/biz/ - Business & Finance

>>7162328
>hand rubbing intensifies

>>7162328
>tfw all I had to do was read the code to make 1 million dollars

can confirm this is true

232 Ethereum guy here. I hired the Russians to make this happen, you stole me first, though. You know what they say, it's no crime to steal from a thief.

>>7162448
kek id laugh my ass off if this is what happened

>>7162388
>shoulda paid attention in college

>>7162328
>The thief passed in an argument value of ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

How?

anyone on /biz/ who knows about ethpyramid is on the ground floor of the most well thought out and innovative money maker the ETH blockchain has ever seen. congrats boys, we're all gonna make it

>>7162328
how did he do it?

curious

ethpyramid discord ?

>>7162328
This is the man himself. He's also working with one of the guys who found this backdoor too, they're making it scam proof.

>Discord ARC says he bout to do it to em
>Think its FUD
>Shows proof with POWHcoin69
>Fuck.jpeg
>Not risking it, made back with dividends so im good
>Pulles out of POWH
>Takes shower
>Comes back and POWH is fucked
>Thanks ARC for the warning, you saved me 1 ETH bro

>>7162461
He thinks college teaches you useful stuff like this.

I was just about to make a thread on PoWHCoin crashing and I figured it was due to weak hands jumping ship to do something retarded like buy Ripple for the "impending Coinbase addition". But you're telling us you stupid motherfuckers couldn't even code this correctly? I can understand the hastily put together shadowfork shit flopping, but even the original one was a glitchy beta? Fuck you pajeet-tier imbeciles and any retard who buys into their next Jew scam.

>>7162328
I’m so ready for this OP.

This is what happens when you don’t get greedy and actually want to make a sustainable product.

This reminds me of exactly how ethercraft is. Great devs who are takin time to make sure shit doesn’t get fucked.

>>7162461
>tfw majored in finance

how do I learn to read code so I can do stuff like this

gojjam wtf am I doing with my life

>>7162561
Nobody is going to put ETH into this now. Anyone willing to take a chance has lost their ETH.

>>7162477
My body is so ready. It’s fucking aching

>>7162585
Lol there’s still people putting eth into POWH

How long do I have to wait? I'd much rather the team put up a solid date than keep delaying, especially when it's late at night. I keep staying up late so I can buy in immediately and getting fucked by these delays. Getting pretty sick of this shit, may just forget about it.

>>7162448
Proof?
Also noone stole anything from you lmao.

One of the ethpy devs here.

Trust us we’re aching to get it working too - we just REALLY don’t want to Mt Shadow2.0Gox everyone.

Smooth over your jimmies. Soon.

>>7162879

The alternative is we release something that gets pajeeted as soon as it hits 100 Ether. Would you prefer that?

>>7163220
you JUST DID Mt. Gox everyone you fucking retards

>>7162448
Good for you anon

>>7163345

I like how you think I had anything to do with PoWH. I didn’t. Take your finger pointing and fuck off.

No but I'd rather the rescheduled release times not be in the middle of the night

why hasn't someone done the same thing to the other clones? 3, 69, whatever there is

>>7162518
Are there Discord screenshots of this? For the lulz

>>7162448
Are you up?

>>7163251
Meant to quote >>7163387
I do appreciate the effort to make the release solid, and I still plan to buy in. But I know I'll get cold feet if I wait until the next day rather than buying in when it's released. Sometime in the evening would be fine but 2-3AM is pretty hard to keep doing.

>>7163387

Worldwide audience, man. Sucks but we gave ourselves another 24 hours to let everyone try and beat the shit out of it on Ropsten first.

>>7163345
You idiot, these are compeletely new and actually competent devs. This is ground floor. Either you get in on the hype or miss out on this ground floor.

EthPyramid Discord here

https://discord gg/T3dCMr

>>7163436
>these are compeletely new and actually competent devs

>>7163543

>>7162328
And this is all recorded on the Blockchain right? How do I view this?

>>7163401
yeah. He saved me about 750 usd, got out with 20 min to spare. Now hes helping redesign ethpyr with the proper checks to avoid this kind of disaster

>>7163701
yeah if you find the contract address you can watch the removal of 900 eth

>>7163543

One of us has a PhD if that helps.

It fucking doesn’t matter in the slightest, but we’ve got Dr. Peeramyd on the case.

>>7162328
Press ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff to Pay Respects

>>7162328
Want to thanks you guys, I was waiting around for this to launch yesterday and pulled out of powh while I was waiting, at first I was pissed off because pulled out at 920ether after holding for two days and I seen it go up to 1070ether. But so fucking glad I did now

>>7162328
how do I do the overflow bug?

>>7165301
>How do I steal money?
I guess you will have to learn by yourself

when Diablo 2 launched someone figured out if you spam fffffffffffffffffffffffffffffffffffff in the chat, it kicked the koreans out of the games.

gookexit

How did he do it?

