If you hold any of the coins in this image, you better sit the

>>2836956
they is very good coin, yes

please stop FUD

File: liskdev.png (147KB, 2262x340px)

147KB, 2262x340px

>>2836956
Here's the EXACT code to show you, because I'm sure the flood of "ARK SHILLS" is gonna come streaming in. Anyone who can read code can verify this for themselves. Here's the code shared between ALL of these coins:

LISK/SHIFT/RISE Web Wallet:

Login and check your POST request, your key is in plaintext
https://login.lisk.io/
https://wallet.rise.vision
https://wallet-old.rise.vision
https://wallet.shiftnrg.org/

for shift the relevant code is here that actually sends the data, you can dig up the others it's identical because they're all clones of each other:
https://github.com/shiftcurrency/shift-wallet/blob/4a6e58fc09a0111217163ae85a946ab8ca388d20/js/controllers/passphraseController.js#L33

LISK-Nano:
Broadcast endpoint
https://github.com/LiskHQ/lisk-nano/blob/9bcae1d8a9a42ba9135f2b606a2e1d2ef7e68fbd/src/utils/api/peers.js#L34

Calling the endpoint and passing your private key
https://github.com/LiskHQ/lisk-nano/blob/9bcae1d8a9a42ba9135f2b606a2e1d2ef7e68fbd/src/utils/api/account.js#L24

LISK-Nano is a "light" wallet and doesn't host a node on localhost, so the key is broadcast in plaintext.

SHIFT doesn't even have a desktop wallet.

RISE has no desktop wallet, but they're working on an ARK clone desktop wallet, which is SECURE. However, the web wallet is not.

If you are holding these coins and have ever used the web wallet or the official API, you are compromised.

If you are a DELEGATE on any of these coins and have sent ANY transaction out, you are compromised.

The second passphrase feature of these coins does the same thing - your second passphrase is sent in plaintext to the dev nodes so they can sign and broadcast.

LISK is primarily to blame for this. They knew about this for YEARS and did nothing and didn't care (see screenshot in next reply).

Buckle up, it's gonna be a bumpy ride.

Image is LISK claiming it's "not a bug" to have your private key sent out, because "they encrypt it". They don't think this is a problem.

So you're saying short this shit right this second?

>>2836966
Friend, please stop the lies spreading

File: lisk_negligent.png (189KB, 897x434px) Image search: [Google]

189KB, 897x434px

>>2836966
>>2836956
Image of Chang's conversation with the lead ARK dev, who claims that LISK was notified and does not care.

>>2836962
thanks rakesh

>>2837026
I m not a rakesh, please

Buy ark it will moon

File: rise_lol.png (19KB, 659x240px) Image search: [Google]

19KB, 659x240px

Here is an example anyone can do. Go to any of the web wallets, and login. Now press F12, go to the network tab and search for /accounts/open, and scroll down to "request payload". You will see your private key in plaintext, being sent over to their website.

LISK, RISE, and SHIFT all do this.

This is likely why ARK does not have a web wallet. The entire wallet would need to be rewritten to use client-side crypto in order for it to work. The devs were too lazy or simply didn't care that you send them their keys each time you use the wallets.

Is very good coin will feed family

Buy RISE and LISK. They are good, unlike ARK

>>2837046
Yes, this man has the correct thoughts

File: 1496104596010.jpg (8KB, 200x156px) Image search: [Google]

8KB, 200x156px

>>2837034

>>2837041
Will go all the way to Jupiter, buy ark on bittrex

>>2836966
Honestly this image baffles me.

They really think encrypting the data solves anything? You're still sending off your private key to the devs. A rogue dev or sysadmin can easily empty everyone's wallets if he wanted to.

this is what happens when webshits think they can (((program)))
you can see how shit LISK is from a mile away even before this
brainlets will deny this

>>2837070
Oh and DNS poisoning

File: waifu-16.jpg (41KB, 452x473px) Image search: [Google]

41KB, 452x473px

>>2837034
check the discord im about to post all the keys in 2mins

You guys better listen to the OP. He seems to know what he's talking about.

Plz buy ark guys together we will moon to past the moon

>>2836956
Thanks. The only reason I haven't withdrawn my shift from bittrex to the online wallet was pure laziness. I was probably going to do it in the next couple of days, so you've potentially really saved me there. Although this does make me wonder whether I want to hold it at all.

Thank you moon man & uncle Chang for doing your due diligence and keeping /biz in the loop!

