Thread replies: 74
Thread images: 11
Thread images: 11
https://github.com/paritytech/parity/blob/master/js/src/contracts/snippets/enhanced-wallet.sol
ctrl+f "initWallet"
You pass the function your own address as the owner and it overwrites the original owners. Voila you now have control over that wallet.
>>
Dumped this shitcoin a while ago.
>>
>>2826157
uncle chang? it was you? you stole the eth?
>>
>>2826182
No, just pointing out how stupidly trivial this exploit is.
>>
>>2826157
Why did you do it uncle chang?
>>
>>2826157
how would one go about stealing from the parity wallets with eth still in them?
>>
>>2826157
i wish i had the knowledge to pull shit like this
>>
Who is this shit coder Gav Wood?
>>
>>2826225
the inventor of the language you use to write ethereum contracts lol
>>
this is why you dont fucking use any third party wallet, not even hardware
there is always some kind of flaw in it
>>
>>2826186
Just goes to show the stupidity of people for holding so much money in this coin. And they're STILL holding.
>>
how do i find parity using eth addresses?
>>
How do you hack these wallets gouiys? And how do you find parity addresses?
>>
>>2826254
https://www.youtube.com/watch?v=I_hEL-RoEec
>>
https://github.com/paritytech/parity/pull/6102/files
What a retarded bug
Original author - https://github.com/ngotchac - confirmed absolute spastic
>>
>>2826186
If an exploit is trivial, we have no reason to believe there arn't more exploits in Parity
>>
>>2826246
the only coin worth holding is tether
rest is literally manipulated like all hell by gooks and miners
bitcoin, ethereum, litecoin, you name it, all scamcoins and vulnurable either to hacks or greedy gook miners
IOTA is the new coin that will kill them all
>>
File: 1500204122915.jpg (57KB, 600x691px) Image search:
[Google]
57KB, 600x691px
> tfw actaully pretty good at solidity and would have seen this bug on code review
WHY DIDN'T I LOOK :(
>>
>>2826298
there must be a lot of vulnerable wallets left. start stealing anon!
>>
>>2826298
I have that exact same cactus
>>
>they built their network on javascript
explains everything really
>>
>>2826288
So if i have access to a computer with parity installed on it why wouldnt i just send the eth to my own wallet anyway? am i missing something here?
>>
File: kikebook.jpg (2KB, 125x116px) Image search:
[Google]
2KB, 125x116px
>taking what I told you in Discord and parading it on /biz/
I see how it is Chang.
But yes, it is trivial to do this and anyone can currently swipe wallets with multisig in a split second.
>>
>>2826384
gib discord
>>
>>2826384
Is eth going to 5$ or 0$ ?
>>
>>2826243
well what do you use then? I use a paper wallet from myetherwallet. Are you going to tell me that's no good either?
>>
>>2826406
Ethereum isn't going anywhere as it wasn't a bug in Ethereum itself.
However, the vulnerability existed in a smart contract shipped with one of the largest consumed wallets, Parity.
To top it off, the person who shipped the faulty contract was Gavin Wood, who used to be part of Ethereum's team (he left, wasn't fired) and a big Bitcoin developer.
Ethereum itself is not compromised, but trust in the ecosystem is absolutely fucking shot. We can't even trust some of the veteran developers to look over their code.
This is bad.
>>
>>2826406
0
not one cent more
>>
>>2826374
Get out of here with your logic.
>>
>>2826437
Eth is an absolute shitshow. The only reason anyone buys it is because of fomo sourced from redditors who missed out on bitcoin early. That first hack leadimg to the fork should have been a warning but then there was that status ico which exposed how slow the network is when in actual use and then the recent coindash hack and now this. Absolute joke.
>>
>>2826428
Use a first party wallet which you can download from the Ethereum website. Myetherwallet is known to be very insecure, move your funds away from there IMMEDIATELY.
>>
>>2826465
I agree on most points, except CoinDash. That was completely unrelated to anything crypto, their site just got hacked.
>>
Oh look it's another "thing built for/on ethereum has a security hole but ethereum itself is still solid" situation.
Fake news, Ethereum still new gold standard, FUDDers just FUDing.
>>
Correct but still if its based on ETH just write a smart contract to enforce the address or something. It did eth no favors.
>>
Nice! Just sold 100k Ark!
