/biz/ - Business & Finance

>>3639495
proof?

>>3639495
Post your address.

This cannot be happening.

I've been researching this project and posting many threads and posts with genuine info.

I was the OP for these threads for instance:
>>3611370
>>3600793

And now this is what I got.

I am heartbroken. christ

>>3639542
I'm not sure how to check for a withdrawal history.
Here's the thread where the link was posted.

DO NOT OPEN THAT LINK

>>3638523

I posted this in that thread: >>3638935

>>3639570
You mean the etherdelta address that was hacked?

>>3639542
I found a section in etherdelta that says "my transactions"
Is any withdrawal supposed to show up here? Because it doesn't.
There's nothing in that section.

I can prove I sent 20k LINK to that etherdelta address from my MEW, if you want.

>>3639623
Yes.

>>3639684
0xE02Ad40faC82845A94618423386842E49ff0ea8f

I'm finished, aren't I?

wtf is an AMIS token?

https://etherscan.io/token/0x949bEd886c739f1A3273629b3320db0C5024c719?a=0x4daa00c6944ef98cd7529121a0bbca353fd23d72

He got a few others
https://etherscan.io/address/0x4daa00c6944ef98cd7529121a0bbca353fd23d72#tokentxns

This is where the tokens ended up: https://etherscan.io/address/0x4daa00c6944ef98cd7529121a0bbca353fd23d72#tokentxns

Looks like he got a few people. Including 6 billion dollars worth of AMIS tokens.

I'm fucking sick.

All I ever did was be constructive and inform people about what I researched.

WHY DID YOU KEEP YOUR TOKENS ON ETHERDELTA FFS? Sorry for your loss OP, but why wouldn't you just withdraw to your MEW? Holy fuck.

what a smart

>>3639495
>>3639787
>>3639790
>>3639794
the fuck is this for real? How the fuck does it open etherdelta if you're not logged in, or were you? And how the fuck does it withdraw it?

thank you for warning others
did it steal from your Etherdelta balance or from your associated wallet?

>>3639839
a lot of people keep etherdelta logged in, it just transferred the tokens to his wallet using the script. ez gains

I'd be in for setting up a discord finding this guy
Alternatively we could do it in this thread, but I think it might be against the rules

>>3639856
so if I'm not logged in any wallet I should be safe if I ever dun goof like OP right? This shit is 2 spoopy 4 me

>>3639835
It was supposed to be as secure as a wallet.
But now that I think of it, the LINK was in the "balance" section.

>>3639841
I think it took everything from the balance, but not from the actual account.
There's still some ETH dust in there.

Apparently the tokens don't fit in the Etherdelta "wallet".

Havent invested in link, how much in btc did you lose bro?

He'll make a mistake and we'll find him when he tries cashing out. I'm already betting on his first mistake.

>>3639881
It was pretty much exactly 4,000 dollars. 20k LINK at 0.2 cents.

>>3639873
Sorry man, but the site looks and functions like Pajeet cancer. You should have been very cautious.

>>3639894
wasn't finding where the tokens went his first mistake?
>>3639873
forgot to give condolences OP

lol you can't find him guys, just give it up. ahahahaha. you're all wealthly anyways from crypto

>>3639642
Damn homie anon that's rough, if I hit jackpot with link, I'll donate some btc to you to get you back on your feet.

>>3639495
There's a sucker born everyday

>>3639907
very shit thing to have happened but as long as you don't let it put you off crypto altogether you'll bounce back before you know it m8, i'm sure of it

>>3639495
AAAAAAAAAAAAAAAAAA

>>3639934
this is a fresh exploit, link looked innocent and instantly redirected to a legit etherdelta URL but with a script injected in

not much OP could have done, never seen any sort of warning against keeping a balance on ED, obviously this will change now

>>3639941
I sold off my BTC and XMR for this anon.

Lost a bunch in the January 5 crash, so I only invested 500 dollars.
I grew that a little, and threw all of it into the Chainlink ICO because I researched it and believed in it.

All I had otherwise was some TNT.

LITERALLY ALL MY ETHER, ETH TOKENS, AND EVEN UNRELATED COINS LIKE NEO ARE FUCKING GONE. AND MY BANK JUST CALLED AND SAID THERE HAVE BEEN SUSPICIOUS WITHDRAWALS OUT OF MY ACCOUNT. FUUUUUUUUUUUUCK

>>3639977
fuckin hell this exploit is genius and simple- nefarious as fuck though and will have me thinking twice about clicking links here.

/biz/ isn't a secret club anymore and there are faggots out to scam us.

>>3639977
This.

DON'T OPEN ANY LINKS BEFORE TESTING

This blew a fucking hole in my soul.

1. Buy Monero. (Hacker will convert when done)

2. Buy a hardware wallet if you have loads of money in crypto. NanoS is great.

Also prepare for more FUD from the media. My condolences to everybody who last a large sum of his wealth.

