/biz/ - Business & Finance

rolling

>>21431230

>>21429475
the obviously fake stuff is what makes it funny. you don't think it's meant to be a completely serious fud campaign do you? it's mostly just people having a laugh

>What is this exploit?
There's a security layer in LINK's source code that deals with storage ticks. Basically, even in cold storage where they're untouched, there's a cache protocol that will occasionally ping public wallet addresses to verify their contents. Unfortunately, LINK has a slightly different version of this protocol in order to make micro-pings for staking purposes. Most staking rewards are going to be really small transfers, so the LINK devs lowered the tick rate for these pings. However, if you're using a hardware wallet, your storage is operating at the NORMAL tick rate, creating a cache gap where someone can use an SLQ% injection to gain access to your wallet. There's already been many posts of Anons opening up their wallets to find all their tokens transferred out to mysterious addresses, losing tens if not hundreds of thousands of dollars.

>Does this affect other tokens in my hardware wallet?
No, as this isn't a vulnerability with the wallet so much as Chainlink specifically. Other tokens, even on wallets that have been affected by the exploit, are safe.

>I haven't touch my wallet in years! Can someone really randomly gain access and steal my LINK?
Sadly, yes. This affects PUBLIC addresses, and these are most likely being chosen at random.

>I have my LINK on a hardware wallet! What do I do?
Either transfer them to a paper wallet (safest), an exchange, or trade for fiat.

>Can this be patched?
Yes, but it will take time. This isn't something that can be done in one week, as it's tied to the security layers focused on staking. These have to be rewritten very cautiously, else other major functions of the LINK source code can break.

>What is this exploit?
There's a security layer in LINK's source code that deals with storage ticks. Basically, even in cold storage where they're untouched, there's a cache protocol that will occasionally ping public wallet addresses to verify their contents. Unfortunately, LINK has a slightly different version of this protocol in order to make micro-pings for staking purposes. Most staking rewards are going to be really small transfers, so the LINK devs lowered the tick rate for these pings. However, if you're using a hardware wallet, your storage is operating at the NORMAL tick rate, creating a cache gap where someone can use an SLQ% injection to gain access to your wallet. There's already been many posts of Anons opening up their wallets to find all their tokens transferred out to mysterious addresses, losing tens if not hundreds of thousands of dollars.

>Does this affect other tokens in my hardware wallet?
No, as this isn't a vulnerability with the wallet so much as Chainlink specifically. Other tokens, even on wallets that have been affected by the exploit, are safe.

>I haven't touch my wallet in years! Can someone really randomly gain access and steal my LINK?
Sadly, yes. This affects PUBLIC addresses, and these are most likely being chosen at random.

>I have my LINK on a hardware wallet! What do I do?
Either transfer them to a paper wallet (safest), an exchange, or trade for fiat.

>Can this be patched?
Yes, but it will take time. This isn't something that can be done in one week, as it's tied to the security layers focused on staking. These have to be rewritten very cautiously, else other major functions of the LINK source code can break.

Watch out anons, there's a super nasty HW wallet exploit that blackhats are actively using to drain wallets of LINK tokens.

Pic related