Title: [RESOLVED] Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: Mallyx on February 26, 2020, 03:56:03 PM Resolved here: https://bitcointalk.org/index.php?topic=5228661.msg53954607#msg53954607
Archive of that thread: http://web.archive.org/web/20200303104953/https://bitcointalk.org/index.php?topic=5228661.0&all= Archive of the official thread: http://web.archive.org/web/20200303105444/https://bitcointalk.org/index.php?topic=5226563.0&all= tldr; 1. I accused them to send the users privatekeys to the server. 2. They goes to maintenance mode, then back online. 3. It seem they resolved the issue. Accusation: Bitherium claim to be a full decentralized exchange, but your private key and password are sent plaintext to the server. Proof: You can try by yourself, but here a screenshot of the XHR POST request when you create an account: https://i.imgur.com/qgZS9l2.png And when you want to unlock your wallet: https://i.imgur.com/sbIJQUh.png Obliviously, everything is managed server-side. A token is bind to you. It mean that your private key remain on the server somehow: https://i.imgur.com/pZo9sZG.png Other red flags:
Official thread: https://bitcointalk.org/index.php?topic=5226563.0 Title: Re: Bitherium.cc not a full decentralized exchange Post by: Jawhead999 on February 26, 2020, 04:54:28 PM Domain : bitherium.cc
Registrar : DYNADOT, LLC Registered On : 2019-04-05 Expires On : 2020-04-05 Updated On : 2020-02-25 Status : clientTransferProhibited Name Servers : liv.ns.cloudflare.com mario.ns.cloudflare.com I using this site to find the WHOIS https://www.whois.com/whois/bitherium.cc https://i.ibb.co/CwkBcz3/Screenshot-158.png (https://ibb.co/j8chNTP) I also don't understand about his invest plan, it's like a certain level to earn more profit. Maybe a ponzi? But I'm not sure.. just my suspicion Title: Re: Bitherium.cc not a full decentralized exchange Post by: matejbilahora on February 27, 2020, 09:30:55 AM Well this is going to be interesting. I knew it is scam from the first moment I have seen it. Too much nice talk about it and not much proof about who is who. That paper from Seychelles Certificate of Incorporation can be faked.
Title: Re: Bitherium.cc not a full decentralized exchange Post by: notblox1 on February 27, 2020, 11:01:32 AM Great work OP
This is multiple way scam. Now I expect to see their clown account to come here and write a bunch of stupid things Title: Re: Bitherium.cc not a full decentralized exchange Post by: watergold on February 27, 2020, 03:41:51 PM It turns out that there are still many scamers who continue to commit fraud and that is the average claiming to be a fully decentralized exchange, even though they want to find users by importing their private that has been saved by scamer. This is an extraordinary catch in my opinion.
Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: bitherium.cc on February 27, 2020, 05:08:44 PM Hello Bitcointalk,
It took a little longer because we had to reconstruct and evaluate things first. To the allegations We never have and will never collect or keep private keys from wallets. Some users seem to be trying hard to spread fud, thanks for that. However, we do not accept any dubious offers from you to receive positive fake posts here in Bitcointalk. We are a hard working project. We do not need this and will not respond to your offers. If we were Scammers, we wouldn't program Dex. We would also not be transparent in our external communication. All accusations are nothing more than accusations and defamations We are completely in the development phase. Deposits and withdrawals are deactivated. Here you can see that we are working on the development of our smart contract (which is not yet finished): https://ropsten.etherscan.io/address/0x8b1c480428038e93f9e99fc9e34194a5f4c1fc60#code The accusations that the privatekey is read by users completely invented. This screenshot only shows that the user can see his own private key in his own browser session! Here is a report from our developer team: https://i.imgur.com/2nnnhD9.png https://i.imgur.com/oQJLrf1.png The consequences: We will immediately end the ability to create wallets directly about our exchange. We will add a link to MyEtherWallet with a note on creating a Keystore wallet. Now we are on the next topic We immediately end the possibility that the user can log in to us with his private key. It only works with the metamask, Keystore file and we will work on it to connect to the general ledger. Thanks a lot for this organized, negative campaign it made sure that we will make bitherium even safer. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on February 27, 2020, 06:05:47 PM Here he is with his feelings hurt now....oh poor little clown worried about imagined evil 'campaign' against their circus.