>>3639495
Is there a dev. dude that can explain how this works for a brainlet? I get that the link could redirect me anywhere but how the fuck do they auto transfer link from my etherdelta?

>>3639977
>never seen any sort of warning against keeping a balance on ED
I think you can only keep tokens in the balance.

So NEVER keep any tokens on etherdelta.

>etherdelta once proving itself to be shit at everything

>>3640025
Code injection. They have JavaScript commands in the url that you execute when you open the url.

>>3640002

/biz/ has never been a secret club. It's kinda an open house party that lets strangers in 24/7. We got some regulars but you can tell by how people talk (e.g. random shillers who appear to be into the crypto scene yet can't recognize any of the memes) that we're constantly getting newfriends here.

If you didn't want this to happen disable javascript

I'm not getting back up from this. This was simply too much money for me.

>>3640080
if you disable javascript etherdelta will stop from functioning.

>>3640082
how much did you lose?

>>3640049
damn.. I mean this rly fucking sucks for everyone who lost money with this but at the same time whoever did this is a clever fucker.

>>3640082
Damn OP I feel so sorry for you, you got more link stolen than my entire portfolio. Is it time to liquidate LINK until the fire settles?

>>3640049
one would think any modern browser would drop all urls with "script" on them.

>>3640035
So where should i keep my LINK?

SO did anyone try the address just cause fuck you? I'l curious, why would the OP give the full address?

yeah no, this is untraceable
only way to find this guy is to somehow hack into the transaction data, which is what cryptocurrency is heavily armed against...

>>3639916
I wonder who could be making this post!

>>3640049
why isn't this way more common? like why aren't thousands of scripts being listed every day? or why aren't thousands of hackers attempting to hack into thousands of reputable sites and upload malicious scripts every day?

>>3640096
4,000 dollars in LINK and one ETH in TNT.
Literally everything I had outside of my bare necessities.

>>3640106
Nothing wrong with LINK at all, just move your shit out of etherdelta.

>>3640119
MEW
Open the "ethplorer.io" somewhere to the right to view your tokens

>>3640124
The guy will convert it all to ether via etherdelta (chance to buy cheap) and then convert it to Monero to make untraceable.

Screencap this.

>>3640136

If I understand how this worked correctly it would only work if:

- You are keeping balances on ED
- You are using ED as a wallet (letting them manage your private key

NO ONE should be doing either of these things

>>3639495
I didn't have anything on ED. Am I safe?

Did it put a keylogger on? I don't get howt his works

Should I log on my ED? and transfer my stuff?

Does etherdelta not use a 2FA or passphrase system?

>>3640159
You manage your own private keys on ED.

>>3639870
want to know this aswel

the script looks for .pks (private key) and sends it to his website.

he does the rest. RIP to everyone who lost their shit.

>>3640167
If you don't have anything on ED what exactly are you planning on transferring?

>>3640167
Sorry, my meant should I log on My Ether Wallet and tranfser my stuff to a new wallet?

>>3640105
doesn't really take brains, it's more a case of it being insane that etherdelta wouldn't have that shit sanitized

i'm not a fucking begging man, but oh my god am i desperate right now

>>3640175

Did you use metamask or what?

Well you can trace the person who posted the link on 4chan. 4chan has his IP address so maybe you have a chance. Thought I don't think what he is doing is illegal so tough luck

>>3640205
no

>>3640167

I just checked it out in a VM. It's a javascript injection attack in the URL after it redirects from the fake tumblr URL. There is no keylogger from this exploit.

>>3640223
ok. I didn't have anything on ED and didn't associate anything to my MetaMask (dont know if that matters?)

So I'm bascially safe right

>>3640223

if i clicked the link, should I clear cookies and stuff? what do

>>3640223
Is etherdelta not open source? How the fuck does this shit happen.

>>3640220

What did you typically use to authorize transactions? If the answer is just ED then your private key is managed by them or stored in browser data, both of which are bad and should never be done.

>>3640244
send ur etherdelta stuff away and make new private key and account

i was just trying to withdraw my link to my mew, opened my mew and copied my address

and then i went to etherdelta and suddenly the 20000 just turned to 0

>>3640223
You just gotta love Java for that...
I could´ve be fucked if i weren´t lazy as fuck.

>>3640242

If you had nothing on ED, you should be fine.

>>3640244

Not necessary. The script only executes when the URL is loaded.

>>3640250

They only have their minified source on their github IIRC.

>>3640255
>lta stuff away and make new private key and

yeah already did that, even though i quickly closed the link even before anything could happen

>>3639787
it's a scam because some clever boy was able to execute JS when you click the link he sniff the pw and sends to some php server

>>3640183
to send a message to the hacker do this:
requestb.in/19nxov41?1= "insert your message here"

>>3640260

Javascript, not java. But this was a very amateur error on ED's part.

You know 4chan is usually filled with autism and cancer, but sometimes you guys are alright.

is there a whale here who would like to save a life?

>>3639916
Please die of an horrible death.

