pull down to refresh

🚨 Important Announcement from Predyx 🚨
1129 sats \ 22 comments \ @mega_dreamer 5 Jan oracle

🚨 Important Announcement from Predyx 🚨

Hey Predyx community – we’ve got some news to share.
Recently, we experienced an attack that targeted a security vulnerability in our system. Thanks to our quick response, we were able to mitigate the attack within minutes. However, this vulnerability remains exploitable, and each time we attempt to bring the platform back online, the attacker resumes targeting us.

🔒 Your funds and shares are safe.

Unfortunately, the attacker did manage to drain some liquidity from our markets.
To ensure the safety and integrity of Predyx, we’ll be temporarily shutting down for a few days while we work diligently to patch the vulnerability.
If the individual responsible for the attack happens to be reading this or is active on SN, we invite you to reach out to us directly.
💰 We’re offering a bounty for disclosing the exploit.
We appreciate your patience and understanding as we strengthen our defenses. We’ll keep you updated every step of the way.
– The Predyx Team
cc @Undisciplined @grayruby @ek @DarkStacker @TNStacker @Coinsreporter @BlokchainB
write
preview
related posts
41 sats \ 5 replies \ @ek 6 Jan
Sorry to hear that. Will you provide us with the details once it's fixed it so we can learn from your mistakes?
reply
100 sats \ 4 replies \ @mega_dreamer OP 6 Jan
Thanks for the kind words, yes for sure we will provide the details. We've figured out the attack mechanism. Its a parallel/concurrent API attack on the sell orders api.
We do have a rate-limit user-id/IP on nginx for that sell api. But some how this attacker is able to bypass that rate-limit.
When we try perform the same attack, nginx protects it seq 1 10 | xargs -n1 -P10 curl --output - 'https://beta.predyx.com/api..., but some how this attacker is able to bypass that rate-limit.
So far for the mitigation. today we switched to Cloudflare WAF. Most probably tomorrow we will be bring up the Broadcom Layer7 API Gateway.
reply
100 sats \ 3 replies \ @ek 6 Jan
We do have a rate-limit user-id/IP on nginx for that sell api. But some how this attacker is able to bypass that rate-limit.
Maybe they use multiple IPs?
But why do you need a rate limit in the first place? Are they able to sell the same shares multiple times?
reply
0 sats \ 2 replies \ @mega_dreamer OP 6 Jan
Possibly multiple IPs. But we also have rate-limit per user-id to mitigate the multiple IPs.
Yes they are able to sell same shares multiple times. We use mongodb with transaction locking. Maybe we need to switch to a transactional db like MySQL or Postgres.
reply
100 sats \ 1 reply \ @ek 22h
But we also have rate-limit per user-id to mitigate the multiple IPs.
Ah, sounded like you rate-limit the combination
Maybe we need to switch to a transactional db like MySQL or Postgres.
Sounds like the right move
reply
0 sats \ 0 replies \ @mega_dreamer OP 17h
Yes, we're working on moving to Postgres.
We fixed the issue by queuing the request via RabbitMQ.
The hacker tried to perform the same attack within minute of us coming back online but failed, gave us a real-time feedback that our fix worked.
We're back online! Thanks for your support and advice.
reply
136 sats \ 1 reply \ @grayruby 5 Jan
Sorry to hear that. Keep us posted when it will be back up and running.
reply
61 sats \ 0 replies \ @mega_dreamer OP 5 Jan
Will do.
reply
21 sats \ 0 replies \ @DarkStacker 6 Jan
Thank you for being transparent🙏
reply
21 sats \ 1 reply \ @suraz 6 Jan
Thank you for the update. I hope the issue gets resolved soon and the platform returns stronger than ever.
reply
0 sats \ 0 replies \ @mega_dreamer OP 6 Jan
Thank you for the kind words.
reply
21 sats \ 0 replies \ @WeAreAllSatoshi 6 Jan
Thank you for the transparency
reply
21 sats \ 1 reply \ @nym 6 Jan
You're a big target. Hope you get it fixed
reply
6 sats \ 0 replies \ @mega_dreamer OP 6 Jan
Thanks, we'll figure it out. Its just matter of time.
reply
21 sats \ 0 replies \ @siggy47 6 Jan
Sorry to hear this. Good luck.
reply
21 sats \ 1 reply \ @Undisciplined 6 Jan
Good luck. I'm sure you'll figure it out.
reply
25 sats \ 0 replies \ @mega_dreamer OP 6 Jan
Thanks, we're almost there.
reply
21 sats \ 0 replies \ @BlokchainB 6 Jan
Thanks! Hate thieves
reply
21 sats \ 0 replies \ @TNStacker 5 Jan
yikes 😳
reply
0 sats \ 0 replies \ @mega_dreamer OP 17h
We're back online! #840096
reply
21 sats \ 1 reply \ @Coinsreporter 6 Jan
Feel sorry to hear it. I'm damn sure you'll overcome this pretty soon and Predyx will again be up and running. My best wishes are with you.
reply
0 sats \ 0 replies \ @mega_dreamer OP 6 Jan
Thank you 🙏
reply