>>7162519
...It does? Ever taken an embedded systems course?

Also why not shill the test net now and have the test net up for a week and have a release date, get anons to use the test net for the week so they can be sure this is finally safe? This would be a good idea because the anons can see how much they can make once the real one is up and running

sure, shill the testnet.
https://beta.ethpyramid.com

we've pushed a fix that does safe math operations but we need y'all to help out and test edge cases.

>>7162328
Does anyone have a link to the original contract? What was in the transferTokens() function that caused this to happen?

Where's the contract the Eth Pyramid test net is using?

>this time it will be different

>>7162328
>>7166146

It seems the contract is available here: https://etherscan.io/address/0xa7ca36f7273d4d38fc2aec5a454c497f86728a7a#code

I'm not very familiar with Solidity, but I'm trying to figure out why this was able to happen.

So the thief passed the maximum possible uint value to the transfer() function, meaning that if you added anything to _value, it would overflow (and become 0 again).

But shouldn't the check of (balanceOfOld[_from] < _value) in transferTokens() still return true, thus reverting the transaction? Nothing was added to _value, so how did it overflow?

Can someone with more experience pls explain how this happened so I never make a mistake like this in any of my softwares

>tfw I spotted someone make a valid transaction on shadowfork with wonky additional data like 12 after that crashed
>post it to 4chan
>get told it means nothing
>wake up to this

>>7162328
So if the thief now has that much Eth, how the fuck is he going to cash out and put it on his taxes?

>>7166800
He reinvests and launders it on Binance.

>>7166376

https://pastebin.com/43Pgcpx3

This was the state of it as of yesterday, could have changed significantly now though. Try asking in their Discord for an updated version.

maybe he shoud programmed an input validation for those numbers, so mad ..

Bump. Props to the sploiter for figuring this out while we were all playing with our dicks, he earned his haul.

Academic question; is it possible to make the ERC20 token transferrable to other wallet but still able to receive the dividends?

>>7164790
underrated

>>7166841
I think he'll definitely get caught eventually, there's no way he'll be able to make it look like he just had some lucky investments when he tries to put it in the bank or put it on tax forms.

>>7168184

>Illegal hacking an illegal pozi scheme on an illegal cryptocurrency network

lol

Is the all dividends gone also?

Im from the Powh Discord

Get out of your ERC20 tokens NOW

>>7162468
what do you mean how? by writing a program to do it...

>>7169032
NOOOOOOOO MY LINKS ARE ALL GONE AHHHHHHHHHHHHHHH

>>7162519
it really depends on the college

>>7162569
start with a python hello world. go from there.

>>7169032
can this fuck me if i got ERC20 tokens on exchanges? it only matters if the tokens are on the contract adress r-right?

>>7162569
I majored in Accounting and now a law student and I regret not knowing code.
It's like, you can't be a millionaire these days without knowing code.

>>7162328
>this time will be different goys
BUY BUY BUY

>got all in into this ponzi scheme
>it crashed
>RAGE
>*throws things around*
>RAGE
>LETS MESS WITH THOSE MORONS
>total IT brainlet
>*rightclick* show source
>delete some lines
>want to write giant FFFFFFFFFFFFFFUUUUUUUUUUUUUUUUUUUUUUCCCCCCCKKKKKK
>acidentaly hit enter after typing "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
>mfw bankroll 1000000 USD

>>7169263
become an IT lawyer

>>7164790
Dubs confirm this shall be a thing

>>7169261
Exchanges hold the tokens themselves. If their wallets are drained, you're essentially praying they will honor their clients' balances. Some have proved they would (Bitstamp), some have made shitty socialized losses schemes (Bitfinex), some just exitscam (too many to list). Good luck.

>>7169261

Correct, because your tokens are in an exchange wallet.
If someone hacks the exchange wallet, then the exchange has got a problem... and a lot of motivation to fix it in a way where you don't get hurt (too much).

Guys just try to trick me again and u ded...
Btw. There is quantstamp for contract audit... Like, seriously see it

>>7169066
Im new to eth and smart contracts. How does a hacker execute some of his own code on someone else's contract?

>>7170027
He doesn't, he sends inputs that trigger a bug in the contract. Input validation 101.

get in early on the new ethernumbers https://www.ethernumbers.co/index2.html

>>7164790
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

>>7170117
Your respects payment triggered an owerflow. 1000 ETH have been sent to your wallet.

>>7170117

ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

>>7164790
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff

>>7162328
Real nigga talk, what happened is you invested in a pyramid scheme and it blew up.

So we want it back, right
Cmok guys! We can do this. Ethpyramid will be the choosen one. Og powh dęba were retards and failed

>>7168184
>"oh these, I mined them back in the day and forgot about them because eth was worth nothing then lol"

>>7170384
Never going in to anything like this after this fiasco.

