Odd behaviour in Exodus Wallet | Bitcointalksearch.org

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: joniboini on January 15, 2023, 04:30:17 AM

Does that mean they don't plan on solving the 'bug' that allows address poisoning to happen in the first place?

I have no idea what they are planning. It's a bug or actually a feature of a network smart contract. Once such a contract is released, I don't think it can be taken offline. Tron isn't decentralized like Bitcoin, but you still shouldn't expect that someone out there would/should have the possibility to remove certain network capabilities they don't like.

Fraudsters are using those zero-value transactions as scam attempts, but there are surely other genuine reasons and use cases why such an option exists. Changing it could affect people who aren't abusing it. This is just guesswork btw.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: JeromeTash on January 14, 2023, 05:18:00 AM

It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field"

The address book/contact feature is really helpful. Sadly not every wallet has it, and not everyone uses it either. I don't know why but I found some users still copy-paste addresses from their transaction history or blockchain explorer. I don't think it's convenient at all unless their wallet is really terrible and has no built-in feature for copying addresses. CMIIW.

Quote from: Pmalek on January 14, 2023, 05:31:41 AM

Quote from: JeromeTash on January 14, 2023, 05:18:00 AM

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.

The wallet or blockchain explorer could have a button to hide all 0-value transactions. That would get rid of this scam from popping up in front of your eyes. Blockchain explorers already tag these schemes as scams and malicious attempts. At least on Tron they do.

Does that mean they don't plan on solving the 'bug' that allows address poisoning to happen in the first place? Improving blockchain explorer sounds good but I would rather stop using a network that allows a bug like this to exist in the first place.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: JeromeTash on January 14, 2023, 05:18:00 AM

It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field" This will help easily identify the fake transactions and avoid one from copying the phishing addresses from the wallet transaction history

There is an even better way. Don't copy anything from your transaction history when you are sending and receiving crypto. Congratulations! You have just upgraded your security. Wink

Quote from: JeromeTash on January 14, 2023, 05:18:00 AM

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.

The wallet or blockchain explorer could have a button to hide all 0-value transactions. That would get rid of this scam from popping up in front of your eyes. Blockchain explorers already tag these schemes as scams and malicious attempts. At least on Tron they do.

JeromeTash

legendary

Activity: 2100

Merit: 1208

Heisenberg

It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field" This will help easily identify the fake transactions and avoid one from copying the phishing addresses from the wallet transaction history

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Edwardard on January 05, 2023, 02:04:28 AM

Quote from: chrusso on January 05, 2023, 12:16:36 AM

I'm using Exodus wallet.

Why dont you use more reputable ones like electrum (for BTC), metamask (for alts), etc.
Just saw an article regarding exodus:
Cons: Easily Hacked – The Exodus software wallets can be easily hacked, and most users may lose funds if the device gets attacked by keyloggers or malware.

It's written in Electron, which itself is just streamlined Chromium, so I'm not surprised by this at all.

Wallet software should be as small and minimal as possible to minimize the attack surface. That's why most wallets are written in C/C++ and Java.

PX-Z

hero member

Activity: 1414

Merit: 802

Top Crypto Casino

Quote from: hosseinimr93 on January 05, 2023, 03:43:35 AM

The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Shit, looks like this is a need to fix on those shitty smart contracts where zero amount transfer should not be allowed.
I just checked the USDC and USDT smart contract on its previous' transfers^[1][2] after reading this thread and there are lot of them transactions with zero amount with a label of Fake_PhishingXXXX

[1] https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
[2] https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Edwardard on January 05, 2023, 02:04:28 AM

Do you have any balance in your wallet? Not sure why a zero value transaction occured in your case, but I'd immediately transfer funds to another safe address(controlled by me) if I suspected such activity.

There is no reason to do that. OP can't have his coins stolen in that way. Think about it: If a hacker/scammer had access to your wallet and could steal your coins, would they take everything you have, or would they make silly 0-value transactions? I am sure you know the answer to that question.

The scammers create similar looking addresses. They match in the first and last couple of characters. The idea is to trick the person into copying the wrong address from their transaction history instead of going about it the correct way. If you use the send/addresses/receive tabs the way they were intended, and not copy addresses from transaction histories or block explorers you would have nothing to worry about.

hosseinimr93

legendary

Activity: 2380

Merit: 5178

Quote from: hugeblack on January 06, 2023, 05:40:43 AM

It is strange that scams evolve like this, but it is better to send an email to Exodus developers to fix such *bug*.

I don't call it a bug. As you said, it's the problem with how transferFrom function work. Such transactions are valid, according to those altcoins rules and explorers show them.
In bitcoin, we have a dust limit which doesn't allow broadcasting zero transactions even if you own the private key, but that's not how those shitcoins work and therefore, that's not explorers or wallet providers fault.

hugeblack

legendary

Activity: 2492

Merit: 3597

Buy/Sell crypto at BestChange

Quote from: hosseinimr93 on January 05, 2023, 03:43:35 AM

The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Watch out for this NEW TransferFrom Zero Transfer Scam!
I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC

Thanks for clarifying what happened. So in short, it's transferFrom function with Zero amount to any address and thus doesn't need pvtKey.

It is strange that scams evolve like this, but it is better to send an email to Exodus developers to fix such *bug*. All they need is to hide transactions with zero balance, just as explorers should do, so why wasn't such a solution implemented?!

hosseinimr93

legendary

Activity: 2380

Merit: 5178

The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Watch out for this NEW TransferFrom Zero Transfer Scam!
I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC

Edwardard

hero member

Activity: 1050

Merit: 681

Quote from: chrusso on January 05, 2023, 12:16:36 AM

I'm using Exodus wallet.

Why dont you use more reputable ones like electrum (for BTC), metamask (for alts), etc.
Just saw an article regarding exodus:
Cons: Easily Hacked – The Exodus software wallets can be easily hacked, and most users may lose funds if the device gets attacked by keyloggers or malware.

Quote from: chrusso on January 05, 2023, 12:16:36 AM

Does anyone know what is happening here? Should I worry?

Do you have any balance in your wallet? Not sure why a zero value transaction occured in your case, but I'd immediately transfer funds to another safe address(controlled by me) if I suspected such activity.

Alternatively, just get a hardware wallet to store your precious cryptos.

chrusso

member

Activity: 134

Merit: 10

I'm using Exodus wallet. About 3 days ago, I've found that my USDC wallet has multiple 0 value SEND transactions...

like this:

In the block explorer it looks like this:

https://etherscan.io/tx/0xf96d916f4c9d82439e9ff9d443740e5d1848abc81e779d6fc92930167813d2c1
https://etherscan.io/tx/0xfba8fac3d18091415a7c2b1ae8ffe2b2fdf47b92dc06242f22672fcac4cc3f22
https://etherscan.io/tx/0x12a4ccca713a91346f413ef6e789b2dff04c7f91a29f1c97489b77d8fe390543

2 of these transactions are marked as:

"From: 0xe7b56351eec08699848fd317b2a2bfcfb1a9933c (Fake_Phishing7828)"

Does anyone know what is happening here? Should I worry?

Thanks and happy new year!!
Chris

Topic: Odd behaviour in Exodus Wallet (Read 183 times)