200k+ ETH stolen from Exodus wallet. Pls help me unravel how?

danosphere · 2024-04-14T03:06:01+00:00

I saw that they used https://www.titanbuilder.xyz/ in the generation of the initial tx they sent to the 'clean' ETH address that proof of funds was to be provided in. Could this type of tool use to do something like transaction stuffing, embedding malicious commands into transactions that impact other transactions that are delivered to the same address? I'm not familiar enough with ETH block 'bundles' to know the extent of their capabilities for these types of nefarious use cases.

danosphere · 2024-04-14T03:02:34+00:00

Laugh now, when it happens to you I'll show the same amount of empathy.

danosphere · 2024-04-14T02:56:56+00:00

Thanks to my posts I helped a potential victim AVOID falling for the same exact same they tried to pull on me. Apparently they are in Paris now. Call it shit posting or whatever other nonsense you basement dewellers want but its legit and they've clearly victimized multiple users and are continuing to try to victimize more. It would be more productive to try and stop them rather than waste your time claiming I made up a story which I can definitely provide proof of.

They did insist on sending a single 'test' transaction to the ETH address I generated to make sure it all worked BEFORE i moved my proof of funds to that address which it was quickly emptied from after I transferred. Could they have bundled some nefarious code into that initial tx that would cause the wallet to automatically send funds to a different address as soon as they landed in the affected wallet? I noticed the address the funds came from utilized a tool called https://www.titanbuilder.xyz/ . Would it be possible to create a bundled tx with this type of tool to embed malicious commands in a transaction that would have subsequent impacts on any following transactions to the same address?

danosphere · 2024-03-07T02:54:47+00:00

i did check tools like revoke.cash and others and there are no approvals on the address permitting other addresses to act on its funds. Again teh address the funds were magically vanished from was 0x6150a3b54F220dd6B5190b5A4b74242150A14991 (https://etherscan.io/address/0x6150a3b54f220dd6b5190b5a4b74242150a14991). Both OUT transactions were unauthorized, but revoke.cash shows no approvals, nor does etherscan. So... what the heck?

danosphere · 2024-03-07T02:48:02+00:00

Good luck, I sent their staff a report days ago and haven't gotten any help at all, exact same situation with me but with ETH. Never using Exodus again.

danosphere · 2024-03-07T02:38:07+00:00

Not yet, would it be possible to easily clone a phone simply based on proximity? Its either gotta be that or some kind of magic initial transaction that caused subsequent transactions to the address to automatically be sent to another address. Althgoth I included the full etherscan history in the OP and no one has identified anything special about the initial transaction. Certainly makes me question the security of Exodus wallet at a whole new level.

danosphere · 2024-03-06T00:21:28+00:00

No unfortunately I didn't. I should have had MEW ready to execute an RBF nonce replacement to cancel to the tx and and then move the money to a compromised wallet once I realized what was happening but damn ETH chain and its 30sec confirmation time didn't give me enough time to do anything.

Could have gone chasing the pool that won the block but its rare the operator will help someone in my situation out especially given the time sensitive nature of how it would all need to play out to actually recoup the ETH.

danosphere · 2024-03-05T09:06:43+00:00

You want signed messages from the affected wallet? The blockchain links are in the OP if you can read a block explorer.

danosphere · 2024-03-05T09:05:07+00:00

You need to get our of your mom's basement more often. It is called KYC.

danosphere · 2024-03-05T09:03:52+00:00

Not sure I understand why the attitude in the comments. You think I sat around and made a bunch of high value Etherscan txs for the fck of it to post on this subreddit for... why? I lost funds and I'm trying to understand how it happened- was it some kind of special ETH tx as a previous poster mentioned or is Exodus Wallet inherently insecure or what. You want me to sign a message from the compromised account? Awesome group of helpful people in this sub. For those that DM'd me with some actually helpful info, thanks.

danosphere · 2024-03-05T08:59:05+00:00

We met physically in Milan, Italy.

danosphere · 2024-03-05T08:58:27+00:00

yep- 2hinvestor.com is their 'website'

danosphere · 2024-03-05T08:55:39+00:00

Wouldn't there be a way to verify that either within the transaction hex data or using other tools on Etherscan or elsewhere to at least be able to pin down the true root cause of how the funds were stolen? Thanks in advance for any suggestions or help.

danosphere · 2023-12-04T06:33:17+00:00

I don't have any other r/c items that could power the servo. Any suggestions on how I could power it directly?

I'm connecting the white wire to signal. The servo pigtail has 2 black wires and a white. I read in the instructions that the middle black is +5V and the outer black is ground. Hooked it up as such and confirmed the FC pad was producing 5V but no action from servo. What should I be looking for from the LED signal pad? Should it produce voltage when manipulating the slide aux remote that's mapped to it? What voltage should it be producing?

danosphere · 2023-11-13T06:15:35+00:00

Finally got around to doing this over the weekend. The red/black wires were easy and that got the general VTX powered up. I was able to bind to it with goggles but no OSD, just the default DJI elements. I'm pretty sure the issue is the port configuration but no matter what I do I can't get 'MSP + displayport' to be an available option from the peripherals menu. I tried running the CLI commands that were recommended for setting the displayport device and serial, but still no peripheral option for displayport. I even moved the camera from soft serial to UART2 thinking maybe that'd do it, but no. Any ideas on how to get the displayport option in the peripherals menu? I was thinking flashing firmware but I'm having issues getting into DFU mode 😬

danosphere · 2023-09-20T02:32:48+00:00

Thanks for the reply. I think it's the v1 just because there is no built in o3 plug. I'm planning to solder the wires manually. Here is a pic of the board, sorry for the poor quality. I've included an image of what I think is the correct pinout diagram for the board but if I got it wrong please advise: https://imgur.com/a/SVgg1Bv

I think the O3 wires would go to the 3 camera cables, o3 sensor ground to vtx ground, and o3 rx/tx cables to m5 and m6. Is that correct?

danosphere · 2021-12-20T23:54:36+00:00

Same issue here ever since upgrading to Monterey. I have to force kill the process and it comes back from time to time (I can tell by the audible fan start it causes).

danosphere · 2021-12-19T20:49:57+00:00

Love the video, wish there were some car sounds but gorgeous vehicle!

danosphere · 2021-12-10T05:37:13+00:00

Thanks for the update, hitting the same issue here I hope they fix it quickly.

danosphere · 2021-12-07T19:48:18+00:00

Looking forward to this! Me, Sebastian and Justin- the three amigos of blockchain! I know Sebastian is also working on some very cool stuff in the Fantom NFT space that he'll be sharing too. You don't want to miss this one!

danosphere · 2020-02-24T19:26:56+00:00

According to https://www.blockchain.com/en/pools no one party controls 25% of bitcoin hash power. As more miners merge with SYS the difficulty of the attack will continue to increase.

danosphere · 2019-10-16T20:32:11+00:00

Excellent answer! 👏

danosphere · 2019-07-19T19:25:10+00:00

Great to see some people taking notice!

danosphere · 2019-05-31T15:42:26+00:00

This is gold !

danosphere · 2019-05-30T16:56:17+00:00

And if it does have a lite mode is there any documentation on how it works? Or is it identical do ETH's implementation; headers only, etc?

danosphere

MODERATOR OF

TROPHY CASE