>>2837084
He is a stupid man

do not listen

806e0c3e205f49efa794b1fbd252fd4b
9387c7225d094075a95c31440762144d
6c5885c9c55947d4913fe61d4656792d
b4df48500641468796926e7637c0e06e
365e9cdd203e4a23b0f93cfb666d55d0
8df5124356df42d1b80ad75668c39f30
73cf8735d30f4a51b7a72a532a6aea29
4413ff97b4c446418910302a6f20123f
5443ff855f8f46c789d132e0511e8247
854d97a0b66d4c7bb7a64a16a4265f27
231bd7063c4741818b756454f6bfd3df
12fb8e8bd1524b29833731e28cfbb5b3
0cce3ecf319b445ea841e22e6c660b53
653c0abf18ac4ab096c1abead5392033
33b541c846a649d2afa3a76363d9f298
561034f37be741f19fd78625e601cf43
6b2ee254ad8141c5a2bfa84c58ab276b
7955a65b60984f6e981a500596400503
0d210a13c24a423e8a08940b1c1dfe27
887b13500cd84b58b158f601862d9cd4
4e684499244b4619a6c1f4d9fce14b88
1d22170009204c65bfcbf6550f846662
0e2a26afe5d042cf83e339ee266866e1
5581b2bdcbd342d9a534f7034977f2e9
822b658e1b20419cabaf0f31fce26282
381c8b16788249c59f40f1c21dc28526
775a26c074b841bbbd456b34a896eb96
83252d57c93c47dd883d46b45e13fcd3
52ee856e42ee4c5788175a5b212838ce
f29a65dfe2594f5484a7a9606b2b32ed
49b58f20fef14d36b05c530215289fff
c4edfee7f1ee45538dce3f2bee7c6215
dc3a7d9c1630467c8907c8d995af110d
8a2e8e313c244bfab05ff6d47648aef3
c6978b18227e4f4db4ac1099af458ccb
20f4045945f7458fbd6e043087252816
45a713ec4769440abce04ef88704381f
52ecadb05df54df1bfdbee22d7493db0

>>2836969
How the fuck do you short this??? What exchange offers margin on shitcoins?

Thank you based moonman and Chang for posting this

Bump people need to see this

I'm just over here trying to eat my newly opened bottle of glue.

Can someone explain to me what is going on?

>>2837166
Shift, rise, lisk devs have most people's keys. It's probably not malicious and is just gross negligence, but a simple dns hijack or a rogue dev could literally clean out the entire network.

hmmm... why wasn't the FUD this intense for LSK and SHIFT then?

why did u goys let LSK get to $250mil market cap???

>>2837184
***$400mil market cap peak

>>2836956
Hahaha, I wonder if the devs have realized that yet?

>>2837184
We're not the first ones to sound the alarm on this.

Perhaps the latest and loudest but certainly not the first ones. Francois, the Ark dev, sounded it a long time ago.

>>2836956
thanks will try to use this to steal lisk
can you guys help me make it work?

>lard faggots making these FUD posts about small caps
>doesn't remember that millions of ETH got stolen and the network get compromised almost weekly

keep trying faggots. you will not stop the RISE moon mission. :)

>>2836956
hopefully secure coins will increase because ppl will just accept that buying gay shitcoins that are used for nothing is pointless

>>2837034
I see, so rather than create a transaction and just send that, they have you send your private key instead?

>>2837241
>given evidence yet still shoves his fingers in the electrical socket anyways.

>>2837264
When has /biz/ ever been right?

Whatever biz shills, the complete opposite happens.

>>2837262
That's exactly what happens.

>>2837262
Yup.

>>2837277
Stage 1: Denial

>>2837278
>>2837180
I'd call it centralized. What you're talking about is more like a problem crypto is supposed to solve. For instance, Credit card data has to be sent through a Post request, you can't work your way around it. With that in mind you have to be careful of every single site being secure with your CC info. Generally, they state they don't store the data, but you can't really know for certain.

However, with crypto you shouldn't have this problem and it shows a clear laziness on the part of the devs.

File: 2017-07-20_213225.png (8KB, 224x93px) Image search: [Google]

8KB, 224x93px

>>2837241

>>2836956

I like how you think we're supposed to know who you and your chink friend named Chang are.

>>2837277
ETH

>>2837377
They're the biz_classic delegates...literally be here less than two days and you would know that.

