AdLunam

Loading...

AdLunam

Register
section-icon

Forums

Talk about anything you want!

Welcome To

Security alert – Intelligent contract portfolios created at the border are vulnerable to phishing attacks

Forums BTC, ETH & Macro Markets Ethereum Security alert – Intelligent contract portfolios created at the border are vulnerable to phishing attacks

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Assigned configurations: All intelligent contract portfolios created using Ethereum Wallet Frontier, version 0.4.0 (Beta 7) or earlier. The portfolios created with Ethereum Wallet 0.5.0 and all the subsequent versions published after March 3, 2016 are not affected.

    Probability: Weak

    Severity: High

    Summary:

    Do not use portfolio contracts or owners’ accounts of these portfolios created by the Ethereum 0.4.0 or earlier portfolio. If you send (or interact with) a malicious contract, it could appropriate your wallet contract. Create a new portfolio and move your funds.

    How to be super sure ??

    Do not use vulnerable portfolio contracts, and the accounts of the owner of these portfolios to send ether and interact with the contracts you do not know! If you do not use these accounts and wallets, and improve your wallet as describe hereYou are safe!

    Details:

    An attack vector has been discovered which affects the intelligent contract portfolios created before the release of ownership (border phase). The attack may occur if an affected wallet interacts with a malicious contract or if the account of the owner of an affected portfolio interacts with a malicious contract which knows the address of his portfolio. An attacker can then pretend to be the owner and can therefore steal funds or tokens and change the owner of the wallet.

    If you do not use your portfolio and owner accounts with contracts that you do not know, you are safe!

    Receiving ether and sending the ether to unpaid accounts is very good.

    In addition, if you have configured your wallet with multisig, you are safer, because the attacker should have you sent with all the owners to malicious contracts.

    Proposed solution:

    We recommend that if you have created a wallet using the affected versions, you take one of these steps:

    • Create a new portfolio With the latest version of Ethereum Wallet (any version of 0.5.0 or more recent) and Move your funds there. You can follow these steps.
    • Until you do what above,, Do not use any account which is a owner an affected portfolio, or the affected portfolio itself To interact with closed or otherwise unknown contracts which could trigger arbitrary actions (including the transfer of ether). Send / interact only for the addresses you have or know!
    • Create a secondary account for your daily use. This should not be connected to your contract portfolios


    We have created a new version of Ethereum 0.7.6 portfolio, which will detect your vulnerable wallets.

    Download the latest version and follow the steps described in the version notes to update your vulnerable wallets!

    Source link

    post url: https://altcoin.observer/security-alert-intelligent-contract-portfolios-created-at-the-border-are-vulnerable-to-phishing-attacks/

1

Voice

0

Replies

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.
Login with your Social Account