>>
>>2826727
Yes, and he was also responsible for letting the vulnerability through because it's his wallet.
The two aren't mutually exclusive.
>>
>when the inventor of a new language can't even properly review code written in that language
JUST
>>
>>2826771
>>2826748
>not understanding how development works
>>
>when the system that should run the economy of the future can't handle 1 ICO
JUST
>>
File: DUMP IT.jpg (17KB, 500x333px) Image search:
[Google]
17KB, 500x333px
ETH is a MESS
>>
>>2826790
They're both developers brainlet.
The only one that doesn't understand is you. Letting shitty code through doesn't get brushed off. As technical lead YOU are responsible for fuck ups, not the first day newbie you just let commit a $300m bug.
>>
>>2826790
Charlie Lee wrote that.
>>
New theory
Hacker uses exploit in Bancor contract to Move BAT out of Eth wallets
More and more the Eth alliance is looking more like the blockchain equivalent of Windows
44,000 - 37,000 = ~7000 ETH stolen from Swarm City
>>
>>2826852
>Eth alliance is looking more like the blockchain equivalent of Windows
kek
>>
File: 0PxNRCV.png (234KB, 589x534px) Image search:
[Google]
234KB, 589x534px
>>2826374
>So if i have access to a computer with parity installed on it why wouldnt i just send the eth to my own wallet anyway?
You expose your keys on the local machine so make sure you don't have any zero day exploits on your machine
>>
File: 1500248142064.png (494KB, 654x653px) Image search:
[Google]
494KB, 654x653px
is ETH the biggest tech blunder of our times?
>>
File: 1475415544754.png (28KB, 380x250px) Image search:
[Google]
28KB, 380x250px
>>2826157
Uncle chang what happened to responsible disclosure?
>>
>>2826918
next to linux, yes. don't even begin to look at kernel security flaws over the past 2 years wew
>>
>the only way the mainstream public has heard about ethereum is through security flaws and money lost
really will encourage boomers to throw their 401k in this shitcoin
>>
File: sqbcH1Y.jpg (58KB, 960x842px) Image search:
[Google]
58KB, 960x842px
E V E R Y O N E in this thread is retarded.
initWallet, as the name suggest, is called to initialize a new wallet. You can see the "only_uninitialized" modifier after the function parameters..
No wonder this ICO shit works, everyone is dumb as a brick
>>
>>2827028
I linked to the current codebase. At the time that wasn't there which is why the exploit worked.
It was added in this PR a few hours ago: https://github.com/paritytech/parity/pull/6102/commits/e06a1e8dd9cfd8bf5d87d24b11aee0e8f6ff9aeb that supposedly fixes it.
>>
>>2827028
Lol, retard
https://github.com/paritytech/parity/pull/6102/files
literally fixed 3 hours ago
>>
>>2826951
It was already disclosed. I didn't find this vuln.
>>
>>2827106
Someone did :)
>>
>33million lost because somebody didn't properly scope a function
jesus christ
>>
Another person is starting to siphon wallets now
>>
> 60 replies
> Nobody shares the guide how to steal
>>
>>2827501
Link?
I figured out how WhiteHat is finding vulnerable wallets. Technically someone can race them and beat what they're doing quite easily... they're crawling backwards through the blockchain and looking for vulnerable contract hashes.
>>
>>2827537
It's literally in the OP you fucking retard. Execute initWallet with your address.
>>
>>2827547
> Execute initWallet with your address.
How to?
>>
>>2827556
kys it executes automatically after that.
>>
>>2826253
You're hours too late.
White knights have rescued all the funds.
>>
Why did the hacker only steal $30m? Could have stolen more no?
>>
>>2827635
why would you waste your chance to be a millionaire i don't understand these people, just to be hailed as a hero?
>>
>>2826384
>muh sekrit club
The contract source code was discussed on Reddit minutes after the hack.
>>
>>2827650
> i don't understand these people
You don't understand what it's like to have a conscience? That's a shame.
>>
>>2827650
They're smart enough to know they won't get away with stealing it. They know they'll be tracked down. So they pretend to be helpful and expect employment offers and bla bla bla.
>>
>>2826267
Is this satire?
>>
Did anyone try to steal anything yet?
Thread posts: 74
Thread images: 11
Thread images: 11