>>2837377
>not knowing about HWNDU
>not knowing about the biz_classic delegate

>>2837377
Lurk more, newfag

>>2837365
The problem is this extends past laziness.

Every coin that forked off LISK is vulnerable only because they didn't bother to check or fix their code either.

If one dev goes rogue he can kill the coin's price and even render the entire network unusable (because delegate keys are compromised too).

If ANY of the main servers EVER get hacked, it doesn't just become a "small website hack". It becomes a looting spree where everyone logging in would have their keys stolen.

There's a reason web wallets are unsafe and should never be used. In this case, the problem is two-fold because now not only are you susceptible to hacked javascript payloads, but the code to farm your keys is already there by default.

>>2837446
So, as someone who has 10k RISE in bittrex, should I count my losses now and get the fuck out?

I think the question on all our minds is are you guys gonna go public with this?

We could actually organize a mass biz Exodus from those coins into a nice healthy ark pump.

>>2837482
Personally, this type of negligence would lead me to stay far away from any of the three coins.

LISK is the biggest offender here.

RISE is releasing a s ecure desktop wallet that's a fork of ARK, which is safe to use.

You'll have to make your own read. Just make sure you never touch the web wallets until it's confirmed fixed, and don't touch anything claiming to be a "light" wallet from any of the 3 coins.

The problem comes in if a dev goes rogue later down the line after this is fixed and the delegates or whales haven't moved their coins. They may have those wallets and delegate keys forever. That's not a good look. It means any of the three coins could potentially die at any moment in the future due to an attack by a former dev or DNS hijacker.

>>2837510
I'm not here to shill ARK. I was actually having some issues with the ARK community myself but mostly with the community managers (cannabanna in particular) and general hardcore ARK shills that refuse to listen to criticism.

Then I started investigating and it turns out ARK is the safest of the javascript based blockchains, which I had a nice laugh about.

ARK has a very specific purpose. If you're gambling on technology then ARK is bought because of smartbridge. If it's "javascript blockchains" you're gambling on, ARK is your coin.

I wouldn't make ARK my only hold. I hold a spread of the top 5 and ARK is my "shitcoin" pick because I think it might evolve out of its shitcoin status, especially after realizing their devs made the right choice with user security here. Though I do have more ARK then other coins except BTC/ETH.

Do your own research.

HOLY SHT ANS JUST ANNOUNCE THEIR PARTNERING WITH GEORGE SOROS 50BIL MARKET CAP HE IS INVESTING 100TRILLION DOLLARS CHECK IT OUT LIVE NOW

https://youtu.be/3r5byXcQMGg

bump this is some big shit

Where's that whale that shilled RISE here a few days ago?

>>2838103
hey

>>2837879
He was doing it just yesterday, lmao

We should spread this on reddit

>>2838263
kek, /biz/ FUD never works

>>2837526
>be dev
>secretly store keys somewhere
>quit on good terms
>2 years later
>move to country without extradition
>steal all the LISK
We don't even know if this plan isn't already being implemented.

Isn't this the guy who hacked eth?

File: 687689767.png (12KB, 671x197px) Image search: [Google]

12KB, 671x197px

lmao. Moon man really did trigger some fagets here

>>2838979
Pajeets in the wild

File: Screenshot_20170721_083606.png (23KB, 1584x115px) Image search: [Google]

23KB, 1584x115px

Official developer response.

tl;dr
They knew about it and that's part of the reason why they are switching to Ark-Hybrid.

>>2839097
It doesn't matter that they knew because unless every single person changes their keys they'll still have them.

They're going to be forever vulnerable until they change their keys.

Idiots.

>>2839142
The old wallets don't matter anymore anyway, because it should all be on Bittrex. For the new wallets which are all empty too right now, they can issue a notice.

Rise is in a better position than Lisk or Shift at least.

File: crash_happy.jpg (50KB, 858x834px) Image search: [Google]

50KB, 858x834px

are you telling me that my private key is in plain text in an http post request, with no encryption beyond basic https? wtf

i got some lisk at ~90k sats, its at 72k, not sure I want to sell at a loss, but I do think it's wise to get out at some point.

>>2839213
>are you telling me that my private key is in plain text in an http post request, with no encryption beyond basic https? wtf
Yes.

Up to you if you want to sell. Chances are only the devs received your keys but that doesn't make the situation any better.

>>2839226
since im a crypto idiot, what is the usual way things are done? Suppose we take BTC, and I do a transaction, I'm assuming my prviate key is not included in any html?