It would also be good to learn proper English language when you write, but it will not help you. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: bitherium.cc on February 27, 2020, 06:49:22 PM Here he is with his feelings hurt now....oh poor little clown worried about imagined evil 'campaign' against their circus. It would also be good to learn proper English language when you write, but it will not help you. Thank you very much for your non constructive and totally useless post. Your words are saying much more about you now. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on February 27, 2020, 08:19:15 PM Thank you very much for your non constructive and totally useless post. Your words are saying much more about you now. Your actions and lies say much more about you. You can use your private key, keystore file, metamask to log into our exchange, just like every decentralized exchange offers this login, similar to myetherwallet. We can't collecting or saving anything from this details. Our hired developer company got questions about security and we will inform you as soon as possible. If dev company have created any security issues we will publish their name immediately. For now it looking like the users can see their own private keys only in their own web browser and the exchange only authorize them. We never have and will never collect or keep private keys from wallets. Some users seem to be trying hard to spread fud, thanks for that. However, we do not accept any dubious offers from you to receive positive fake posts here in Bitcointalk. We are a hard working project. We do not need this and will not respond to your offers. If we were Scammers, we wouldn't program Dex. We would also not be transparent in our external communication. All accusations are nothing more than accusations and defamations The accusations that the privatekey is read by users completely invented. We immediately end the possibility that the user can log in to us with his private key. It only works with the metamask, Keystore file and we will work on it to connect to the general ledger. Why did you stop your shit if everything is 'invented' ? Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: Mallyx on February 27, 2020, 08:33:48 PM The screens are only showing the XHR request with all the data, that was sent to the server. The data contain your private key, password.
On most browsers it's easy to track the network activities. Not even technicaly speaking, a real DEX just don't need your private key. It only need your sign to commit an action to the blockchain. The smartcontract do the job. 1. You send the private key to the server. 2. Then you identify the user though a token to commit an order (like buying), which mean that the private key is stored server-side. It's not how work a DEX. https://i.imgur.com/O8zP1n6.jpg ;) Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on February 27, 2020, 09:10:04 PM they're both stupid or just retarded, or both ??? ??? ???
They both got too little love ? He has stated that the exchange is currently development phase and a decentralized smart contract is in development progress Don't you understand what that statement means? that it was a hybrid exchange before and everything went well they make themselves completely ridiculous ::) ::) ::) ::) ::) ;D Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: Mallyx on February 28, 2020, 07:45:57 AM I can understand that the platform is in a beta stage.
No DEX wallet needs anyway to send your private keys to the server, even for a check. That's a major failure, or a scam attempt. Plenty libs exists to handle that client side though Javascript (eg. https://github.com/nakov/client-side-ethereum-wallet). If you show honesty and fix that issue, I'll remove my complaint. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on February 28, 2020, 10:45:34 AM Now among adults and developers,
Have you ever tried to contact this project? to find out if this company actually wants to cheat or whether there was a technical problem or whether there was a problem at all? A company works for this project they are in the process of optimizing some things. Privatekey login is completely deactivated. Not because of the Exchange but because it is a danger for the user to have the Prvatekey on the computer. This Guys have also completely outsourced the creation of wallets. You are wrong if you say there is a scam. Think about it before you say these things and it would have been professional to contact the project first, they are fighting for the same thing as you 1 Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on February 28, 2020, 11:38:29 AM You are insulting people here,
