IDEX exchange may be suffering some hacks

[danfinlay]

Following up from this MetaMask subreddit post, where a user says after using IDEX, they had ether stolen.

If you trace where their transaction was stolen to, it goes through multiple accounts, especially being routed through this account, which has many transactions on it of people making similar claims about using IDEX and then losing funds:
https://etherscan.io/address/0xfb9f7f41319157ac5c5dccae308a63a4337ad5d9#comments

After following up with the user, they actually used an IDEX built-in account initially (remember those, from EtherDelta? The ones that got drained all at once in the DNS hack?). After reading a tutorial on MyCrypto about the enhanced security of using MetaMask, the user switched to MetaMask.

To me this resembles an attacker having control of IDEX, and tactfully draining only some accounts, just enough to keep the user outcry minimal. This really emphasizes the need of well-audited, deterministic web apps for things like decentralized exchanges. (Could be improved after merging #4405)

Opening a thread here to see if this story is common. Maybe this should be a reddit post instead, but I don't want to be alarmist, I just want to get a real sense of how common this is, put out feelers for how people might want to respond.

[whymarrh]

Opening a thread here to see if this story is common. Maybe this should be a reddit post instead, but I don't want to be alarmist, I just want to get a real sense of how common this is, put out feelers for how people might want to respond.

Over 1 yr later I think we can close this.