>>3639495
>what-happened-to-the-linkfags
LINKies absolutely demolished hahahaha

>>3640290
I tried. I posted a bunch of threads and posts with legit info about LINK. I think I swayed a lot of minds.

I posted these, and they got linked a bunch of times:
>>3611370 (You) (Cross-thread)
>>3600793 (You) (Cross-thread)

I'm pretty sure I helped a lot of people make money on LINK.

>>3640284
how a company moving millions has an xss vulnerability

these are the retards you are making rich, /biz/

>>3640252
>If the answer is just ED then your private key is managed by them or stored in browser data, both of which are bad and should never be done.
so wat do? please help poor brainlets out, we need to make crypto theft prevention generals for this shit now

>>3640279
wtf is that?

someone read the script and find out where it's sending the private keys to

Am I safe if I clear all cache, passwords, cookies, everything stored in my browser then click on that link?

Anyone that has clicked the link should at this point remove any association with your private key and your coins. The script injection searches for your private key(s) and forwards them to the attacker. At this point he can technically continue to steal coins as long as you're still using the same private key.

>>3640335
only the etherdelta one though, right?

>>3640323

Rotate metamask keys. Don't keep anything of value on any web-connected exchange or interface, period.

>>3640326

It is going to some server he owns.

>>3640332

Rotate metamask keys.

>>3639495
Jokes on the scammer, those tokens are worthless hahahaha

>>3640346
Any private keys saved on Etherdelta are compromised.

HOLY SHIT! my shit just got hacked too! All my shit went to that same fuking ED address

>>3640381
Nothing else though, right?

>>3640279
that requestb shit is from the injection, pic related

>>3640401

No, this was not a keylogger attack. If your private key was not associated with ED at the time you opened the link, you should be fine.

>>3640384
reposting

>>3640416
Correct, if you were currently logged into Etherdelta at the time your private keys were compromised. Otherwise clicking the link will do nothing.

>>3640401
Please dont kill yourself. Remember love is all you need

>>3639495
I don't get it, what links are on etherdelta?
Trying to do some trades right now and need to know what not to do.

Just a friendly reminder that you should ALWAYS ALWAYS ALWAYS ALWAYS ... ALWAYS

GOOGLE SEARCH URL LINKS - FROM ANY SITE

I mean, I don't give a fuck if its on your Facefuck - GOOGLESEARCH IT!!

Your antivirus and firewalls don't do dick if you don't.

The fucker pulled a good one, almost got hooked as well

I'm really sorry OP, I really am. The promise of /biz/ is that we're all gonna make it.
I'd send some, but I've got 70 LINKs... :(
I'm really sorry

>>3640464
look a

oh shit the 20k link is you
feeling very sorry

>>3640464
Don't open the link in the OP is what not to do. If you do it will redirect you to etherdelta but with an xss added to the link which will send the private keys you have on the site to the attacker.

WHOIS lookup of requestb.in returns a record of Runscope (https://www.runscope.com/).). Requestbin is a service that allows you to inspect and monitor HTTP requests. My assumption is that the attacker used it as a proxy or gateway in front of their actual server? Regardless, for people who got their coins stolen, it may be worthwhile to get in contact with Runscope and see if you can get account holder information for that requestb.in endpoint. Threatening with legal action may help.

OP here

I am not a begging man, /biz/; but i sure as fuck am begging now.

I lost 4,000 US dollars in LINK (and one ETH in TNT)

I tried to be helpful, help others make some money.
Like this thread I started:>>/biz/thread/S3552882

And my reward has been theft.

My addresses:

Ethereum: 0x77f5aF1261dA5d3a2c7ed507bb6284894E297FA0

Bitcoin: 36uvsWh37h5mf11zxPgWGpazPudSVSUyw8

I will do everything you ask to prove what I receive.

>>3640002
It's also a really good lesson about not staying logged into exchanges and shit. I actually changed the auto log-out timer to 60 minutes in the exchange I use because I was tired of it logging out all the time. I'm going to change that back to 15 minutes, and finally set up 2 factor authentication. There's no reason to be lazy about this kind of shit any more.

>>3640507

I will write up a post-mortem for this, likely on Reddit. Hopefully if enough people complain the parent company will be pressured into taking action. I will repost here once it is finished. If any anons are knowledge of web security or secops, feel free to chime in.

>>3640446
>love is all you need
>post cute slut that will never love me
Maybe I should kill myself too.

>>3640493
Ah I was wondering where the attacker left it, it was in a thread then.
As long as I don't go off etherdelta/4chan I should be fine then.

That's pretty fucked up though. Crypto is already easy money then people go and do this shit.

>>3640518
If I was rich I would help you out but I'm just a poor fag with barely over 1k in my portfolio. I hope some whale helps you out. You are the one begging faggot that deserves it

Notified the website he used to extract the information to report him to the authoroties.
Hopefully he gets caught

>>3640049
Everyone!

>Install NoScript
>Install RequestPolicy

They are browser addons that will block and notify you about every script and redirect on pages. Block everything by default, and only allow the scripts and redirects that are absolutely necessary for whatever you're doing on the page.