and the way you are speaking it is obvious you are same person as your other account bitherium.cc registered yesterday ::) Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: bitherium.cc on February 28, 2020, 07:24:22 PM I can understand that the platform is in a beta stage. No DEX wallet needs anyway to send your private keys to the server, even for a check. That's a major failure, or a scam attempt. Plenty libs exists to handle that client side though Javascript (eg. https://github.com/nakov/client-side-ethereum-wallet). If you show honesty and fix that issue, I'll remove my complaint. Hello Mallyx, As we told you before, our exchange is in the test phase. Some things have not been checked yet or implemented. The fact is that you could see your own private key but only in your own browser - in your session. You were just faster than we were. Now we implemented encryption. The other thing is that you accused us of collecting / storing private keys. There is a difference between checking in in the backend or frontend and saving a private key. A private keys was never stored. We can assure you of that. We evaluated all bitcointalk feedback in the past few days and our developers had to answer questions and provide evidence. I would also like to thank you for your indirect help. Based on your campaign, we checked again if the availability of log in with private keys makes sense for users. And after lot of talks we decided to turn it off regardless of whether the validation in the front end is carried out via web3.js and thus externally. Instead of that option we are working to ensure that the user can soon log in with their Ledger hardware wallet. For security reasons, we also decided that the users be only able to create their wallets externally, to dispel any doubts. Another note for you. Before we open our exchange for trading, the code will be checked by 2 independent companies. If you have any further comments or concerns, please let us know at info@bitherium.cc or join our telegram (https://t.me/bitherium_cc) channel and we can talk more about the project. -The Bitherium team https://i.imgur.com/Lrzyx5l.jpg https://i.imgur.com/qEyFeqW.jpg https://i.imgur.com/L1TKSiY.jpg Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: TryNinja on February 28, 2020, 07:33:45 PM As we told you before, our exchange is in the test phase. Some things have not been checked yet or implemented. The fact is that you could see your own private key but only in your own browser - in your session. You were just faster than we were. Now we implemented encryption. That's a lie. The page was sending a POST request with the private-key and its password in plain-text to your server. If you saved the private-key or not, that's something we can not confirm since it was handled by your server, and we do not have access to it. But saving it was as simple as taking the body data from the request and saving them anywhere you wanted. So it was definitely possible. Do not lie saying this data was handled in the client, on his own browser, because it was NOT. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: bitherium.cc on February 28, 2020, 07:58:31 PM As we told you before, our exchange is in the test phase. Some things have not been checked yet or implemented. The fact is that you could see your own private key but only in your own browser - in your session. You were just faster than we were. Now we implemented encryption. That's a lie. The page was sending a POST request with the private-key and its password in plain-text to your server. If you saved the private-key or not, that's something we can not confirm since it was handled by your server, and we do not have access to it. But saving it was as simple as taking the body data from the request and saving them anywhere you wanted. So it was definitely possible. Do not lie saying this data was handled in the client, on his own browser, because it was NOT. We will explain it once more now. In our test phase we sent the private key to the backend to check it (through web3.js) if is valid or not. And because we had no encryption at the time, this event occurred. We presented everything transparently and above all we changed all what you wanted. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: TryNinja on February 28, 2020, 08:03:27 PM We will explain it once more now. In our test phase we sent the private key to the backend to check it (through web3.js) if is valid or not. And because we had no encryption at the time, this event occurred. We presented everything transparently and above all we changed all what you wanted. Exactly. You were sending it to your backend. Like I said, if you were only checking if its valid or saving them, it's not up for me to say. A DEX would not need any of these to reach the backend after all.But your answer was: The fact is that you could see your own private key but only in your own browser - in your session. You were just faster than we were. Now we implemented encryption. The accusations that the privatekey is read by users completely invented. This screenshot only shows that the user can see his own private key in his own browser session! The bolded part is a lie. If it reached your backend, you could supposedly have seen it all and saved them. If you admitted it was sent to the backend, then how is it only on the browser session? Again, if you saved or not, we can't know. But you COULD have been saving them. That's the point of OP's thread.Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on February 28, 2020, 08:14:13 PM Don't answer anymore.
