqdb] [saucenao] [google]

E V E R Y O N E in this thread is retarded.

initWallet, as the name suggest, is called to initialize a new wallet. You can see the "only_uninitialized" modifier after the function parameters..
No wonder this ICO shit works, everyone is dumb as a brick

>> No.2827076

I linked to the current codebase. At the time that wasn't there which is why the exploit worked.

It was added in this PR a few hours ago: https://github.com/paritytech/parity/pull/6102/commits/e06a1e8dd9cfd8bf5d87d24b11aee0e8f6ff9aeb that supposedly fixes it.

>> No.2827079

Lol, retard


literally fixed 3 hours ago

>> No.2827102

It was already disclosed. I didn't find this vuln.

>> No.2827106

jesus fuck how did no one spot this

>> No.2827139

Someone did :)

>> No.2827190

>33million lost because somebody didn't properly scope a function

jesus christ

>> No.2827501

Another person is starting to siphon wallets now

>> No.2827537

> 60 replies
> Nobody shares the guide how to steal

>> No.2827538


I figured out how WhiteHat is finding vulnerable wallets. Technically someone can race them and beat what they're doing quite easily... they're crawling backwards through the blockchain and looking for vulnerable contract hashes.

>> No.2827547

It's literally in the OP you fucking retard. Execute initWallet with your address.

>> No.2827556

> Execute initWallet with your address.
How to?

>> No.2827616

kys it executes automatically after that.

>> No.2827635

You're hours too late.
White knights have rescued all the funds.

>> No.2827645

Why did the hacker only steal $30m? Could have stolen more no?

>> No.2827650

why would you waste your chance to be a millionaire i don't understand these people, just to be hailed as a hero?

>> No.2827654

>muh sekrit club
The contract source code was discussed on Reddit minutes after the hack.

>> No.2827674

> i don't understand these people
You don't understand what it's like to have a conscience? That's a shame.

>> No.2827690

They're smart enough to know they won't get away with stealing it. They know they'll be tracked down. So they pretend to be helpful and expect employment offers and bla bla bla.

>> No.2827727

Is this satire?

>> No.2827954

Did anyone try to steal anything yet?