Yo, can you guys tell me how long it takes to transfer my shit from etherdelta to anywhere else?
It's been pending for 30 minutes now

Always always always just use metamask.

>>3640566
good advice

>>3640570
how much GAS did u set? it u set to 21 gwei it should take 2-3 min

>>3640159
And presumably you aren't logging out of ED

>>3640556
>As long as I don't go off etherdelta/4chan I should be fine then.
If you hit a malicious link on any site you can still get your shit stolen.

>>3640566
>RequestPolicy
This is actually a good idea for anyone that is concerned about this.

>>3640570
Depends on gas used. As long as it's pending you should be fine.

>>3640507
>>3640546

doin gods work son

>>3640494

Can you please post a text version or upload this to a pastebin site? I would like to include it in the writeup I am doing.

Guys, since we're discussing these issues can you recommend any security steps should be always taking? Something like >>3640566

>>3640518
I would love to help you, but I cannot spare anything. I have only 8k LINK myself and that is my whole crypto balance. However, please make a thread on the front page and I will help bump it up.

Also, if LINK does moon in the next few months, I would help to at least replace your lost principal if other anons would chime in as well.

>>3639495

just lost 100k

>>3640627
Don't use exchanges for storage for one thing.

>>3640518

maybe prove you're the one that lost the 20k LINK by posting the private key of your hacked wallet
(0xE02Ad40faC82845A94618423386842E49ff0ea8f)

if you have the private key I think some richfag will help you out, otherwise gtfo

>>3640518
I'm going to post my handwriting and literal keys for future identification.

If I ever get back to where I was, I will post this to prove it's me and show my gratitude.

I'll add requested phrases to this page as proof.

>>3640605
https://pastebin.com/uraxVMTh

>>3640627
Get a trezor and never keep tokens on etherdelta. If you need to use etherdelta again, create a new wallet for it

>>3640518
aint decentralized exchanges marvelous

>>3640518
will note your address down

if i make it big one day, i'll send you some, but right now im stuck having my money down 50% with fucking ethbet, just fuck my shit up senpai

>>3640645

Thanks anon

>>3640629
>>3640643
I saved the picture for possible future reference. Good luck anon. I am very sorry.

>>3640643
>inb4 keys are duplicated and distributed
Come on OP dont make another mistake so soon

OP, is that you: https://medium.com/@rleshner/security-vulnerability-etherdelta-10556d6e72a

Did they empty out your ED balance? Because my tokens are still on the ED balance and I clicked on the link, but closed it within 2 seconds. I can't withdraw to my ED wallet now, right, since my private key could potentially be compromised?

>>3640638
Hold on.

But what if the LINK comes back or is refunded somehow?

>>3640643
Your car is mine now, lad.

he's not sending anything to any server

requestb.in creates a "bin" that you can watch for incoming requests. So basically the script does request to his "bin" with your private key (why the fuck are they stored in the browser lmao) and he can watch that.

I am currently taking a malware analysis class in school. Will definitely bring this up to my professor and see what is up. He's worked with the NSA. Currently on a VM collecting as much evidence as I can. Anyone find any luck with getting any source code or something that can be disassembled?

>>3640666
hello satan

>>3640684
Bro get that shit off your etherdelta RIGHT FUCKING NOW.

The hacker has your private key if you clicked that link. Withdraw all funds from etherdelta smarcontract to the linked wallet, and send from that wallet to a different wallet.

Your etherdelta wallet's private key is known.

>>3640518

you should ask Romano

https://twitter.com/RNR_0

he's a buttcoin millionaire

>>3640684
hacker basically has your key right now, as soon as he decides to he'll get your shit unless you gtfo that wallet ASAP

>>3640715
They only have it if you clicked the link correct

>>3640662
Thanks man.

you really should not repost link. Kids are gonna re write the script pointing to their wallet and re distribute.
A likely scenario is the OP did just that.

>>3640684
open your wallet in myetherwallet, extract everything to a new wallet

and do this asap anon

once your shit is out of that etherdelta wallet, he cant do shit

>>3640708

Its a really simple XSS exploit of ED's shitty coding for account management.

They're storing private keys in FUCKING BROWSER LOCALSTORAGE IN PLAIN TEXT

When you click this guys like the URL has a script appended that runs and says "Are there private keys in localstorage? If yes then send them to my bin URL so I can write them down"

If you are using metamask you're fine as those keys are not stored in browser localstorage.

>>3640708
>malware
>something that can be disassembled
>xss

you're gonna fail that class, especially if you are too retarded to check a website's page source

I wrote a quick bit on this covering what the hack was, what the consequences were, and possible recourse for those affected: https://www.reddit.com/r/EtherDelta/comments/72vltl/malicious_urls_redirecting_to_ed_with_embedded/

If any anons have stuff to add, reply to me here. This is pretty shitty for people affected and I would like to prevent it from happening to others.

It's every link from that tumblr, right?