You did everything you could. It looks like these people are not about security, but just portraying you as a scam to get attention forget it ::) ::) ::) ::) Honest A blind man sees that there is no fraud here If this project wanted to scam, they would have implemented encryption beforehand and not afterwards, really hard to read Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: bitherium.cc on February 28, 2020, 08:23:43 PM We will explain it once more now. In our test phase we sent the private key to the backend to check it (through web3.js) if is valid or not. And because we had no encryption at the time, this event occurred. We presented everything transparently and above all we changed all what you wanted. Exactly. You were sending it to your backend. Like I said, if you were only checking if its valid or saving them, it's not up for me to say. A DEX would not need any of these to reach the backend after all.But your answer was: The fact is that you could see your own private key but only in your own browser - in your session. You were just faster than we were. Now we implemented encryption. The accusations that the privatekey is read by users completely invented. This screenshot only shows that the user can see his own private key in his own browser session! The bolded part is a lie. If it reached your backend, you could supposedly have seen it all and saved them. If you admitted it was sent to the backend, then how is it only on the browser session? Again, if you saved or not, we can't know. But you COULD have been saving them. That's the point of OP's thread.We would not say "lie" but "not true". Yes, that was the first reaction (of social media manager) we thought is right, we should have examine it at first. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on February 29, 2020, 01:42:52 AM I created a red Flag for bitherium.cc:
https://bitcointalk.org/index.php?action=trust;flag=1415 Everything said and showed in this thread is enough for everyone. Their other advocate account criticalknow should also be tagged: https://bitcointalk.org/index.php?action=profile;u=2771296 Don't answer anymore. You did everything you could. It looks like these people are not about security, but just portraying you as a scam to get attention forget it ::) ::) ::) ::) Honest A blind man sees that there is no fraud here If this project wanted to scam, they would have implemented encryption beforehand and not afterwards, really hard to read Now among adults and developers, Have you ever tried to contact this project? to find out if this company actually wants to cheat or whether there was a technical problem or whether there was a problem at all? A company works for this project they are in the process of optimizing some things. Privatekey login is completely deactivated. Not because of the Exchange but because it is a danger for the user to have the Prvatekey on the computer. This Guys have also completely outsourced the creation of wallets. You are wrong if you say there is a scam. Think about it before you say these things and it would have been professional to contact the project first, they are fighting for the same thing as you 1 they're both stupid or just retarded, or both ??? ??? ??? They both got too little love ? He has stated that the exchange is currently development phase and a decentralized smart contract is in development progress Don't you understand what that statement means? that it was a hybrid exchange before and everything went well they make themselves completely ridiculous ::) ::) ::) ::) ::) ;D Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on February 29, 2020, 08:29:50 AM Again my question, are you retarded? ::)
or just a poor unemployed troll with no schooling who wants to earn pocket money here now? This is a question. Hopefully you understand the difference between a question and an accusation. No, you don't understand that. But you could really perform in the circus, we laughed a lot Oh my God . We can't get out of laughing. :D :D :D In summary: we are neither related nor the same person That is also a pure claim. Next I am Batman and the social media manager is Robin and therefore a black flag is raised In fact, your entire campaign was designed from the start to spread only fud and negative publicity against the project. All I've read so far has been accusations or unsubstantiated claims First, you say that there is a private key leak Where? When you see your own, where's the leak? Then you claim that private keys are collected or stored These are nothing but statements without evidence The best thing about this smear comedy That you all supposedly know how all decentralized exchanges work. And you confirm that all decentralized exchanges work the same way It is your dream of a decentralized exchange You do not know whether the validation takes place in the backend or frontend. And you also have no right to tell others how their exchange should work It would be like telling you how to drink your coffee. And even though you haven't done anything other than accusing and blaming the whole time, the project responded appropriately to you and disclosed everything But that was never your intention to do anything good as you can easily see. The real scam is knowingly harming someone else by making false claims But you will not be successful with this because luckily the project was able to clear everything up. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on February 29, 2020, 02:53:40 PM @criticalknow
You emerged from your egg few days ago and you can't stop to lie and produce crap from your mouth. You are advocate of bitherium.cc scam and thief like they are Deleted criticalknow post: http://loyce.club/archive/posts/5393/53936987.html Quote Hello Mallyx, I have read some of your French posts and found that you are not a troll. I also don't think you are a fud creator Be so far-sighted and end this comedy. The Bitherium project is in the development phase and has done everything necessary to change the things you want. This project is no less bad than you Please end your complaint You have signaled to end this senseless campaign The team also invited them to discuss other possible things. In my opinion everything has been corrected end this drama Thank You Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on March 01, 2020, 03:18:54 PM @criticalknow You emerged from your egg few days ago and you can't stop to lie and produce crap from your mouth. You are advocate of bitherium.cc scam and thief like they are Deleted criticalknow post: http://loyce.club/archive/posts/5393/53936987.html Quote Hello Mallyx, I have read some of your French posts and found that you are not a troll. I also don't think you are a fud creator Be so far-sighted and end this comedy. The Bitherium project is in the development phase and has done everything necessary to change the things you want. This project is no less bad than you Please end your complaint You have signaled to end this senseless campaign The team also invited them to discuss other possible things. In my opinion everything has been corrected end this drama Thank You You saw well, but since you have little intelligence and don't understand why I deleted it, we'll leave it at that. Leave everything here. Everyone should see this campaign You will see where it takes you both to spread falsehoods ! Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: Mallyx on March 01, 2020, 03:33:41 PM The site is back online.
