Bitcoin Forum
October 31, 2024, 11:20:16 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Odd behaviour in Exodus Wallet  (Read 207 times)
chrusso (OP)
Member
**
Offline Offline

Activity: 134
Merit: 10


View Profile
January 05, 2023, 04:16:36 AM
Merited by NotATether (4)
 #1

I'm using Exodus wallet. About 3 days ago, I've found that my USDC wallet has multiple 0 value SEND transactions...

like this:



In the block explorer it looks like this:

https://etherscan.io/tx/0xf96d916f4c9d82439e9ff9d443740e5d1848abc81e779d6fc92930167813d2c1
https://etherscan.io/tx/0xfba8fac3d18091415a7c2b1ae8ffe2b2fdf47b92dc06242f22672fcac4cc3f22
https://etherscan.io/tx/0x12a4ccca713a91346f413ef6e789b2dff04c7f91a29f1c97489b77d8fe390543

2 of these transactions are marked as:

"From: 0xe7b56351eec08699848fd317b2a2bfcfb1a9933c (Fake_Phishing7828)"

Does anyone know what is happening here? Should I worry?

Thanks and happy new year!!
Chris
Edwardard
Hero Member
*****
Offline Offline

Activity: 1050
Merit: 681



View Profile WWW
January 05, 2023, 06:04:28 AM
 #2

I'm using Exodus wallet.
Why dont you use more reputable ones like electrum (for BTC), metamask (for alts), etc.
Just saw an article regarding exodus:
Cons: Easily Hacked – The Exodus software wallets can be easily hacked, and most users may lose funds if the device gets attacked by keyloggers or malware.

Does anyone know what is happening here? Should I worry?
Do you have any balance in your wallet? Not sure why a zero value transaction occured in your case, but I'd immediately transfer funds to another safe address(controlled by me) if I suspected such activity.

Alternatively, just get a hardware wallet to store your precious cryptos.
hosseinimr93
Legendary
*
Offline Offline

Activity: 2576
Merit: 5658



View Profile
January 05, 2023, 07:43:35 AM
Merited by ABCbits (1), PX-Z (1), Edwardard (1)
 #3

The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Watch out for this NEW TransferFrom Zero Transfer Scam!
I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
hugeblack
Legendary
*
Offline Offline

Activity: 2688
Merit: 3951



View Profile WWW
January 06, 2023, 09:40:43 AM
Merited by hosseinimr93 (1)
 #4

The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.

Watch out for this NEW TransferFrom Zero Transfer Scam!
I got scammed out of 100000 dollars by fake 0 dollars withdrawal on BSC
Thanks for clarifying what happened. So in short, it's transferFrom function with Zero amount to any address and thus doesn't need pvtKey.

It is strange that scams evolve like this, but it is better to send an email to Exodus developers to fix such *bug*. All they need is to hide transactions with zero balance, just as explorers should do, so why wasn't such a solution implemented?!

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
hosseinimr93
Legendary
*
Offline Offline

Activity: 2576
Merit: 5658



View Profile
January 06, 2023, 03:21:54 PM
 #5

It is strange that scams evolve like this, but it is better to send an email to Exodus developers to fix such *bug*.
I don't call it a bug. As you said, it's the problem with how transferFrom function work. Such transactions are valid, according to those altcoins rules and explorers show them.
In bitcoin, we have a dust limit which doesn't allow broadcasting zero transactions even if you own the private key, but that's not how those shitcoins work and therefore, that's not explorers or wallet providers fault.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7532


Playgram - The Telegram Casino


View Profile
January 09, 2023, 11:24:59 AM
 #6

Do you have any balance in your wallet? Not sure why a zero value transaction occured in your case, but I'd immediately transfer funds to another safe address(controlled by me) if I suspected such activity.
There is no reason to do that. OP can't have his coins stolen in that way. Think about it: If a hacker/scammer had access to your wallet and could steal your coins, would they take everything you have, or would they make silly 0-value transactions? I am sure you know the answer to that question.

The scammers create similar looking addresses. They match in the first and last couple of characters. The idea is to trick the person into copying the wrong address from their transaction history instead of going about it the correct way. If you use the send/addresses/receive tabs the way they were intended, and not copy addresses from transaction histories or block explorers you would have nothing to worry about.   

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
PX-Z
Hero Member
*****
Online Online

Activity: 1624
Merit: 964


pxzone.online


View Profile WWW
January 10, 2023, 08:49:45 AM
 #7

The problem isn't from Exodus wallet. The problem is with the smart contracts that allow sending 0 tokens without owning the private key.
Visit the following topics. The same thing has been already reported on TRON blockchain and Binance smart chain.
Shit, looks like this is a need to fix on those shitty smart contracts where zero amount transfer should not be allowed.
I just checked the USDC and USDT smart contract on its previous' transfers[1][2] after reading this thread and there are lot of them transactions with zero amount with a label of Fake_PhishingXXXX

[1] https://etherscan.io/token/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
[2] https://etherscan.io/token/0xdac17f958d2ee523a2206206994597c13d831ec7

NotATether
Legendary
*
Offline Offline

Activity: 1778
Merit: 7354


Top Crypto Casino


View Profile WWW
January 12, 2023, 07:17:58 PM
 #8

I'm using Exodus wallet.
Why dont you use more reputable ones like electrum (for BTC), metamask (for alts), etc.
Just saw an article regarding exodus:
Cons: Easily Hacked – The Exodus software wallets can be easily hacked, and most users may lose funds if the device gets attacked by keyloggers or malware.

It's written in Electron, which itself is just streamlined Chromium, so I'm not surprised by this at all.