>>3640762
Thanks for doing the work on this bro.

>>3640745
>>3640762
ITS HAPPENING

>>3640715
>>3640746
But I mean if the link wallet's private key has been compromised then withdrawing my LINKS to the linked wallet would mean I'd get cleaned out, right?

>>3640518
>>3640643

If I hit jackpot, I saved your addys and timestamp pic. Will start thread here on biz with that same pic to find you again and donate to you. This is seriously fucked up and hope to receive some karma coins only.

>>3640313
I got robbed too.. but some SAINT blessed me with 400 LINK.

Give me a way to contact you && i'll send you something if we moon to lambo land..

unironically you're why I bought in LINK in the first place

>>3640749
>They're storing private keys in FUCKING BROWSER LOCALSTORAGE IN PLAIN TEXT

>>3640767
yes, the tumblr has a built in script that redirects to a shortened url which in turn has the xss

>>3640781
you basically need to withdraw your shit before he does

if you can get them safely to a new ethereum wallet address, he cant touch them as he dont have control over the private key anymore

look your etherdelta wallet up in etherscan.io, if there's still tokens on it, you still have time to save them

>>3640793
Thank you man.

noscript protects against bittrex phishing
noscript protects against etherdelta attack

noscript is the saviour

>>3640601
>id BOFAGL

>>3640793
seconded

>>3640795
>unironically you're why I bought in LINK in the first place
It was my pleasure, the project is great, and will do great things.

Here are my addresses, >>3640518

but don't send anything if you're down in the dirt too.

>>3640749
>They're storing private keys in FUCKING BROWSER LOCALSTORAGE IN PLAIN TEXT
Well how else should they've stored them?

haha exchange fags btfo when will they learn

>got Goxed
>got btce-d
thank god I dodged the bullet this time

>>3640722
He would help me?

>>3640749
>If you are using metamask you're fine as those keys are not stored in browser localstorage.

I use Parity with their browser extension. In the top corner of ether delta it says "metamask" in a green box. Does that mean I'm using metamask and is safe?

>>3640822
noscript also prevents basically every site from functioning properly, forcing you to sift through 40 scripts to enable the right ones. Fuck that just don't click shit

kek this xss is so easy that you can recreate it by yourself in minutes.

simply edit the script to point to your own request bin and put it through the google shortener, then include the link somewhere/make it autodirect with js

>>3640864
I only left them on there because I was under the impression ED was as good as a wallet.

>>3639495
Never knew a /biz/ thread could move so fast and for a "good cause", I think you're making history anon, still sorry it had to be like this, I'll be watching out for your charity thread when this shit moons!

>>3640643
>>3640518

bump

>>3640863

In metamask or airbitz and they should only exist decrypted while in memory. The current implementation is completely unacceptable and actually insane in terms of crypto security.

>>3640896
>I'll be watching out for your charity thread when this shit moons!
I will probably post one regularly, hope people understand.

>>3640877

Yea parity or mist is fine too.

Would ublock origin protect against this kind of attack?

OP, I'm so sorry you lost all that money. It must be heartbreaking. I would donate some your way if I weren't so poor myself.

>>3640898

Are you in any Discords? I'd like to get in touch with you

ALSO to everyone that got hacked, can we just MOB the "Etherdata Help chat"?????

>>3640961
>Are you in any Discords? I'd like to get in touch with you
I'll do anything right now bro, just point me to where I have to go.

>>3640691
prof?

>>3639591
You're down but you're not out. So dust yourself off and keep trading faggot, this shit is the future.

I lost my rent money for an entire year last month fat fingering a trade. I'm still here and now I'm in the green again. You can do it.

>>3639495
LINKED
I
N
K
E
D

here we go... man i love urlquery :)

https://urlquery.net/report/e57fba9c-4e56-4021-92cb-f9026aacf8a0

>>3640974
You want proof?

Is giving the private keys the only way?

Because I'll do that if it is.

>>3640793
I'm in on this too.

>>3640984
>https://urlquery.net/report/e57fba9c-4e56-4021-92cb-f9026aacf8a0
>1 post by this ID
>no google search results

CAUTION CAUTION CAUTION

(not saying it is malicious, but gotta prepare for the worst)

>>3640989
https://www.myetherwallet.com/signmsg.html

>>3640989
yeah, but the hacker has it as well.

hmmmm

guys what if OP is the scammer himself and this is his bid to get pity money because nobody fell for his script?

>>3640892
desu I would have thought the same, especially because people are recommending online wallets like myetherwallet for ETH stuff and this security leak is really a basic noob style mistake wtf

>>3640732
there isnt ONE link you fucking idiot

It could be ANYTHING by now

get it the fuck off etherdelta or i will rip your cock off

>>3641008
Is this to verify the etherdelta wallet, or the wallet I posted for donations?

wait my id changed, i changed rooms, hold on changing back

>>3641006

urlquery is a malicious link index. It is meant to alert people that a link is malicious. If you don't trust it (which is valid) then visit urlquery yourself and enter one of the malicious tumblr links for a report.

