Author

Topic: Odd behaviour in Exodus Wallet (Read 213 times)

legendary
Activity: 2730
Merit: 7065
January 15, 2023, 04:10:33 AM
#12
Does that mean they don't plan on solving the 'bug' that allows address poisoning to happen in the first place?
I have no idea what they are planning. It's a bug or actually a feature of a network smart contract. Once such a contract is released, I don't think it can be taken offline. Tron isn't decentralized like Bitcoin, but you still shouldn't expect that someone out there would/should have the possibility to remove certain network capabilities they don't like.

Fraudsters are using those zero-value transactions as scam attempts, but there are surely other genuine reasons and use cases why such an option exists. Changing it could affect people who aren't abusing it. This is just guesswork btw.
legendary
Activity: 2170
Merit: 1789
January 15, 2023, 03:30:17 AM
#11
It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field"
The address book/contact feature is really helpful. Sadly not every wallet has it, and not everyone uses it either. I don't know why but I found some users still copy-paste addresses from their transaction history or blockchain explorer. I don't think it's convenient at all unless their wallet is really terrible and has no built-in feature for copying addresses. CMIIW.

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.
The wallet or blockchain explorer could have a button to hide all 0-value transactions. That would get rid of this scam from popping up in front of your eyes. Blockchain explorers already tag these schemes as scams and malicious attempts. At least on Tron they do. 
Does that mean they don't plan on solving the 'bug' that allows address poisoning to happen in the first place? Improving blockchain explorer sounds good but I would rather stop using a network that allows a bug like this to exist in the first place.
legendary
Activity: 2730
Merit: 7065
January 14, 2023, 04:31:41 AM
#10
It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field" This will help easily identify the fake transactions and avoid one from copying the phishing addresses from the wallet transaction history
There is an even better way. Don't copy anything from your transaction history when you are sending and receiving crypto. Congratulations! You have just upgraded your security. Wink

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.
The wallet or blockchain explorer could have a button to hide all 0-value transactions. That would get rid of this scam from popping up in front of your eyes. Blockchain explorers already tag these schemes as scams and malicious attempts. At least on Tron they do. 
legendary
Activity: 2338
Merit: 1261
Heisenberg
January 14, 2023, 04:18:00 AM
#9
It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field" This will help easily identify the fake transactions and avoid one from copying the phishing addresses from the wallet transaction history

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
January 12, 2023, 02:17:58 PM
#8
I'm using Exodus wallet.
Why dont you use more reputable ones like electrum (for BTC), metamask (for alts), etc.
Just saw an article regarding exodus:
Cons: Easily Hacked – The Exodus software wallets can be easily hacked, and most users may lose funds if the device gets attacked by keyloggers or malware.

It's written in Electron, which itself is just streamlined Chromium, so I'm not surprised by this at all.

Wallet software should be as small and minimal as possible to minimize the attack surface. That's why most wallets are written in C/C++ and Java.
hero member
Activity: 1554
Merit: 880
pxzone.online
January 10, 2023, 03:49:45 AM
#7
The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.
Shit, looks like this is a need to fix on those shitty smart contracts where zero amount transfer should not be allowed.
I just checked the USDC and USDT smart contract on its previous' transfers[1][2] after reading this thread and there are lot of them transactions with zero amount with a label of Fake_PhishingXXXX

[1] https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
[2] https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7
legendary
Activity: 2730
Merit: 7065
January 09, 2023, 06:24:59 AM
#6
Do you have any balance in your wallet? Not sure why a zero value transaction occured in your case, but I'd immediately transfer funds to another safe address(controlled by me) if I suspected such activity.
There is no reason to do that. OP can't have his coins stolen in that way. Think about it: If a hacker/scammer had access to your wallet and could steal your coins, would they take everything you have, or would they make silly 0-value transactions? I am sure you know the answer to that question.

The scammers create similar looking addresses. They match in the first and last couple of characters. The idea is to trick the person into copying the wrong address from their transaction history instead of going about it the correct way. If you use the send/addresses/receive tabs the way they were intended, and not copy addresses from transaction histories or block explorers you would have nothing to worry about.   
legendary
Activity: 2380
Merit: 5213
January 06, 2023, 10:21:54 AM
#5
It is strange that scams evolve like this, but it is better to send an email to Exodus developers to fix such *bug*.
I don't call it a bug. As you said, it's the problem with how transferFrom function work. Such transactions are valid, according to those altcoins rules and explorers show them.
In bitcoin, we have a dust limit which doesn't allow broadcasting zero transactions even if you own the private key, but that's not how those shitcoins work and therefore, that's not explorers or wallet providers fault.
legendary
Activity: 2688
Merit: 3983
January 06, 2023, 04:40:43 AM
#4
The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Watch out for this NEW TransferFrom Zero Transfer Scam!
I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC
Thanks for clarifying what happened. So in short, it's transferFrom function with Zero amount to any address and thus doesn't need pvtKey.

It is strange that scams evolve like this, but it is better to send an email to Exodus developers to fix such *bug*. All they need is to hide transactions with zero balance, just as explorers should do, so why wasn't such a solution implemented?!
legendary
Activity: 2380
Merit: 5213
January 05, 2023, 02:43:35 AM
#3
The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Watch out for this NEW TransferFrom Zero Transfer Scam!
I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC
hero member
Activity: 1050
Merit: 681
January 05, 2023, 01:04:28 AM
#2
I'm using Exodus wallet.
Why dont you use more reputable ones like electrum (for BTC), metamask (for alts), etc.
Just saw an article regarding exodus:
Cons: Easily Hacked – The Exodus software wallets can be easily hacked, and most users may lose funds if the device gets attacked by keyloggers or malware.

Does anyone know what is happening here? Should I worry?
Do you have any balance in your wallet? Not sure why a zero value transaction occured in your case, but I'd immediately transfer funds to another safe address(controlled by me) if I suspected such activity.

Alternatively, just get a hardware wallet to store your precious cryptos.
member
Activity: 134
Merit: 10
January 04, 2023, 11:16:36 PM
#1
I'm using Exodus wallet. About 3 days ago, I've found that my USDC wallet has multiple 0 value SEND transactions...

like this:



In the block explorer it looks like this:

https://etherscan.io/tx/0xf96d916f4c9d82439e9ff9d443740e5d1848abc81e779d6fc92930167813d2c1
https://etherscan.io/tx/0xfba8fac3d18091415a7c2b1ae8ffe2b2fdf47b92dc06242f22672fcac4cc3f22
https://etherscan.io/tx/0x12a4ccca713a91346f413ef6e789b2dff04c7f91a29f1c97489b77d8fe390543

2 of these transactions are marked as:

"From: 0xe7b56351eec08699848fd317b2a2bfcfb1a9933c (Fake_Phishing7828)"

Does anyone know what is happening here? Should I worry?

Thanks and happy new year!!
Chris
Jump to: