PSA - Do not use Etherscan for Now - Possible XSS Exploit

in #ethereum6 years ago

Etherscan is a popular website to browse your tokens and ethereum sends. Today there was some announcements.

Seems its not that big of a deal but i would suggest to stay away from the site for now esp if you use Metamask.

My Official Discord Crypto/Steemit Group - https://discord.gg/Ma3VCxj

Follow, Resteem and VOTE UP @kingscrown creator of http://fuk.io blog for 0day cryptocurrency news and tips!

Sort:  

Scams everywhere...

@kingscrown thank you so much for updating with these scams things...

So this is a vulnerability on Disqus. Not so much on Etherscan. Any site which uses the Disqus comment box might be vulnerable. The fact that the hacker just do a JavaScript alert message instead of running a silent script probably indicate that they just want to prove a point and not out to do serious damage. Just my 2 cents

Posted using Partiko Android

Thanks for the alert, better to stay off for a few days.

So it's possible that they might have or push us..just by opening Etherscan to see our ETH and erc20 token balance...

Is it affecting MEW?

Any news???

Thanks for the heads up. Where did you first hear about this?

@kingscrown Thanks Sir Share information .

To the person who brought this issue to light, they should have notified the appropriate people. But at least the initial demonstration of the existence of the vulnerability was not malicious.