>>3641034

We know the attacker's collection address, and we can see lots of coins moving into it. Very unlikely OP is the attacker.

>>3641038

MEW is NOT an online wallet, that is why it is recommended.

>>3641045

He is saying you can sign a message with your private key, and then we can decrypt with your public one. This would prove you have ownership of your private key/address. Of course, technically so does the attacker ;^)

>>3641067
back

>>3641034
dude I fell for his script. Hundreds of dollars.

I trust this anonbro.


I just made a discord for people who got scammed (Or other /biz/tards who would like to start a more personable community of people who are trustworthy and have eachothers backs in times of crisis like this and the such..

https://discord.gg/JHN7Mg

>>3639495
I lost 100K
Can I ask for a refund from ethereum foundation?

>>3641034
No, can confirm OP was scammed, I was in this thread and watched it happen
>>3639307

>>3641108
That was me.

I only just finished writing up this entire informational post: >>3638935

>>3641074
>MEW is NOT an online wallet
then Im stupid

>>3641127

It generates wallets and does all private key interaction offline. Your private keys never leave your local computer on MEW.

>>3640870

He read your thread, look. https://twitter.com/RNR_0/status/913154232618012673

>>3641127
Generate your MEW wallet and refresh the page, see what happens

>>3641117
You still got some link tho. May not be a mansion, but at least it's a lambo

>>3640172
No. They don't even use a condom.

>>3641180
If he reads this thread and helps me back on my feet I will fucking dig my face into my keyboard and cry, facetyping 5GB of unreadable gibberish

>>3641206
WITNESS ME

>Not having another browser (opera) for trading on Etherdelta
>Not only using this browser for trading and only logging into etherdelta via this browser
>Not using Chrome for /biz/ and actual browsing
LMAOOO :DDD

>>3640518
OP, make a burner email and post it here so that if we make it rich we can help you out

>>3641257
I'll do this from now on. It'll probably crash my laptop, but it's worth it.

>>3641272
Wouldn't it expire qucikly?

>>3641180
Isn't he a manlet? Fuck that guy and short his shitcoin, pun intended.

>>3640518
>>3641206
>>3641237
Not much but I'm sending you .02BTC.

>>3640518

>36uvsWh37h5mf11zxPgWGpazPudSVSUyw8

Some kind soul actually sent you $80 in Bitcoin

>>3641321
>>3641319

it does lead to etherdelta. tried it out because poorfag with only $5 worth of eth :(

UPDATE

I got 420k "good karma", but I'm not sure what that is.

>>3641319
>>3641319

I see it! Thank you man. May the good vibes and green candles follow you wherever you go.

>>3641350
>420k
Not 420k, but 420.

Happening on reddit:
https://www.reddit.com/r/EtherDelta/comments/72vltl/malicious_urls_redirecting_to_ed_with_embedded/dnlo3hv/

>>3641416
Thanks for spreading the word.

>>3641294
Nah those things last forever man. It takes work to fucking delete them half the time lol

>>3641446
Can you recommend one?

My nerves are shot, "burner email" links are freaking me out.

Lesson learned, never use etherdelta
Good thing I didn't
This is the MtGox lvel flippening.

>>3641471
This thing hit me ouf of nowhere. Fucking aching right now.

>>3641471
The 6 billion is just some shit token with no volume, the price is meaningless and he has the market cornered most likely. It's worthless. He stole roughly the value of a shitty car. Some Mt. Gox

>>3640313

Sorry for your loss OP. Can you elaborate on why Ripple is at odds with SWIFT? Saw you mention that in one of those threads

>>3639495
The good folks over at meatspin.com can help you out in this sort of situation.

>>3641464
Oh, all I meant was like a burner email like a random Yahoo mail or hell even a proton mail, just something you don't use for anything else.

Though I guess everyone's saving your wallet address-- just don't lose it or change it

>>3639495

what the FUCK is nothing safe on the internet? I can't even open a tumblr link anymore?

I don't get it what happens when you type that in? It injects some javascript script but how can it do that without permission!?!?

>>3641509
Not sure why or when it started, but it's real.
Ripple is hosting an alternative conference btw at the same time and even in the same city as SIBOS.
Guess who's a keynote speaker at that Ripple conference? Ben "printing press" Bernanke.

SWIFT is showcasing a decentralized crypto tech, and Ripple is bringing out the symbol of centralized finance.
Crazy.

>>3641532
The days of E-1337 hackers on 4chan are back, boys

this is why you use no script on your dedicated cryptobrowser boys
hope you all learnt a valuable lesson

>>3641530
>Though I guess everyone's saving your wallet address-- just don't lose it or change it
Will definitely do.

>>3641549
I did.

>>3641532
Why aren't you running extensions like noscript

>>3641544

wha...what if the hacker sends it all to a burner address just to fuck with everyone

>>3640533

Wait lmao, all the people on etherdelta that got hacked didn't have 2FA set up?

