Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 15:09
    ordian opened #11527
  • Feb 27 2020 15:09
    ordian labeled #11527
  • Feb 27 2020 14:57
    niklasad1 closed #11508
  • Feb 27 2020 14:57
    niklasad1 commented #11508
  • Feb 27 2020 14:56
    niklasad1 labeled #11508
  • Feb 27 2020 14:38

    ordian on ao-github-actions

    initial github actions (compare)

  • Feb 27 2020 13:07
    s3krit synchronize #11525
  • Feb 27 2020 13:07

    s3krit on mp-de-parityify

    sed magic find . -type f -exec… (compare)

  • Feb 27 2020 12:57
    ordian labeled #11514
  • Feb 27 2020 12:57
    ordian unlabeled #11514
  • Feb 27 2020 12:56

    ordian on perf

    (compare)

  • Feb 27 2020 12:56

    ordian on master

    Faster kill_garbage (#11514) *… (compare)

  • Feb 27 2020 12:56
    ordian closed #11514
  • Feb 27 2020 11:22

    ordian on na-engine-signer-dont-use-msg-only-zeroes

    (compare)

  • Feb 27 2020 11:22

    ordian on master

    [EngineSigner]: don't sign mess… (compare)

  • Feb 27 2020 11:22
    ordian closed #11524
  • Feb 27 2020 11:22
    ordian closed #11521
  • Feb 27 2020 10:58
    niklasad1 synchronize #11524
  • Feb 27 2020 10:58

    niklasad1 on na-engine-signer-dont-use-msg-only-zeroes

    forgot formatting change (compare)

Thibaut Schaeffer
@Schaeff
0x49eafa4c392819c009eccdc8d851b4e3c2dda7d0 is HedgeToken
Peter (bitfly)
@peterbitfly
@kaeptnjoda Do you need a list of addresses that use the affected multisig contract? So far I found around 600 addresses holding 200k ETH
Is this the contract?
Peter (bitfly)
@peterbitfly
seems to be, yes
Tienus
@Tienus
https://etherscan.io/address/0xdd76b55ee6dafe0c7c978bff69206d476a5b9ce7 this one isn't affected right? Can't tell since it is not verified.
Jutta Steiner
@kaeptnjoda
@ppratscher actually looking for the people that hold them
to try to get in touch with them, in particular if they are actively using the wallets right now to receive funds, like ICOs
so to stop further funds from getting lost
Tienus
@Tienus
https://pastebin.com/08rXhnAX this appears to be the list
Jutta Steiner
@kaeptnjoda
thanks @Tienus
Tienus
@Tienus
This list only contains the addresses with balances.
Jutta Steiner
@kaeptnjoda
ta!
Peter Becker
@petebeck
any idea what the attacker was doing in all the contract calls following the suicide? looks like they were on a mission but didnt get any ether... https://etherscan.io/address/0xae7168deb525862f4fee37d987a971b385b96952
Jutta Steiner
@kaeptnjoda
Tomasz Drwięga
@tomusdrw
@petebeck We're suspecting that the attacker wasn't really aware of the consequences of suiciding the library.
And later probably tried to drain some of them, without success
Jutta Steiner
@kaeptnjoda
is anyone in touch with etherscan? would be good to get their list...
Peter Becker
@petebeck
@tomusdrw not aware the consequences, but clearly being deliberately malicious
yes would be good to get around the 500 account limit when finding similar contracts
Tomasz Drwięga
@tomusdrw
@petebeck yup, seems so
Peter Becker
@petebeck
the blog post is a bit misleading. it suggests different users called initWallet and suicided the library. it was the same account by the looks of things. Not sure the word 'accidentally' belongs in there?
Jutta Steiner
@kaeptnjoda
paritytech/parity#6995 : therefore the "accidentally"
A. F. Dudley
@AFDudley
The person who killed the library made an understandable mistake.
I can easily see myself doing something similar.
I would never imagine that I could kill a contract I didn't create so i'd be fairly aggressive in calling something like that.
At least the hardfork is "trivial" to write for fixing this.
Peter Becker
@petebeck
@AFDudley an understandable mistake? calling initWallet, then calling kill, then going an a rampage of contract calls?
sounds fairly deliberate
A. F. Dudley
@AFDudley
Where did anyone say it wasn't deliberate?
Peter Becker
@petebeck
@AFDudley mistake implies unintentional doesnt it?
@kaeptnjoda ok got it, just seen github comment, makes sense. apologies, perhaps they were going on a rampage trying to find a solution.
A. F. Dudley
@AFDudley
the consequence, yes, the actual steps, no.
As one does when they realize they just lost a lot of their own money and probably 100s of millions of other people's
Peter Becker
@petebeck
yip - my bad. jumping to conclusions. sorry to the chap that did that, cant imagine how you are feeling
devops199
@devops199
:(
danielwalton
@danielwalton
when I scan through the blockchain I'm finding that there are missing logs in the middle
or events.
Artem Pikulin
@artemii235
I have written small script and captured all balances of affected addresses from this pastebin: https://pastebin.com/08rXhnAX. Balances and total here: https://pastebin.com/auYnE9vL
Over 900k ETH total - 270M USD.
Cody Burns
@realcodywburns
Including tokens?
Artem Pikulin
@artemii235
No, it's only ETH balance.
danielwalton
@danielwalton
..you would have had to create a multisig wallet though right?
Artem Pikulin
@artemii235
It's a bit more complicated to get all available tokens balances of these addresses.
danielwalton
@danielwalton
standard accounts are ok?
Tienus
@Tienus
That list is incorrect
It has 2 duplicates
0x376c3e5547c68bc26240d8dcc6729fff665a4448 which contains 114939 ETH and 0x3bfc20f0b9afcace800d73d2191166ff16540258 which contains 306276 ETH
Artem Pikulin
@artemii235
Well, yes, then it's "only" 500k.