-
Notifications
You must be signed in to change notification settings - Fork 400
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
exlly.com HACKED #236
Comments
after i sent my addres on email will my fund be sent to my wallet or do you take my money away? |
We sent you an email to return your funds yesterday. We asked you for a Bitcoin address, for your deposit, but we received an address in Litecoin. We do not "leave with the funds". We are all the more sorry about what is happening and our priority is to protect our uses of which you are a part. |
"It is urgent to fix this problem in the source code or to warn that the code is hacked." despite numerous security experts reviewing the code the dev still claims the code is safe, you are now the 5th exchange that I know of that has been hacked this way. funny how the only exchange that doesn't get hacked is the devs. stay clear of opentrade, he refuses to update and fix any bugs to the public release and we have been given a list of vulnerabilities by security experts |
Nobody has shown any vulnerabilities in the published code yet. |
when what's not there? |
Where is it? Are you got an exploit or not? |
Hi Enmanet, |
On which platform? |
Impossible. After this order amount updated to 0 Only then user balance is updating and user is unlocked If the user will try to close the same order again then balance will not change because where
https://github.com/3s3s/opentrade/blob/master/server/modules/users/orders.js#L75 but order.amount is already 0. |
I tried it now for half an hour and it is not possible to hack it for me. |
@3s3s the problem isnt in the trading. I know how to do the glitch. Its the withdraw / coupon problem. Incase you try to withdraw high amounts etc when you dont have anything multiple times you sometimes get the amount credited to the account. |
I will look into the code, but its something with the withdraw that gives you back. If you have 0.1 btc and tries to withdraw 200 you end up with 199.9 btc on the account with no withdraw. Than you make the withdraw when you have 200 btc as normal. |
User is locked when adding new order here After that, the user balance is updated then order inserted and only then user is unlocked I am not see any way: how the user can place multiply orders without the balance updating ( |
Dev will happy to update the code if anyone will show an exploit. |
i totally agree with 3s3s and i am happy that he released open trade to us and that he still works on it and comments all the questions here. who knows if hack wasnt done from inside the vps... |
Hello I have some fix for OpenTrade, to use smtp with SSL. Also there are a redirection problem for pin code or alert for mail confirmation. Support email confirmation. Email from for support. But I haven’t fix for add balance issue. Thank you to all for considering this problem and working on this. It’s really important to have a good code without breach. |
bitmxithickz do you really think we're using that exchange script - It's merely based on binance (its an exchange if you havent heard of it) the only relevance is the small featured banners at top. The various exploits are easily due to how bloaty and bad the code is. |
What a fucking idiot |
You got exploits but you will not show it? Hmm. It is interesting... |
Only Admin (userid=1) can withdraw more than he got on account balance This is not bug. This is feature. |
We don’t have exploits |
lol im just going to leave you here to argue with yourself if you are not smart enough to know what we are using for our exchange now then you clearly know as much as I thought you did when you told people you fixed all security issues in opentrade yet I don't see any push requests from you either. |
I'm confused. I was looking into using this software. Is there an issue or not? Also if there is an issue can you point me to another backend issue free? |
You are aware that around 10-15 exchanges have been hacked using OT, and the well aware fact that the dev has pretty made now made it closed source since since he's a 9 year old, yet you wish to use it? |
You can use OpenTrade as an exchange template only |
Discord is here, always has been https://discord.gg/GWe6N7J
It wasnt via the wallet either, please do read up if you are capable of doing that - We also refunded people.
Move along, please.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
…On Saturday, 9 February 2019 21:25, ExchangeTime ***@***.***> wrote:
I find it funny to read these chats. Both the persons from "Altmarket" behaves like children and acting in a defensive possession. They stored 3 btc / 3 btc in a hotwallet and got "hacked". They lost BTC and DOGE (the only coins with any real value). Same day as the "hack" happend they removed their discord, twitter and everything else and fucked everyone over. Atleast they could pay back everyones bitcoins they owe them.