Its 2017 and they still weren't using 2FA?

Lmao enjoy the free money hacker good work

>>3640290
i wish someone had told me yesterday. some of you guys are alright dont go to etherdelta tomorrow.
I didnt get stolen. i dont get it. only the ones thet clicked the fake url got robbed?? or anyone in ED can still be robbed??

>>3641532

EtherDelta does not strip or clean query params, so arbitrary scripts are able to be loaded and run. This is compounded by the fact that when you upload a private key to ED, it loads it into a javascript object and thus, is accessible by the script.

>>3641542
Some guy in this thread gave a bunch of solid advice about how to set up a tax-free money haven in the carribbean, said he was a banker, and then at the very end before leaving basically said "some of you guys are alright, don't go to Chainlink on the 16th"

>>3634968

He said "what everyone thinks is about to happen is not going to happen". I figured he was just trying to scare weak hands but maybe he knows something

How fucking ironic is it that I posted this:
>If you don't trust my link, google "Information paper Distributed Ledgers, Smart Contracts, Business Standards and ISO 20022"
literally minutes before I got hit with a malicious link.

>>3641580
only if you clicked it, it takes your private key.

>>3641574
>etherdelta
>2fa

>>3641574

2FA has nothing to do with this exploit.

>>3641580

If you have uploaded a private key to ED and you have token associated with that private key AND you have clicked a malicious link, then you are at risk. Otherwise, you should be ok.

More info here: https://www.reddit.com/r/EtherDelta/comments/72vltl/malicious_urls_redirecting_to_ed_with_embedded/

>>3641590
>"some of you guys are alright, don't go to Chainlink on the 16th"
>He said "what everyone thinks is about to happen is not going to happen".
We know exactly what will happen: LINK will showcase 2 specific and practical use cases with SWIFT integration.
This will provide them with exposure.
No downsides here. No unrealistic expectations.

Why does anyone even care? This is the wild-wild west. Right Guys?
It doesn't matter that hackers and scammers can act maliciously; it just robs money from the stupid people and makes the community stronger. Right Guys?

It seems from the plebbit comments that ED now sanitises script tags from addresses. As such, this particular attack vector is now closed off.

Not saying that ED is entirely safe - if it wasn't implementing this basic level of appsec, you can guarantee there are other rich seams of exploits to discover.

My heartfelt condolences OP. Genuinely hope you can bounce back from this and find some peace.

>>3641644
The busboy (Ripple agent) is going to coinmarketcap Sergey in the bathroom while he's vomiting mom's spaghetti getting ready for the presentation.

The murder will be blamed on Steve Ellis. Screencap this.

>>3641676

They haven't clarified that comment. My issue is still open on their github.

>>3641690

Indeed and agreed. I hold my comment in contention.

>>3641680
Delete this.

But why did they only steal Link?

>>3641721
It's an elaborate fomo campaign

>>3641614
Fug. I dodged that bullet Matrix-style. The CryptoGods spared me this time. The OP that got robbed must post proof so we can chip in when we made it.

It seems like I took the bullet for /biz/ on this one.
Fuck

>>3640406
Programmer here. I understand what this guy did. It's not actually a hard attack.

The programmer of ether delta screwed you all over by not doing BASIC VALIDATION. I'd say this is almost criminal negligence. Validation is the first thing you normally do. This is not the fucking 2000's anymore.

Take your complaints to the creator of etherdelta.

This is why you use a script blocker

>>3641721
They took some TNT I had too.

>>3641731
>The OP that got robbed must post proof so we can chip in when we made it.
Tell me how.

The private keys aren't proof, according to other posters itt the hacker has them too.

AHAHAHAHAHAHAAAAAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAAHAHAHAHAHAHHAHAAHAHHAAHHAAHHAHAHAAHHAHA

>>3641738
>Take your complaints to the creator of etherdelta.

This is him

>>3641738
This.
This was a rookie mistake.

>>3641721

They transferred any ERC20 token that the private key had access to. You can see this at the attacker's token address on etherscan.

>>3641738

I filed a github issue. Supposedly they said its fixed but he only uploads minified js builds to github so you can't really audit it. Also the last commit in the repo is before I made the reddit thread/github issue, so either they did a live update and pushed directly to their CDN or they didn't actually update.

>>3641745

I would need to do more testing, but this was not an externally loaded script. You would need something that completely blocks all JS like strict NoScript settings.

>>3640518
>>3641319
Sending .02 BTC too. The only donation on /biz/ I will ever make.

>>3641749
Post a picture of your private key handwritten along some personal item unique to you. Only the thief and you know your private key. And its unlikely you are the same person. DO it now before the thief decides to post all the private keys online just for shits and giggles.
in the future you can post you wallet address along with a handwritten timestamp and your personal item. then we would know it is you

>>3641503
I calculated how much he stole and It added up to 80K without the 6Billion scam token.

>>3641808
Monero about to rise

Just confirmed with EtherDelta engineer that this has been patched as of 4:16pm EST today (9/25). Still asking for full code to audit the patch, but I guess we have to take his word for it currently.

protip for you newfags: if you don’t want to use metamask then use etherdelta in private browsing and simply close the window once you’re done. I have a bait private key in my regular browsing tab for this exact reason.

>>3641829

This would not entirely save you from this exploit, if you had browsed the malicious link in that private browser.

>>3641791
Yeah but it could of stopped you from getting redirected to that exploit.

>>3641819
Ye strongly predicting this one to. Ether => Monero => Monero => BTC.

This is why Monero will continue to climb in value faggots.

>>3641806
I guess there's no harm now that everything in there is gone, right?

Here it is with the same keys from >>3640643

>>3641738
100% this. Whoever made ED is a complete and utter retard.

>>3640364
Why would a friend's basement have an exit sign?

>>3640643
Nice handwriting. It's hard to read but it looks pretty.

>>3641916
Thanks

ED dev just emailed me the source patch. I will review it, but until then be reminded you can only take his word that this was patched. Be careful out there anons.

>retards actually trusting their money with etherdelta
Even yobit is more reliable ffs. You have only yourselves to blame.

Now this bittrex fud makes sense.

Gotta turn in, thanks to everyone for the good vibes.

Seems like this thread has been helpful at least.

>>3639495

these fuckers took 6k FAP from me.

This was my retirement I was holding till the end of the year. fucking cunts.

>>3641738
This. It's totally retarded. I've been validating user inputs since 2007. XSS shouldn't exist anymore.

>>3641966

And to mention, they left ALL my LINK! Fucking assholes.

>Crypto is safer than stocks

HAHAHAHAHAHAHAHAHA

>>3640518
You still have $600+ worth of LINK. It's more than a lot of people, just saying.

>malicous links stealing LINKS

>>3639495
Woah, reflected cross-site scripting. Didn't realize this was still a thing.

>>3640518
You already have more money than me man.

>>3642018
>>3642052
I just lost a fortune, what's left leaves me destitute in my situation.

>>3639495
Use MetaMask and don't leave a balance. This type of shit should have been obvious already.

>>3642185
You can't use metamask on Brave, can you?

>>3642185
>(((chrome)))
fuck off desu

>>3642182
>4k
>a fortune

>>3642269
That's the point. It's a fortune to me.

i always had a gut feeling to stay away from ether delta, glad i listened to it. shit luck guys

>>3642288
It's roughly equal to a monthly wage in a normal fucking first world country. Are you a nigger nigger?

>>3642319
He writes like a richfag tho:
>>3640643

>>3640806
how are they still doing this? it's like a 1000 people trying to do business at a garage sale cash register

>>3642319
>>3642368
in Europe 1-2k euros is average/normal for a good monthly wage, have 5 people working under me in IT sector and making little over 1k euros

>>3642388
Eastern europe doesn't count as first world.

>>3642388
Is that after the socialized health care and refugee housing taxes?

>>3642421
Spain and Scandinavia in my experience, you mongol

>>3641936

Reviewed the patch and did some light testing. This appears to be patched and secure now.

Granted I did not perform a full audit of the entire source. The developer has said he does not want to release the source in full because clone sites would pop up.

Regardless, this vulnerability is fixed now.

>>3642650
Link to the patch? Or, part of it rather.

>>3642675

The (minified and public version) is here: https://github.com/etherdelta/etherdelta.github.io/commit/7180d13c19a6639b274d2888c22bf120ad82a8f5 but its just the minified js blob, so not really helpful.

The developer emailed me the non-minified version and asked not to publicly disclose the source. I can however provide testing instructions for those interested in proving this is now patched.

>>3642698
>The developer emailed me the non-minified version and asked not to publicly disclose the source.
Does he think that will stop someone from finding bugs to exploit?

>>3642421
>1-2k euros a month
>eastern Europe
holy shit you're fucking retarded

>>3642779

No, his reasoning is that others would clone the site and take fees, thus diluting his earnings from ED. I don't agree with that, and we know that closed-source software leads to more vulnerabilities, but he was kind enough to email me the patch source and if I give it away, I doubt he will be comfortable doing so in the future. Don't want to burn bridges in case something like this happens again.

>>3642421
Don't embarass yourself any further burger

Wait if I clicked on the malicious link could the guy even get my ETH if I literally have 0 eth to pay for gas.

>>3642821

>0 eth to pay for gas

then how do you have anything that could be stolen?

>>3642834
Tokens.

>>3642319
Is it incomprehensible that someone could be making less. all you really wanted to do was asymmetrically brag about yourself hope you get hit next faggot.

>>3642958

Yes, if the private key uploaded to etherdelta can access them, so can this exploit.

>>3639866
>>3640961
>>3640967
>>3641089

He was in our discord server recently

His discord name is davidgandy#6649

We have coders in the +3000 bitpam discord solving this theft

discord.gg/VpPrGmF

>>3643363
you are just promoting your shitty discord group full of retards. Fuck off