Wallet software should be as small and minimal as possible to minimize the attack surface. That's why most wallets are written in C/C++ and Java.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
JeromeTash
Legendary
*
Offline Offline

Activity: 2324
Merit: 1258


Heisenberg


View Profile
January 14, 2023, 09:18:00 AM
 #9

It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field" This will help easily identify the fake transactions and avoid one from copying the phishing addresses from the wallet transaction history

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.

█████████████████████████
██
█████▀▀███████▀▀███████
█████▀░░▄███████▄░░▀█████
██▀░░██████▀░▀████░░▀██
██▀░░▀▀▀████████████░░▀██
██░░█▄████▀▀███▀█████░░██
██░░███▄▄███████▀▀███░░██
██░░█████████████████░░██
██▄░░████▄▄██████▄▄█░░▄██
██▄░░██████▄░░████░░▄██
█████▄░░▀███▌░░▐▀░░▄█████
███████▄▄███████▄▄███████
█████████████████████████
.
.ROOBET 2.0..██████.IIIIIFASTER & SLEEKER.██████.
|

█▄█
▀█▀
████▄▄██████▄▄████
█▄███▀█░░█████░░█▀███▄█
▀█▄▄░▐█████████▌▄▄█▀
██▄▄█████████▄▄████▌
██████▄▄████████
█▀▀████████████████
██████
█████████████
██
█▀▀██████████████
▀▀▀███████████▀▀▀▀
|.
    PLAY NOW    
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7532


Playgram - The Telegram Casino


View Profile
January 14, 2023, 09:31:41 AM
 #10

It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field" This will help easily identify the fake transactions and avoid one from copying the phishing addresses from the wallet transaction history
There is an even better way. Don't copy anything from your transaction history when you are sending and receiving crypto. Congratulations! You have just upgraded your security. Wink

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.
The wallet or blockchain explorer could have a button to hide all 0-value transactions. That would get rid of this scam from popping up in front of your eyes. Blockchain explorers already tag these schemes as scams and malicious attempts. At least on Tron they do. 

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
joniboini
Legendary
*
Offline Offline

Activity: 2366
Merit: 1805



View Profile WWW
January 15, 2023, 08:30:17 AM
 #11

It's why I like wallets like electrum, which let you add some personal notes like the name of the address you are sending funds to in the "Description field"
The address book/contact feature is really helpful. Sadly not every wallet has it, and not everyone uses it either. I don't know why but I found some users still copy-paste addresses from their transaction history or blockchain explorer. I don't think it's convenient at all unless their wallet is really terrible and has no built-in feature for copying addresses. CMIIW.

Also, the so-called blockchains are really fucked up and half-baked. How they have worked on the solution since the bug was discovered is still beyond my understanding.
The wallet or blockchain explorer could have a button to hide all 0-value transactions. That would get rid of this scam from popping up in front of your eyes. Blockchain explorers already tag these schemes as scams and malicious attempts. At least on Tron they do. 
Does that mean they don't plan on solving the 'bug' that allows address poisoning to happen in the first place? Improving blockchain explorer sounds good but I would rather stop using a network that allows a bug like this to exist in the first place.

▄▄███████████████████▄▄
▄███████████████████████▄
████████▀░░░░░░░▀████████
███████░░░░░░░░░░░███████
███████░░░░░░░░░░░███████
██████▀░░░░░░░░░░░▀██████
██████▄░░░░░▄███▄░▄██████
██████████▀▀█████████████
████▀▄██▀░░░░▀▀▀░▀██▄▀███
███░░▀░░░░░░░░░░░░░▀░░███
████▄▄░░░░▄███▄░░░░▄▄████
▀███████████████████████▀
▀▀███████████████████▀▀
 
 CHIPS.GG 
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
███▀░▄░▀▀▀▀▀░▄░▀███
▄███
░▄▀░░░░░░░░░▀▄░███▄
▄███░▄░░░▄█████▄░░░▄░███▄
███░▄▀░░░███████░░░▀▄░███
███░█░░░▀▀▀▀▀░░░▀░░░█░███
███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░██
▀███
░▀░▀▄██▀░▀██▄▀░▀░██▀
▀███
░▀▄░░░░░░░░░▄▀░██▀
▀███▄
░▀░▄▄▄▄▄░▀░▄███▀
▀█
███▄▄▄▄▄▄▄████▀
█████████████████████████
▄▄███████▄▄
███
████████████▄
▄█▀▀▀▄
█████████▄▀▀▀█▄
▄██████▀▄▄▄▄▄▀██████▄
▄█████████████▄████████▄
████████▄███████▄████████
█████▄█████████▄██████
██▄▄▀▀▀▀█████▀▀▀▀▄▄██
▀█████████▀▀███████████▀
▀███████████████████▀
██████████████████
▀████▄███▄▄
████▀
████████████████████████
3000+
UNIQUE
GAMES
|
12+
CURRENCIES
ACCEPTED
|
VIP
REWARD
PROGRAM
 
 
  Play Now  
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7532


Playgram - The Telegram Casino


View Profile
January 15, 2023, 09:10:33 AM
 #12

Does that mean they don't plan on solving the 'bug' that allows address poisoning to happen in the first place?
I have no idea what they are planning. It's a bug or actually a feature of a network smart contract. Once such a contract is released, I don't think it can be taken offline. Tron isn't decentralized like Bitcoin, but you still shouldn't expect that someone out there would/should have the possibility to remove certain network capabilities they don't like.

Fraudsters are using those zero-value transactions as scam attempts, but there are surely other genuine reasons and use cases why such an option exists. Changing it could affect people who aren't abusing it. This is just guesswork btw.

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!