Will check soon if the issue has been resolved and if they are now operate as a real DEX (=cryptographics stuff is managed by the client). Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on March 01, 2020, 03:55:19 PM Maybe you should just visit the Telegram channel
There you can directly reach the founder. I want to make a note It is a small team. However, all work is carried out by an external company and if you have any suggestions for improvement for the future, visit the channel The founder can then forward your suggestions and ideas directly to the company via the official route. If you really help and pursue the same goal, you are very welcome there But if you only want to put the project in a negative light, please wait until the project has been checked by two other companies and the exchange has been released for trading. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: Mallyx on March 01, 2020, 07:41:27 PM Maybe you should just visit the Telegram channel There you can directly reach the founder. I want to make a note It is a small team. However, all work is carried out by an external company and if you have any suggestions for improvement for the future, visit the channel The founder can then forward your suggestions and ideas directly to the company via the official route. If you really help and pursue the same goal, you are very welcome there But if you only want to put the project in a negative light, please wait until the project has been checked by two other companies and the exchange has been released for trading. Not point to speak. If you now operate as a DEX should be, I will remove my complaint. Else I will keep showing proof of inegibility. It's best for you to comply with you own engagements. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on March 01, 2020, 08:23:48 PM Maybe you should just visit the Telegram channel There you can directly reach the founder. I want to make a note It is a small team. However, all work is carried out by an external company and if you have any suggestions for improvement for the future, visit the channel The founder can then forward your suggestions and ideas directly to the company via the official route. If you really help and pursue the same goal, you are very welcome there But if you only want to put the project in a negative light, please wait until the project has been checked by two other companies and the exchange has been released for trading. Not point to speak. If you now operate as a DEX should be, I will remove my complaint. Else I will keep showing proof of inegibility. It's best for you to comply with you own engagements. I tried to explain it to you The founder wants the same thing as you He places an order with a blockchain company and that company does the job The question now is how this company does its job To make sure everyone is safe, a 2 and 3 company should review the entire project before it is actually released This was planned from the beginning and is still being carried out, but the project is not yet complete The transition from a hybrid to a decentralized exchange is not yet complete. (Creation of Smartcontract) As I said, the founder was actually grateful for this tip. But he actually thought that your criticism can only be explained because the project has not yet been reviewed and completed. When the founder heard your criticism, he directly minimized the risk of his exchange. Registration with a private key has been completely prohibited, even if it can be validated in the frontend and he directly ordered that wallets should only be created externally and that the ledger login should be added He had invited you at any time and you could have directed your questions directly to the developer. Thank you for your feedback ! Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on March 01, 2020, 10:06:48 PM It is sad to see how criticalknow is invested in this topic.