The blame is on devs, who fucking released buggy contract
and didn't save the ETH for us before the hack, they fucking must have known about this,
instead they were fucking with shadow.

I would also be suspicious that devs themselves did this to us.

Aa ahhhhhhh hahahahahaba I told yall OG had bed bugs like shadow did but no one listened hahahahhahahahahahahha fuck you in the mouth, I told you so. Why didn't you listen?

https://powhcoin.com/index2.html

holy shit

WE'RE GETTING PRELIMINARY REPORTS THAT THIS WORKS ON OTHER ERC20 TOKENS

DUMP DUMP DUMP

brb giving this a try lol

>>7171026
its not how you do it anon...

What is happenning? Can somone explain to a beginner?
What are the consequences?

>>7171095
All the money so gone

>>7162328
>Give money to a currency made by /biz/ user
>Their token gets 'hacked'
>Easiest one mil of their lives

The actual fuck is wrong with you people?

I am legitimately happy that all you powh fags got your shit taken and I hope lessons were learned but I know you'll all be buying the next pajeet scam tomorrow

can anybody tl;dr what is this, have been missing out on /biz/ few days

>>7166585

I'm guessing the problem is before that line. This is what tickles my exploit bone:

payouts[msg.sender] += (int256) (balance * PRECISION);
totalPayouts += (int256) (balance * PRECISION);

It seems they were using signed int256 and unsigned uint256 later, so it was overflowing and then getting smashed into a uint256.

Google's coding style guidelines explicitly said "NO UNSIGNED DATA TYPES" because it is all too easy to silently truncate, or extend values due to signed/unsigned mismatches.

>>7170417
5 seconds on Etherscan would expose this lie.

>>7170505
Honestly, this might have been one of the most clever exit scams of all time.
>Deploy a smart contract that looks innocuous on the surface
>it contains a backdoor/glitch that only someone who spent hours reading/working on the code would be able to figure out
>cash out
>claim it was an unintentional bug and that your contract got 'hacked'

I would not be surprised at all if this was planned from the beginning

>>7171135
You don't understand. The hack can be applied to any erc20 contract. It's a bug in the entire system that was discovered only because of PoWH. It's called a Gass over flow limit. Apparently, it's possible to set the gas so high that the system can spend infinite time distributing that gas and thus lock the system. I don't know how he withdrew it yet

>>7171327
According to this article, it was even worse than that. Basically, the transferTokens() function contained a flaw that would allow someone to sell tokens they didn't have. This would cause underflow, as the sell amount would be deducted from the balance of 0, resulting in their new balance being 2^256 - 1. They could then cash out, draining all the tokens from the contract:

https://medium.com/@ebanisadr/how-800k-evaporated-from-the-powh-coin-ponzi-scheme-overnight-1b025c33b530

>>7171393
This is not confirmed yet.

>>7171485
Just wait.

>>7171393
That was a different problem specific to the shadow fork, not to the original PoWH (or any other ERC-20 token, for that matter)

this is so fucking surreal
I want to laugh, but I'm just impressed

>>7171393
U r smort progrommor pojoot?

>>7171576
If it was different, why was the same.method used on OG?

>>7171393
No its fucking not you retard. It was due to an integer overflow on the request withdraw amount because they hadn't implemented the safemath lib.

Does India not have SCHOOLS?

>>7171583
true, for some reason I am envy, but I am very impressed and deep down belive that guy deserves it

If you weak hands hadn't cashed out this could be you right now.

thx /biz/

>>7171639
It wasn't. The infinite gas problem had nothing to do with the uint256 underflow bug that allowed people to steal millions of dollars' worth of ethereum

>>7171672
true if big

>>7171651
Mr .T ain't no computer hacker

>>7171690
Just go shill it to people until we get 32 billion dollars into the contract and I will cash out. After that I will do a /biz/ give away. easy money

>>7169308

10/10

>>7171730
no you will not

>>7171773
If I legit got 32 billion for doing nothing I would give away at least a few million to random people lol maybe a few billion even

>>7171809
Before shadow crashed I had dividends of 1.5x e^39

>>7171393
check the medium article. the withdraw was allowed because of a bad equality check and then an incorrect assumption that the sender was the owner.

super shitty code, and shouldnt be surprising at all as soon as you look at it. full of side effects, not indented correctly apparently, and a shitty attempt at humor was used in creating function names.

>>7171375
Yep. Who the fuck reads source code for random shitcoins? Devs did it on purpose is the only reasonable explanation.

>>7171967
Pajeet coders shat the bed.

The real problem is fucking around with these ponzi coins. There is no need for them. There have been perfectly fine ponzi games like this on the eth network before that just involves you paying in to a pot, it's just 20 lines of code and impossible to fuck up.

So any news from discord POWH and ETHPyramid ?

what's going on?

>>7171095
They'll never be the same