>>2839234
You create and sign the transaction locally with your private key. That signed transaction then gets sent out into the network. Your private key never leaves your computer.

Products like the Ledger Nano take it a step further where your keys are stored on the USB device itself and never even touch your computer. Your computer passes it a transaction to be signed, the ledger signs it, and gives it back to your computer to send out.

>>2839245
does the network have a record of my private key, or how does it verify the signature on the transaction?

>>2839264
>how does it verify the signature on the transaction
Crypto magic.

https://en.wikipedia.org/wiki/Public-key_cryptography

https://stackoverflow.com/questions/454048/what-is-the-difference-between-encrypting-and-signing-in-asymmetric-encryption
>When signing, you use your private key to write message's signature, and they use your public key to check if it's really yours.

>>2839264
That's the entire point of crypto. Only you hold the key. The network sees your signature is valid and can prove it belongs to your key without you ever giving your actual key, that's how public-private cryptography key pairs work.

In this scenario, you aren't the only one with your key, because the devs have everyone's key as well.

Wow. Just wow
Imagine having bittrex keys, you wouldn't even need any other wallet

>>2836966
Holy duck6

Wtf is this shit. I own Lisk

>>2837556
Okay, I can respect that. But don't people need to know about this?

File: isabella.png (12KB, 399x77px) Image search: [Google]

12KB, 399x77px

So the LISK dev is in the RISE slack answering questions. When asked why all the web wallets aren't secure, her response was "we were going to get rid of them but didn't yet...."

File: IMG_1961.gif (2MB, 412x229px) Image search: [Google]

2MB, 412x229px

>>2837556
Covert Ark Shill

>b-but I'm on y-your side

MUH ARK

>>2839443
you guys should become consultants, coinsultants
such faggotry by devs is unforgivable and should be punished by spreading the truth, after all it's money we're talking here

I only have €30 worth of rise so it's not like I'm going to die if I lose it. Thanks for the info through

OK, after speaking with the dev, we were wrong about one thing, and that's lisk-nano. It still contains the deprecated endpoints that are totally insecure (no clue why they aren't removed yet), but if you're using the end user desktop wallet, you're fine.

If you've ever used the insecure API or any web wallet at any point, your keys were transmitted. Hopefully the web wallets get removed ASAP and SHIFT/RISE are forced to release a proper working wallet.

bumpo

>>2836956
I didn't like LISK from the moment I first saw their marketing. They give me a Kohny 2012 vibe.

So how do i make money out of all this?

>>2839460
Yea they should become consultants alright, sultans of the con. I joke fellas, you guys are alright, you guys should do a weekly crypto vlog.
>>2837034
I find it hard to believe they can be this stupid, its like they did it on purpose.
>>2837446
>The problem is this extends past laziness.
Or its something sinister, doesn't matter, it is all sorts of retarded that they're aware, doing nothing about it and giving half ass mickey mouse excuses. Get this to plebbit young fellas, the world needs to know.

>>2840202
Exactly, that is why the lead dev went to ARK

File: Moonmanhimselfladehsandgentlemens.jpg (20KB, 400x400px) Image search: [Google]

20KB, 400x400px

>>2836956
Based Moonman hunting the cryptojews.

fudding arkies itt! dont listen to them cryptoniggers. lisk about to go to orbit and i cant wait to see the delicioys tears of bag hodle arkfags. lol nice try

>>2840286
Shitting on those coins and shilling ARK as the safer alternative.

Is NEM Nano Wallet secure?

>>2840456
NO HE WAS "FIRED"!!!!!

>tfw NEET 4chanrs don't know that "dismissed" also means he resigned out of contract.

Yes good, but how do I profit from this?

wait

people actually store shitcoins on wallets?

>>2836956
Lel I am aware of this since the launch but they don't care. The real shitshow they avoided was at launch when everyone started to use the web wallet, their servers were crashing, and you had anonymous people just hosting web wallets for others. Of course they just had to check the logs to scoop private key from all people using their web wallet. Told them about it and they didn't care. Thankfully nothing bad happened, but those coins really are a joke scalability wise.

>>2840456
tfw you find out that Francois was actually fired from Lisk...

>>2837793
>bed]
hahahahaha

>>2836956
Lol, whale Jews trying to squeeze every last drop out of the dip before going back up.

Why would you even use a Web wallet?

Not gonna lie, former Lisk holder here. This is fucking hilarious watching List crash and burn. But in all seriousness we can't let these devs get the private keys.

