The show must go on, as they say. And Safemoon are putting on one hell of a show. A quick background on the initial 10 Million hack is that there was a 'bug' in the contract that allowed any user to burn any other user's tokens. In the way, the hacker burned a bunch of tokens, which elevated the price and then swapped at the elevated price to gain a far above market output of tokens from the swap. Ironically, the Safemoon team had a hidden backdoor where they kept the keys for tokens that were supposedly burned, and started recovering tokens that were supposed to be gone forever to restore the stolen liquidity. Now, a data miner have discovered another bug in how Safemoon holders would login and access their wallets. I say login because for a reason I can only describe as somehow, the SM team decided to use usernames and password instead of much improved security, ideology and practicality that comes with seed phrases. The 'bug' basically allows any users to determine their own security level, such that any user can set their security level to the maximum of level 10, and thus change the password of any other member, as well as use other security level 10 user privileges. More technically if you're in IT, the security level is determined from client-side data, which is a big no no . The data miner also supposedly published the password of a SM team member to prove it was true, which allegedly led to that team member leaving SM days later. https://twitter.com/MostStablecoin/status/1642448964271349760 [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments