WARNING: EtherDelta's DNS record has been hacked. Here is a guide on removing your EOS and other tokens safely.

in #eos6 years ago

I originally posted this on Reddit: ~~~ embed:ethtrader/comments/7l5yi7/warning_etherdelta_dns_system_has_been/ - you can check the original thread for updates. reddit metadata:fGV0aHRyYWRlcnxodHRwczovL3d3dy5yZWRkaXQuY29tL3IvZXRodHJhZGVyL2NvbW1lbnRzLzdsNXlpNy93YXJuaW5nX2V0aGVyZGVsdGFfZG5zX3N5c3RlbV9oYXNfYmVlbi8gLSB5b3UgY2FuIGNoZWNrIHRoZSBvcmlnaW5hbCB0aHJlYWQgZm9yIHVwZGF0ZXMufA== ~~~

Since the last updates it has been confirmed that EtherDelta's DNS configuration was hijacked and currently EtherDelta is pointed to a malicious fake side.

Many users have had their balances drained already.

It was also pointed out that there are ways to directly interact with the smart contract and to remove your funds and so I am highlighting those here.

What We Know Currently:

  • If you haven't logged into EtherDelta at all today, your balances are likely fine.
  • If you have logged into EtherDelta earlier today and successfully made a trade it is likely that your balance is fine but you may want to take extra precautions any way.
  • If you visited EtherDelta but did not input your private key or sign a transaction your balance should be fine.
  • If you visited EtherDelta using MetaMask or Trezor but did not sign a transaction or enter your private key your balance should be fine.

Steps to Recover Assets:

The EtherDelta mods previously posted this guide to interacting with the smart contract without logging into EtherDelta. (Please compare the original guide to the one below to ensure all addresses are the same and that this post has not been edited)

I was able to manually recover my funds via MyEtherWallet and so am posting this guide here. (Even when a mod posts a guide like this, please double check contract addresses are legitimate, use only the official ABI, and only enter your private key to sign the transaction).

Requirements:

  • The EtherDelta contract address 0x8d12A197cB00D4747a1fe03395095ce2A5CC6819 .
  • You'll also need the address of a token which can be found on EtherScan. If you want to withdraw your ETH then use "0" as the token address. You can check the MyEtherWallet Token List for common token contracts.

Step 1: Access the Contract

  • Go to MyEtherWallet and click the contracts tab. (Manually type it in to prevent phishing)
  • Double check to make sure it is the real site and not a phishing copy.
  • Once on the contracts tab paste in the contract address and ABI and then click "Access"
  • A dropdown menu should appear offering you to 'select a function'

Step 2: Gettting your balance in wei

The contract counts all balances in Wei so you will need to query the balance for each token you hold.

  • Select 'balanceOf' and enter the token address of the token you want to withdraw (if you want to withdraw ETH then enter "0") then enter your wallet address and click "Read".
  • This gives you how much you have in EtherDelta, in wei. (1 ETH = 1000000000000000000 wei) Copy this number.

Step 3: Withdrawing Tokens

  • Select 'withdrawToken', enter the token contract address again and the amount of wei that you just copied above.
  • Unlock your wallet with your private key, click "write" and "accept the transaction".
  • The ETH value sent in the transaction popup should be 0, gas limit is filled automatically.

Step 4: Withdraw ETH

  • Select 'withdrawToken', enter "0" for the contract address and the amount of ETH you have in Wei.
  • Click "write" and accept the transaction.
  • The gas should be filled automatically.

Step 5: Just in case - new wallet

  • Just in case you were compromised via private key on the withdrawal wallet, consider making a new wallet via MyEtherWallet and transferring your assets safely to that new wallet.

What Happens Next?

Rumors have been posted saying that this was not a hack and EtherDelta was just changing hosts. This has been confirmed as not true. EtherDelta was compromised.

It is unclear what will happen next. Even if the EtherDelta site seems to be online, we should avoid using it until a PGP signed message from the admins has provided full details and remedied the situations.

#etherdelta #hack #guide
6 years ago in #eos by
$0.00
    1 vote
    Reply 3
    Sort:  
  • Trending
    • [-]
     6 years ago  

    Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:

    $0.00
      Reply
      [-]
       6 years ago  

      Congratulations @adamscochran! You have received a personal award!

      1 Year on Steemit
      Click on the badge to view your Board of Honor.

      Do not miss the last post from @steemitboard:
      SteemitBoard World Cup Contest - Round of 16 - Day 3

      Participate in the SteemitBoard World Cup Contest!
      Collect World Cup badges and win free SBD
      Support the Gold Sponsors of the contest: @good-karma and @lukestokes

      Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

      $0.00
        Reply
        [-]
         5 years ago  

        Congratulations @adamscochran! You received a personal award!

        Happy Birthday! - You are on the Steem blockchain for 2 years!

        You can view your badges on your Steem Board and compare to others on the Steem Ranking

        Vote for @Steemitboard as a witness to get one more award and increased upvotes!
        $0.00
          Reply