>>2841469
Kek I remember when Lisk was all the rage on /biz/.

I feel like if I wanted to create a scam I'd do the same thing these guys are doing.

shitcoin

Fuck, I bought at 120k sats

Any other source other than you claiming this? Can this be verified by anyone in the scene with an actual identity and authority?

>>2842832
the devs admitted it. You can see it for yourself. How to was already described in this thread. The coide is open source.

OPEN YOUR FUCKING EYES YOU IDIOT

>>2837046
>>2837041
>>2837032
>>2836962
>>2836987
>>2837113
Cancer

File: byebye.png (27KB, 1867x161px) Image search: [Google]

27KB, 1867x161px

oh shit, I guess I will not be buying back into Lisk. Sorry fellas.

File: Liskwhalegone.png (30KB, 1649x173px) Image search: [Google]

30KB, 1649x173px

>>2842933
oh and btw I made 11 btc from ya on the way down so thanks for all the <><

Good work Moon Man and Uncle Chang, we're proud to have you.

Just dumped all my LISK

Still keeping the SHIFT though

File: 1500663763824.png (440KB, 825x954px) Image search: [Google]

440KB, 825x954px

There should be a discord for this sort of thing.

>>2842987
envy here, how big are you anon?

Big FUD

If this was real it would have crashed

>>2843321
The world is our oyster. I started from the bottom now I'm here. Believe in crypto and you can be here too.

>>2843425
yeah, I know but coming into the game in Q2 2017 I feel I've missed many an opportunity even though I've been aware of crypto since 2012 or so
still, my puny 1.9 BTC is much better than 0

>>2843425
Any advice/hot tips for people coming in?

>>2843184
As I understand it, SHIFT is vulnerable too.

>>2843453
stick with it. many of us "whales" were nobodies in 2009-2011 and you are not late, you are still very early anon. Most people did not use the internet until it was out for a decade or more and the real money makers didn't show up for even longer. Don't invest more than you're willing to lose and make every loss a learning opportunity until you are winning. to be real, it may take years like us but if you want it, that's what it takes.

>>2843184
>>2843474
Shift is worse because it doesn't have ANY secure wallets lmao

>>2843343
You can literally try it yourself. Denial isn't helping anyone. Coins called "useless token" raised 65k and this is what surprised you?

The author is clearly trying to say buy ark, this has never been hidden in fact, I've told people to use official wallet because of this, but client side signing coming very soon. Your security is always based on the server your using, let's say I break into arks hosting server, change code for local wallet to send me your key. Obviously the lisk, shift, and rise servers have been very good for some time, and anyone can run a local wallet easily if they choose, tell this stupid ark pumper to shut up.

Shift has https://wallet.shiftnrg.org

>>2843758
>parity has also been very good for some time

>>2843774
Which sends your key to them.

>>2843758
*whoosh*

>>2836956
I remember back around January/February 2016, when ETH was rising to $5 or so, the LISK shills showed up. The irony lol, who here lost shekels on lisk?

>>2843969
>>2843969

I had some LISK as an investment for my mother.. Lost like 30% on it

Sold and bought some ARK, NEM and AdEx instead

>>2842832
Did you even read the thread? We posted actual conversations with the devs AND included instructions on how you can verify this for yourself.

>>2843184
Shift is the worst out of the 3. Lisk-nano is safe now.

>>2843774
The entire point of this thread is to tell people NOT TO USE FUCKING WEB WALLETS YOUR KEYS GET SENT TO THE DEVS

Sold it. Back to BitBay. See you faggots on the moon.

It's no surprise op fails to mention you can run a wallet for any of them locally

>>2844042
You can for Lisk using Lisk-Nano.

Not for RISE or SHIFT though. Are you privy to information that isn't publicly available?

>>2844042
How heavy was that goalpost?

Well I would say your 50% right, but your wording is very misleading

>>2844042
It isn't advertised anywhere, and you'd have to dig through their github and use half broken code.

SHIFT is available and should theoretically work if you setup a local node.

RISE is online only - their github contains the online wallet code, but there is no way to actually get it running offline because the uploaded code is incomplete (the entire transactions controller is not usable and is commented out).

LISK is deprecating their web wallet soon after I pointed out these issues.

Go ahead and pretend that normal people know not only HOW to compile and run the local nodes, but also to even begin to do so when none of the websites advertise them as being available locally and just direct you to the insecure online logins.

You've missed the point entirely or are just blatantly doing damage control.

You can use local wallets on any of them, when you login to bittrex, your information is available to devs there, should you not use any of this stupid internet crap?

>>2844098
What was misleading about my wording? The web wallets are the de facto standard and what the majority of users use. SHIFT literally advertises the fact that they're "online only" and that the wallet is the only one available. As I mentioned, you'd have to sherlock your way through github to even realize that the code can be run locally.

Theoretically all of these coins can be written to run locally, but are you going to be doing that from scratch? No, so why do you expect normies to know what the fuck they're doing?

I didn't say the coins were fundamentally broken, I said the web wallets were.

>>2844115
You're still not getting it.

SHIFT HAS NO LOCAL WALLET.

LISK only JUST introduced a secure local wallet, with their web one still being insecure.

RISE HAS NO LOCAL WALLET, and the code for their online one doesn't even WORK if you pull it from github.

What if I tell you I can get you running a shift local node with 3 terminal entry in Ubuntu?

>>2844115
>when you login to bittrex, your information is available to devs there
And that's why nobody should ever keep their crypto on exchanges either. See: mtgox, mintpal, cryptsy.

>>2844133
What if I told you nowhere is it advertised on SHIFT or RISE's websites that you have to run your own local node to be able to send transactions securely?

What if I told you all the links to "Wallet" on their sites point to their insecure web wallets?

What if I told you normies have no idea how to work a terminal or have any idea why they would even want to run a local node?

>>2844133
I never said you couldn't. Try actually reading my posts.

Again, your wording, you don't have to run it locally, just use https://wallet.shiftnrg.org, or if you don't have faith, shiftnrg.nl has a lot of useful info

>>2844169
faith is a scary word in crypto

What if I told you normies have no idea how to work a terminal or have any idea why they would even want to run a local node?

If that's the case, what are you trying to prove.

And it's as secure as most any website

FUD: The Thread

>>2844180
>If that's the case, what are you trying to prove.
>And it's as secure as most any website
In what universe is giving a 3rd party your private key a secure thing to do?

I also noticed you don't know how to quote or reply to posts. Are you a SHIFT or RISE shill that got linked this thread from their slacks?

File: Selection_291.jpg (224KB, 878x846px) Image search: [Google]

224KB, 878x846px

>>2844169
>you don't have to run it locally, just use https://wallet.shiftnrg.org
Are you fucking retarded? The web wallet is exactly what we're railing on.

In what universe is giving a 3rd party your private key okay? Especially in cryptocurrencies?

>>2844185
There are multiple screenshots with proof in this thread. Here, have another.

The next update will be client side signing to the wallets, it's obvious these servers were kept secure, or else lisk, shift and rise wouldn't exist anymore, web wallets are much better to the average user in my opinion, but again it's easy to create a local wallet, this guy is a ark pumper :p

>>2844235
You shouldn't even be in cryptocurrencies if you're trying to normalize giving away your private keys to a third party. You're actually harming cryptos by advocating improper behavior.

Chang's right. It doesn't matter if local signing is implemented in the future. That insecure transaction sending code should have never been written in the first place. The fact that it was written means the devs are probably incompetent or have no background in security.

Also everyone who use the old wallet must now change to a new address for their own security. Great job.

You shouldn't even be in cryptocurrencies if you're trying to normalize giving away your private keys to a third party. You're actually harming cryptos by advocating improper behavior.

I really said the next update it will be fixed. And they kept the servers secure, I never advocated this behavior. And I'm sure if shift had a what 7 million dollar ico to fork a coin, it would've been fixed a long time ago

Holy fuck what is it with the amount of sheepheaded shills in this thread.

You get proof that your shitcoin is an insecure mess and what do you do? Stick your head into sand and pretend everything is cool, "just trust me bro".

Retards.

What do you mean, like I said this was never, ever a secret like you make it out to be. Go read through shift ryver, tons of warnings, you just want to capitalize here like your some sort of genius.

>>2844323
I knew you weren't from here when you didn't even know how to reply to or quote posts. Go back to ryver and stay there.

Quit shilling and blame your devs for forking a project and launching a new crypto before looking through the code for an obvious security hole.

Also this: >>2844274
All your wallets are now compromised by definition and you should make a new one with a key only you know.

>>2844323
What does it matter if your little chatroom had warnings?

Do you see any warnings on the SHIFT website? I don't. Your devs misled people into a false sense of security by pointing them to use a web wallet they knew was insecure.

