PUBLIC SERVICE ANNOUNCEMENT FOR ALL THOSE WHO USED CELSIUS OR BANCOR
To avoid getting yourself cucked even harder in the future, make sure to REVOKE PERMISSIONS to celsius and bancor in your wallet.
If you don't do this celsius and bancor CAN STILL ACCESS YOUR FUNDS VIA SMARTCONTRACT. When you use these platforms you allow them to access the tokens in your wallet in order for them to function, make sure to revoke their permission to access your wallet. While I don't think the fucking rats that work there are about to try and pull user funds immediately, I wouldn't put it past them to try it at some future date or to sell access to the smart contracts to some hacker group to give themselves a nest egg to retire on. Given what they've done already, do you trust them??
HOW TO DO THIS 1. go to revoke.cash 2. connect the wallet you used when you accessed bancor/celsius 3. click revoke on any token you deposited on their platforms. Note that if you are hoping to withdraw funds from their platforms at a future date you will need to reenable permissions on their platform. 4. pay the small gas fee
You should do this EVEN IF YOU USE A HARDWARE WALLET or EVEN IF YOU ALREADY MANANGED TO WITHDRAW YOUR FUNDS, this is not an exploit that relies on privates being exposed, rather permissions that you granted when you interacted with the platform.
thought "revoke.cash" was your pajeet site and you were running a scam
Easton Myers
I agree the chance is low, but Alex is a fucking snake and I'd rather that kike had no backdoor to wallet at all this is also a good approach
David Bennett
Kek you must be new!
Justin Davis
Yes>I wouldn't put it past them to try it at some future date or to sell access to the smart contracts to some hacker group to give themselves a nest egg to retire on. Something weird happened to me a while ago. I used anyswap now multichain to move weth to bsc. And then randomly after some time there was this message that they swapped contracts and the old contracts were exploited But it was apparently ok because they announced it on socials Fucking scum maybe they did this thing I really had more weth at this wallet for a time and was lucky to not have it anymore and etherscan made a warning, im never using them again medium.com/multichainorg/action-required-critical-vulnerability-for-six-tokens-6b3cbd22bfc0
Dominic Roberts
Done through etherscan. Thank you user
Landon Morgan
this. although that website is open source. it asks to also access the same tokens you want it to revoke, which is sketch.
Regardless, it doesn't matter how you choose to revoke their permissions, if you are reading this thread just do it!
Charles King
alright done cheers lads
i had no idea such a vulnerability existed holy fuck
Joshua Wright
>>If you don't do this celsius and bancor CAN STILL ACCESS YOUR FUNDS VIA SMARTCONTRACT.
They would need the private key to initiate any further transactions. Not buying this.
If anything, just move your funds into a new wallet, NOT going to some sketchy site to sign new transactions that revoke might do who knows what with.
Jonathan Adams
Okay, this makes sense. I was clearly speaking from ignorance. Good work OP.
Josiah Thompson
What? Celsius didn't need access to external wallets. You deposited the money like on any exchange.
Asher Sullivan
>They would need the private key to initiate any further transactions. Not buying this.
Nope, when you interacted with the smartcontract using your private key you gave them permission to do this. Read this: kalis.me/unlimited-erc20-allowances/
"In general, hardware wallets (such as the Ledger Nano X) are much safer than mobile or browser-based wallets. The reason for this is that the private keys that control the funds are securely stored on the hardware wallet and never leave the device. So by using a hardware wallet you ensure that no one can steal your private keys.
The problem with ERC20 allowances though, is that no one needs to steal your private keys to take the tokens from your wallet. And because of that, hardware wallets offer no protection whatsoever to the exploits discussed in this article."
DESU I've never actually used celsius, I just assumed users interacted with smartcontracts
Jordan Barnes
If I do this, will it affect the withdrawal process as I'm currently in the waiting period?
Benjamin Nelson
Yes, you would have to re-enable permissions before withdrawing the rest of your tokens, this is done when you sign all those contract interactions when staking on bancor. You can probably afford to wait until after you get the rest of your stack out to make it easier, there is no way these guys will rug users like this with the spotlight on them as mush as it is now, this is a long term risk for having interacted with them
Jonathan Martin
Any approval you remove now you'll just have to reenable through another metamask transaction when you withdraw, it'll come up automatically. Check the approvals for all your wallets and make sure you know what each one is for. It's a good idea to revoke everything if gas is cheap.
Jack Foster
what is the safest non pajeet site way to do this? is the etherscan revoke button going to rug me?
Gabriel Wood
Safest is etherscan, next best is revoke.cash. just google instructions how to do it. You can view your approvals without signing or connecting first