Categories

Welcome to Hidden Answers, the Main Deep Web Forum. Please follow the rules for each category to keep this forum clear and useful.

3.3k questions

10.0k answers

4.4k comments

9.1k users

Most popular tags

Working exploit: bug in crypto exchange

2 like 1 dislike
Ask for details. Confirm in replies if it works.
in Technology & Crypto by Newbie (284 points)

Please log in or register to answer this question.

9 Answers

3 like 0 dislike
This kind of information is not so easy to obtain and not so cheap to share among a DW forum. Really tricky situation.

But you have requested and I am asking the details. Can you share the details via PM?

Looking forward to hear it.
by Active (1.5k points)
3 like 0 dislike
Yo, PM me, curious as to what bug there is. I don't see how crypto can have a profitable bug but I don't 100% doubt it.
by Newbie (150 points)
0 1
Please check my last message and do not fall for this scam. You can find full details below and I hope you are not part of this scam operation. I can understand and see your true colors based on your validation or verification response to this post.

In case you are a curious person please do your experiment with the bonus they will assign to you and do not lose your hard earned money.

Best of luck.
by Active (1.5k points)
2 like 0 dislike
Thanks for sharing the details through PM.

Will review and update here.
by Active (1.5k points)
2 like 0 dislike
I will not recommend this anymore as it has lead to legal actions. The bug worked perhaps for some at first, but they are cracking down pretty hard on it now. Accounts frozen and banks notified.
by Newbie (284 points)
1 0
Respect. worthy step
by Experienced (8.4k points)
1 like 0 dislike
I have created the account and platform has asked for KYC based on location I am from. Now waiting the KYC to be completed.
by Active (1.5k points)
2 like 1 dislike
Hi Lufes,

After testing the platform and looking for to make the bug you have reported to work, my final conclusion is useless. The bug is generating tokens which are not used or exchanged in the trading platform.

I do not know how you have achieved it but even this exchange platform is not showing most necessary information on transactions like transaction hash.

Upon in depth research has showed me that this trading platform and their parent company may be a different type of scam operation.

The overall figures and simplicity even though they perform legal like operations, my nose is getting some nasty smokes.

Thanks god that I have learned my lesson pretty well that I have not lost any bit of my money but tested their system with their bonus.

I will have one more test to see what the true colors of these guys are.

If you could be able to pull it forward, you may consider yourselves lucky or I do not want to blame you without any proof but maybe part of this scam operations as well.

I have seen enough of this kind of things in my three decades of professional life which security always became a crucial part of it.

As my closing words, I wish you best of luck in your life.
by Active (1.5k points)
2 like 1 dislike
To All who see this thread,

Based on my last test, the system looks like a bait to lure anyone who aims to get easy and cheap profit. But the fact as I understood is quite well organized scheme.

The most important thing is their account id system is based on sequential numbering. My created account was 10041 and the new account created today is 10042. This is a significant weakness.

When I have scanned whole series of account ids from 10001 to 10042. The shared exploit returned as error stating that user not found. Under normal circumstances, a company who can make company acquisitions in the range of 8 digits (20M$ for Wall Street VPN for example based on published news through several platforms) should have more customers on their trading platform.

Also a trading platform manages a portfolio of 6B USD funds of few hundreds of customers should have passing more serious penetration testing that can easily find the backdoor left open by the developer.

Their DNS records also is not meaningful from purchased registrar to their MX and A records are not consistent. Also both trading platform and investment platform is hosted on one single Google Cloud Virtual Machine with 239.213.178.107.bc.googleusercontent.com host DNS record. There is not even a load balancer setup is in place.  

Wherever I touch on this system, there are many flaws and issues.

When I have tried to login with old new accounts the trading platform, I have seen that both my accounts are banned as I have expected.

But there is no issue for my account on main platform. It is working as expected and nothing has happened.

Based on the shared exploit definition, this platform has harmed only 14 people so far. But that number can change between 40 and 14.

Please stay away from this site and thread.
by Active (1.5k points)
1 like 0 dislike
dm me
by Guest (111 points)
1 like 0 dislike
Interesed.
by Newbie (162 points)
 | Snow Theme by Q2A Market
Powered by Question2Answer
...