>>2837377
No, we know who they are, newfag.

But what if the website is secure, you don't say it but they could log your passphrase if they wanted, but I would say they don't, instead they spend their time working as you can tell

File: Selection_291.jpg (11KB, 132x73px) Image search: [Google]

11KB, 132x73px

>>2844376
You're an idiot if you think transmitting your private key to anyone is a harmless behavior to encourage.

And look what's this? Other SHIT web wallets linked on your subreddit. What's to stop anyone from setting up their own SHIT web wallet and shilling it to your bagholders and then running off with their coins? After all, you guys have all been trained to trust web wallets.

>>2844323
>I-its okay guys, we're not just incompetent, we're also willfully negligent!

>>2839264
You invested in crypto but don't even know the most basic things about it? Are you a fucking idiot?

Well when you guys can prove it not safe post it here, until then you guys are full of it, yes maybe it is bad practice, but it's being fixed, and also pretty probably safe as we don't see anyone running around saying they lost all their lisk/shift using official wallets, cheers :)

>>2844486
You don't understand anything about cryptography and security. Go back to your shill chats and stay there. This is poor practice on part of your devs and you should be just as outraged as we are that they pushed insecure web wallets onto you and everyone else who bought their coin.

>>2844486
Safe means that they can't be stolen, not that it hasn't happened yet. Sending your private keys to someone else isn't safe.

>>2844486
Read the thread you shill. Moon and Chang both posted screenshots of your private key being sent out. That is insecure by definition.

Like I said bad practice, sure, but we all trust https everyday for quite a few things, do you consider all of them insecure?

>>2844575
https isn't invulnerable because its proper function depends on the environment so no it isn't 100% secure
you also don't want someone like devs (=their employees!) having potential to access to your keys; trusting people not close to you is a surefire way to get buttfucked

>>2844575
Do you even know how HTTPS works? Do you know what happens when a website's SSL private key for HTTPS gets leaked? People freak out and instantly revoke the old certificate while they get a new one because whoever has their stolen private key can now impersonate them anywhere.

How is that any different from your own private key to your wallet getting "leaked" to a third party?

Stop trying to downplay this because you dumped a bunch of your own money into a shitcoin before doing your research.

Well shift devs control 1000000 coins, enough to crash the market, I don't see that changing before client side signing, so I would say just switch keys after the fee is very cheap. All is good :)

>>2844631
Just stop arguing with them. I read the Slack conversation and man... there are some delusional retards. Wouldn't surprise me if it's one of them.

I mined my coins, thank you
And https is crypto
And like I said this was not a secret
If I knew nothing about crypto I wouldn't be here

>>2844676
Delusional shill

>>2844676
The fact that you think having your private keys leaked is not a big deal shows you know nothing. Go away shill nobody's buying your bags.

As far as you or anybody can tell no private keys have ever been leaked, that's my point, your is they could be. Both valid, but your selling your side like it's definitely going to happen, and my point is it's been a long time and never has.... And it's being fixed, which you definitely don't want to hear because then you will have to say it's good, and the point of this article is to prove they are bad, and ark is good

>>2844727
When have I ever even mentioned Ark. You're just salty your shitcoin has a fundamental security flaw. A flaw, as someone put, should have never existed in the first place because any dev worth their salt would've refused to write code that takes other people's private keys.

Your devs wrote shitty code, or forked shitty code without first checking what they forked before releasing their coin. That says something about the brainpower behind your project.

>>2844727
Every private key has been leaked. Having them in the hands of someone that isn't you counts as leaking. And even if they stop collecting private keys, they'll still have all the ones they've gathered so far, and by extension all those coins. If you're going to hand one server total power over your currency, why are you in crypto? Just stick with paypal, since clearly you don't mind getting fucked.

When shift moved to lisk it's because we didn't have enough hash power and we were getting 51% attacked on our eth chain. We had a decentralized internet based off zeronet, you can see it on GitHub, it was functional. Lisk is a much better codebase and client side signing is a must anyway. So Give me proof the devs are saving the keys.

>>2844788
You don't have proof that they aren't. Which is why all your keys are to be considered compromised. Keys are never supposed to leave you. When they do it's considered a leak. Your devs fucked up deal with it. Own up to it. And stop trying to downplay this massive fuck up.

I'm not down playing anything, what's there to own up to, nothing has happened, the cure is coming, and the official servers have always been secure by web standards, your holding this to a higher standard, I get it, but what is the point of this? Is it to point out a bad practice that has been dealt with very well while the fix is implemented or to flame the coins and their dev teams?