Even after all of this they choose to open a new exchange with Rubykube and people still choose to use them after deleting their social medias and pretending they are the "good" people? They havent showed 1 line of code thats "a security breach" as they are talking about. They are bullshiting so hard they even think its the "truth". Come on, who stores 100% in a hotwallet and than deletes all of their social medias when the "hack" happends.
Anyone who would use Altmarket.cc i suggest to withdraw all of your coins as its a team full of scammers.
—
You are receiving this because you were mentioned.
Reply to this email directly, [view it on GitHub](#236 (comment)), or [mute the thread](https://github.com/notifications/unsubscribe-auth/ApoOcs4YeDgEyjW2BinOKZQhJ_SzhlCIks5vLzzRgaJpZM4aJ3ae).
|
@altmarkets Kinda funny how you refounded coins without any value at all and same day all admins left the discord and all channels was fucked up with all connection been removed. You exit scammed and blame others. |
how did we exit scam you fucking idiot, if we did we wouldn't be here now, we also refunded btc, doge and x42 too, no admins left the discord we are still there. believe what you want to believe and have a nice day. P.S. its refunded* |
What. We refunded, all the TX ID's are public too, All admins were not removed - we're still online, active within the discord. Stop going on about something you clearly have no idea about, as i said - join the discord, contact us - we'll show you we have full transparency. |
Great word vocabulary, using "fucking idiot". Thats a proof that you are afraid as you wouldnt have left the discord and fucked all channels up same day as it happend. Keep up with your bullshit and good luck with your 2nd scam project at same domain. |
I'm the guy as in the movies.... sitting in the corner.... seems like he's reading a newspaper.... don't see the face.... never say a word...... but listens. |
And i'm his brother. Drunk. At the bar. |
let's see what happens with altmarkets.io this time........ altmarkets.cc listed me for 3 days and I paid a bit but still..... I really would like to hope we were wrong. But I just can't believe it. |
Because I asked them to list my new coin, and they insulted me. |
We're the normal people - above you. Thinking, he's back look. |
lollll |
yeah I should retire |
and play pokemon |
People do realise that your talking to yourself right, you need to look into that. It's an issue. People know LightningCash and Imerium are from the same 'developer'. You paid $35 to list a coin (which is no longer functional) , that was via .cc also we refused to list your new coin - you also pretended to be "CIA" - need to grow up a little and move along. |
Hi, @jonn4y @altmarkets, I want to start my own crypto exchange, I gave a try on opentrade and I guess it's easy to set up. but this hack things and vulnerabilities in code maybe big issue. You guys said opentrade code has security vulnerabilities but you did not revealed where, also did not explore your hack story how exactly it was hacked? I know you opentrade guys are intelligent and honest while we all here are idiots but if you explain what exactly happen dev may fix that bug and this code maybe usable for all. You guys are hard coders and 3s3s is noob but please let all know how exchange was hacked and help 3s3s fix bugs you found or your external experts who also must be more smarter and intelligent than you. Thank You. |
What are you stupid or something? is this thing hackable ? I am about to dos the entire universe! Can u haz my bitcoin or what? It's not like someone deleting all teamspeak channels or anything like that would mean consipiracy or abuse from staff? So are staff compliant or no? |
Where is the sql portion is this thing needing sql or not? how can sql injection? |
Hello
We have been the victim of add balance for Bitcoin and Litecoin in wallet of the exchange platform but no deposit for the Bitcoin or Litecoin on servers.
At all 100 Litecoin and 200 Bitcoin. We are trying to retrieve the IP address of the user.
But there was no balance for withdrawals. We lanching Exlly in 2019.
we have deactivated withdrawals and we are currently sending emails to users with real funds to withdraw them.
we will close the platform.
It is urgent to fix this problem in the source code or to warn that the code is hacked.
https://exlly.com/
The text was updated successfully, but these errors were encountered: