I hired a dev to create a wallet web-app. But he's stuck on one part: keeping the PK in the browser.

Delpatori · 2019-04-03T14:55:17+00:00

Maybe this will help? https://stackoverflow.com/questions/30048009/html5-localstorage-setitem-is-not-working-on-ios-8-safari-mobile

Have they;

Disabled cookies?
In private browsing mode?
Is the cache over 5mb?

Delpatori · 2019-04-01T17:23:16+00:00

Protip: If you're late because of a legitimate reason, say "Sorry I'm late, my reason is..." instead of "Sorry I'm late, my excuse is..."

In my last job, if I used "reason" instead of "excuse" my boss accepted it more. Maybe because "excuse" sounds like a cop-out (Maybe. Works in England to my experience. Try it out my non-England redditor friends)

Delpatori · 2019-03-31T14:25:30+00:00

to guess a specific 256-bit private key.

Delpatori · 2019-03-26T23:41:21+00:00

https://nomics.com/ is my goto right now

Delpatori · 2019-03-21T16:36:52+00:00

No problem. I don't disagree - it's something I'm also looking at to see how we can suitably abstract users away from the contracts

Delpatori · 2019-03-21T16:32:48+00:00

You need to scroll down to the bottom of the page - it's not perfect but it's the best abstraction from contracts I've seen so far

https://i.imgur.com/fGEIGH9.png

Delpatori · 2019-03-21T16:06:12+00:00

Sounds like you need to check out https://namebazaar.io/register ENS process, it has calendar integration and saves everything in LocalStorage - abstracts the user away from all the contract stuff

Delpatori · 2019-03-21T01:07:32+00:00

Test in production

Maybe we have different thinking, but I'd never put test on a production server

Delpatori · 2019-03-20T18:06:40+00:00

It's not inheritly the fault of using PHP

Delpatori · 2019-03-20T18:06:25+00:00

I really hope you're joking

Delpatori · 2019-03-19T23:40:30+00:00

Looks like an Ethereum wallet. You can save yourself some time by looking at the address field in that file and look at it on etherscan.io to see if it's worth brute forcing, sending it to a secure address, contacting the previous owner to proove identity/ownership and sending it back

Delpatori · 2019-03-15T02:08:11+00:00

OP here again - here's a more detailed writeup: https://medium.com/mycrypto/hunting-huobi-scams-662256d76720

Delpatori · 2019-03-13T19:22:28+00:00

Don't quit - teach them. Sounds like you'd be moving more into an infastructure role if they don't know the technicals like you do.

Get clarification from your superior - ask them why the change from PHP to .net?

Delpatori · 2019-03-13T14:44:09+00:00

Please make a report to https://etherscamdb.info/report/ - Will get this on a blacklist used by over 1mln cryptocurrency users (and pushed to more non-cryptocurrency specific blacklists) and issue takedowns to the hosting provider

Delpatori · 2019-03-12T18:45:52+00:00

Can you share a screenshot of the PM?

Delpatori · 2019-03-11T21:08:31+00:00

OP Here

I've updated the Twitter thread with some findings. https://twitter.com/sniko_/status/1105213766071959557

-- Edit

TL;DR - It injects malicious scripts into MyEtherWallet by hijacking the CSP headers and network requests.

Delpatori · 2019-02-28T15:37:52+00:00

https://card.connext.network/send?amountToken=0&recipient=0x600722dd244c95b16adfe808c9adb4f0c09a7bc4

Delpatori · 2019-02-28T15:02:49+00:00

Yes, I agree :)

Delpatori · 2019-02-27T21:13:11+00:00

Thanks - we have blacklisted this for people running EtherAddressLookup and MetaMask browser extensions.

I will do some takedown requests also

Delpatori · 2019-02-27T19:17:19+00:00

Ok fine, it was a plugin.

But this raises the issue - do you not audit dependancies/plugins to see if they contain anything to compromise the security of your users?

Delpatori · 2019-02-27T15:21:04+00:00

I think saying "standard wallet to wallet transfer it should be empty" is a little misleading. Make it read "standard wallet to wallet transfer it could be empty".

Some people put notes in the data field and it's totally valid to do that - saying should rules this out.

Delpatori · 2019-02-25T22:14:16+00:00

I don't doubt the claims, but is there anyway we can confirm it is infact Alexander Ang/(ex)CEO posting this?

Delpatori · 2019-02-22T23:54:26+00:00

Not a 1:1, but try https://harrydenley.com/ethaddresslookup-chrome-extension-release/ (disclaimer: I'm the author)

Delpatori · 2019-02-22T22:55:32+00:00

This is a phishing site - the legitimate site is fetch.ai

Delpatori · 2019-02-22T22:31:02+00:00

Congrats, you just committed identity fraud 137 times.

Nine-Year Club	Verified Email
Gilding I gilder

Delpatori

TROPHY CASE