>>2844874
I'm guessing by your logic cigarette smokers don't have to worry about getting cancer because they don't already have cancer.

4chan doesn't have trolls

File: 644282_10151641986753434_426794185_n.jpg (11KB, 261x203px) Image search: [Google]

11KB, 261x203px

>>2836956
>ARK bag holders have gotten THIS desperate

>>2845088
I was always weary of ARK because it was clearly a LISK clone but this issue is pretty damning. at any point a LISK dev could capture these details and drain a wallet. you drain just one or two wallets, run off with the cash, and nobody will believe the person who claims to have been robbed. I don't really think this is just ARK shilling.

>>2844874
>>2845088
Keep holding onto your shitcoin

>>2845088
>>2845094
As Moon said, we originally found the insecure endpoint in ARK. I then talked to the Ark devs and they said it was deprecated since day 1 and not used in any of their libraries. It was only there because Ark forked from Lisk.

We then went down the rabbit hole and found other coins that forked Lisk (SHIFT, RISE) and were actively using the insecure endpoint so we raised the alarm.

This isn't about shilling one coin over another. This is about drawing attention to a glaring security hole in several cryptos.

>>2845214
Just tell me where to put my money, senpai.

>>2845214
At least RISE hasn’t swapped to the new chain yet so they can fix the problem before it becomes wide scale like for SHIFT and LSK.

Ralf SFri 5:27am
more_vert
Hello @here,

Some of you mentioned this post about a warning for LSK, SHIFT, RISE.
>>2836956

There is no reason to panic, we are aware of that API endpoint and the security risk this could cause. They do have a point, and it is important to repeat: ALWAYS use the OFFICIAL https wallet, if you are not running your own node!
No need to say that we NEVER log input. Some users who lost their keys wish we would though.

We do have a fix for this, to be released in the next wallet update. Where we don't use this endpoint at all, and sign transactions at the client side to broadcast to our main nodes.
That way your private keys are safe, because they aren't sent at all. You can compare it to the way MyEtherWallet works.

We hope this explains the case and answers your questions.

>>2845266
>ALWAYS use the OFFICIAL https wallet
That is fucking retarded. They SHOULD NOT be recommending people use ANY wallet that sends private keys to ANYBODY. The fact that you don't see this is baffling.

>>2839264

your private key is based on a math problem with no simple solution; therefore, the only ways to know the answer is to 1.know the answer (IE, private key) 2.guess (but the liklihood of guessing is absurdly low, 2^256 which is about 1 in a quinvigintillion.)

>>2845266

You fail to understand the most fundamental thing about crypto security.

>>2845214
Thanks for looking out, Chang and Moon.

>>2845266
The devs should not have released their coin until they've vetted what they forked and created their own desktop wallets. They're incompetent. There also aren't any warnings on their site that their web wallet sends them your keys.

Btw look up DNS poisoning if you think only devs can have access to the server that's receiving your keys. Go shill your shitcoin elsewhere.

>>2837377
ive been here forever and dont know how those fags are so yea i agree . fuck this nerds. wheres my money

>>2844376
Anyone snooping your network can intercept your post request and take your private key and steal your shekels.

>>2845491
exactly. any fag with a wifi pineapple could be intercepting your keys easily.

If they are using a WIFI connection, anyone who was listening in using wireshark could literally see the plaintext as they send it without even needing to host the actual wallet.

File: baaby.png (38KB, 166x166px) Image search: [Google]

38KB, 166x166px

>>2845523
Like in Silicon Valley. :^)

>>2845523
Yes and https means nothing when things like sslstrip exist.

File: hackerman.gif (967KB, 494x274px) Image search: [Google]

967KB, 494x274px

>>2845551
yes. this man will pwn you.

I don't do denial, nor am I sentimentally attached to my investments. After reading this thread I just now sold all my SHIFT holdings (which to be fair weren't particularly enormous) at less profit than I'd planned.

Thanks very much for the heads-up OP.

To all the freaks arguing that this isn't true or doesn't matter, please never change. I couldn't get rich without the stubborn, self-defeating irrationality of retards like you.

>>2837556
That guy can be immature as fuck on their slack site
Otherwise I'm a fan of ark.

https://paperwallet.shiftnrg.nl

LIsk Nano uses liskjs which signs everything locally
But they probably didnt bother looking at the code for how it operates and just assumed its the same