So as Anons found in the previous threads, there is in fact at least one private group that is using the code storage vulnerability to transfer out Chainlink from hardware wallets.
>What is this exploit? There's a security layer in LINK's source code that deals with storage ticks. Basically, even in cold storage where they're untouched, there's a cache protocol that will occasionally ping public wallet addresses to verify their contents. Unfortunately, LINK has a slightly different version of this protocol in order to make micro-pings for staking purposes. Most staking rewards are going to be really small transfers, so the LINK devs lowered the tick rate for these pings. However, if you're using a hardware wallet, your storage is operating at the NORMAL tick rate, creating a cache gap where someone can use an SLQ% injection to gain access to your wallet. There's already been many posts of Anons opening up their wallets to find all their tokens transferred out to mysterious addresses, losing tens if not hundreds of thousands of dollars.
>Does this affect other tokens in my hardware wallet? No, as this isn't a vulnerability with the wallet so much as Chainlink specifically. Other tokens, even on wallets that have been affected by the exploit, are safe.
>I haven't touch my wallet in years! Can someone really randomly gain access and steal my LINK? Sadly, yes. This affects PUBLIC addresses, and these are most likely being chosen at random.
>I have my LINK on a hardware wallet! What do I do? Either transfer them to a paper wallet (safest), an exchange, or trade for fiat.
>Can this be patched? Yes, but it will take time. This isn't something that can be done in one week, as it's tied to the security layers focused on staking. These have to be rewritten very cautiously, else other major functions of the LINK source code can break.
The pattern noticed in the last thread was that cold storage wallets are more likely to be stolen from than hot wallets. Rule of thumb is that the longer it's been since you've accessed your LINK, the more likely you'll need to transfer to a paper wallet.
Noah Peterson
liar liar pants on fire
Ryan Turner
> SLQ% injection weak bait
Ethan Myers
Imagine writing all of this. Fuck off idiot
Cooper Harris
How does this remotely make sense? In order to take the LINk tokens you need the private key to the wallet, and once you have the private key it works for all of the tokens and Ether. What does SQL database stuff have to do with anything? But actually I'm the stupid one for even responding to this.
Jace Lee
Literally just need to transfer until this gets patched, if you're vulnerable. There's no need to be this defensive.
Christian Fisher
Not technical but I don't see why we think he's lying.
He LITTERALLY gave alternatives to make sure you don't sell.
Gabriel Ward
fckin THIS OP kys
Luke Adams
>>I haven't touch my wallet in years! Can someone really randomly gain access and steal my LINK? >Sadly, yes. This affects PUBLIC addresses, and these are most likely being chosen at random. These 2 sentences are hilariously bad.
Is OP trying to bring down the price so he can buy in? a couple autists on Zig Forums aren't gonna effect the price of a 5 billion dollar asset, retard.
Michael Reyes
kek someone spam this on reddit
Robert Campbell
Really hope they're just assuming it's FUD and not part of some raid discouraging safe storage practices.
Colton Edwards
Is this a way to data mine dumb LINK whales ?
Ryan Kelly
truly kys
Joseph Perez
New FUD, finally and an intricate one. You should take this to reddit though as they are more likely to believe it than the retards that populate this place. They bought at 20c you know? I seriously doubt they would sell even if this FUD was true.
>SLQ% injection HOLY SHIT NO WAY? SHIT LINK QUEER PERCENTAGE INJECTIONS! THIS IS LITERALLY SPREADING DIGITAL AIDS ONTO HARDWARE WALLETS MAKING THEIR DIGITAL IMMUNE SYSTEM OR "SECURITY" WEAKER, THUS EASIER FOR A SIMPLE VIRUS TO INFECT AND KILL YOUR HARDWARE WALLET!!!!!!!!!!!!!!!!!
Only if you connect to it with a hardware wallet. But again, it's not the hardware wallets themselves that are vulnerable, just the security layer that Chainlink uses to interact with them.
Hudson Phillips
Huh. This is some new FUD. Wonder how many people will fall for it?
Ooh, I bet we could get plebbit to bite this hook line and sinker. I'm gonna start pushing it on /r/crypto or wherever those fuckers reside.
I lied. I forgot that I deleted my reddit account after their latest rule update fiasco where everyone threw a hissy fit. Couldn't stand it anymore. Do it in my stead, Marine.
Holy shit. We could really get them to bite this. This is really good FUD.
