<span class="viewly_preview"><a href="https://upload.view.ly/view/useruploads/d1d3--2017-08-19--serious-eos-ico-vulnerability"><img src="https://ipfs.view.ly/ipfs/Qma4qUe9WJ6dTy9YCWqjG9ZtNBCkcVeZyk13pxyaHYmKQA/thumbnail_masked.png" alt=""></a><br>Watch it on <a href="https://upload.view.ly/view/useruploads/d1d3--2017-08-19--serious-eos-ico-vulnerability">Viewly</a> <br><br></span>*end-preview* <hr><br>====== Serious EOS ICO Vulnerability discovered ======

Dev must pls move fast before more people exploit it.

****** PLEASE READ TILL END, BEFORE U DO ANYTHING ****

EOS Dev team, please fix this urgently before it's exploited and the value of tokens crash!!!

The vulnerability only presents itself when using EXODUS WALLET 1.30.0 or Mist. I couldn't get it to work with the other wallets.
I think the vulnerability only exists because the developers are still developing the platform it's probably used as a faucet but a combination
of actions/software versions cause an issue with the ECR 20 tokens.

I'm unsure if it's specificly due to EOS code or the ethereum network as a whole, effectively the correct software version, and timing can cause quadruple spending 
when amounts larger than 0.5 eth is transferred into a very specific address, it only seems to work once per 'receiving-address' in other words trying to send twice from the same wallet does not work.

I am NOT certain of what other variables could also present this vulnerability.

Following these steps to reproduce:

1) Create a wallet on Exodus (1.31.1 -> It's important that you ensure this is the version you have) or Mist (Only tested latest version), I have reports that MyEtherWallet also works.
2) Open up https://www.timeanddate.com/worldclock/ look at the bottom right of the table for the current UTC time, know keep this in mind, you have to click the send button when:
    - the 'seconds' of time is exactly 00, in otherwords if it hits 12:32:00, or 01:43:00 then click the send button.
3) Send any amount higher than 0.5 ETH to 0x69901950aae2B2884770C8cA6A735d307Fb2DAFF It's IMPORTANT that you click send on :00 (explained in step 2). 
4) Wait 30 minutes (depends on eth network speed), check your tokens, you will have roughly 2 ETH worth of EOS tokens, the amount worth of tokens seems to be 'sent-amount' * 4.

The wierd thing is if i look at ethscan and look at that address it doesn't show my transactions at all, which makes me think maybe it's an Eth-network bug.

I have also managed to sell my EOS tokens this way and get the ETH back!!!!!! this is ridiculous
NOTE: This only works ONCE per wallet address (in other words doing it twice with the same wallet will fail).

I believe this vulnerability is being actively exploited by someone else if you look at the 24hour volume charts, 
it's pretty obvious something fishy is going on with EOS as the currency has been very stable beforehand.

PLEASE, I believe in what EOS project presents - pls fix it devs before more people exploit this bug.

PLEASE PLEASE anyone other than devs reading this:
PLEASE do not exploit this bug. EOS is interested project, you can make some quick free money sure, but it will hurt the devs and set the project back.

I hope by the time most of you read this open letter that the bug has already been patched, my full faith is in Dan Larimer and team!

thank #team-joker