It makes you wonder why... I am calling more DT members to check out this topic. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: criticalknow on March 01, 2020, 10:27:39 PM It is sad to see how criticalknow is invested in this topic. It makes you wonder why... I am calling more DT members to check out this topic. Do you know what is sad that they have no expertise You are a follower who only tries to attract attention You have not yet expressed anything constructive Allegations only without evidence When you're so sure of what you're saying Please provide your real name and we will both have everything checked legally Is this a fair offer? Keep in mind that we are currently logging all of this information about your lies, allegations and fud You don't even notice that you are completely affecting the credibility of Mallyx. By now we all believe that you are the same person Domain name: BITCOINTALK.ORG Registration domain ID: D162601474-LROR Registrar WHOIS server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated on: 2019-11-24T14: 01: 10Z Creation Date: 2011-06-24T05: 19: 00Z Registration expiration date: 2029-06-24T05: 19: 00Z Registrar registration expiration date: Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar abuse contact email: abuse@namecheap.com If you think you are safe behind your PC A letter from a lawyer to Namecheap with all the information I've gathered here and we know the domain owner After that everything goes very quickly, trust me Disclosure of your IP data and email address Internet provider query The same applies to Mallyx This conversation will not be continued here, but will be recorded and followed up in any case. ;) Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: notblox1 on March 02, 2020, 12:09:48 AM Keep in mind that we are currently logging all of this information about your lies, allegations and fud Oh no sir. I am so scared now, what am I going to do? :( If you think you are safe behind your PC A letter from a lawyer to Namecheap with all the information I've gathered here and we know the domain owner After that everything goes very quickly, trust me Disclosure of your IP data and email address Internet provider query The same applies to Mallyx This conversation will not be continued here, but will be recorded and followed up in any case. ;) Oh my.... Clown criticalknow is threatening to expose us all. Lawyer army is ready. I am so scared... Everyone run and hide... ::) and we know the domain owner Oh, and one more thing...Who is this WE? Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: GazetaBitcoin on March 02, 2020, 08:14:31 AM Who is this WE? I had the same question (https://bitcointalk.org/index.php?topic=5217273.msg53597266#msg53597266) towards TOAA, at some point. In that case, and also in this case, I think the answer given by nullius is the best: Quote My guess: Something related to the earlier origin of the term “Sybil” (https://en.wikipedia.org/wiki/Sybil_(Schreiber_book)), as later used in the term “Sybil attack”. What do you think? :) Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: nutildah on March 02, 2020, 12:42:43 PM If you think you are safe behind your PC A letter from a lawyer to Namecheap with all the information I've gathered here and we know the domain owner After that everything goes very quickly, trust me Disclosure of your IP data and email address Internet provider query The same applies to Mallyx This conversation will not be continued here, but will be recorded and followed up in any case. ;) Nope. You would need a court order issued in the U.S. for this information to be released. As far as I know, theymos has only complied with the most serious of law enforcement requests involving the investigation of major, federal crimes. Exposing a fake DEX for having a shitty backend does not fall into this category. What's far more likely is he would tell your lawyer to go fuck themselves. If you now operate as a DEX should be, I will remove my complaint. Else I will keep showing proof of inegibility. It's best for you to comply with you own engagements. Waiting to hear your next review. Even if the exchange did fix their problems, I still would not trust it until the smart contract which interacted with Metamask or whatever was thoroughly scrutinized. Title: Re: Bitherium.cc not a full decentralized exchange - PrivKey leaks Post by: Mallyx on March 03, 2020, 10:48:13 AM Hello,
I did my investigation since the exchange is now back online. I can say that the privatekeys are not sent anymore to the server. Every cryptographic stuff seems to be handled by the webclient. You can now connect only by MetaTask or a Keystore file. The wallet generation is now through MEW. Here the page to connect: http://web.archive.org/web/20200303094050/https://dex.bitherium.cc/unlock_wallet And the script that is sending data to the server: http://web.archive.org/web/20200303103619/https://dex.bitherium.cc/resources/assets/front/pageJS/unlock_wallet.js You can notice that the old AJAX functions (importKey_old() & importKeystore_old()) that were used to send the privatekeys to the server are still here (but seems not used anymore). To me the case is resolved as they reworked the scripts to operate as a real DEX. What now for Bitherium.cc ? Maybe stop insulting peoples (they are your users), stop creating shill accounts & remove the old functions. That is my statement. I can't say if they are or will be honest, or if I missed something. It's to them to show proof of solvency from now. Archive of that thread: http://web.archive.org/web/20200303104953/https://bitcointalk.org/index.php?topic=5228661.0&all= Archive of the official thread: http://web.archive.org/web/20200303105444/https://bitcointalk.org/index.php?topic=5226563.0&all= |