Explanation and Fallout From the Exploit
system0101
Earlier today a rather vicious exploit hit full steam. Some were able to embed Java and/or JS into newspaper comments, and possibly citizen ads. The code forced donations to one of many accounts. I lost 59 gold in (I believe) the first wave of the attack. The forced people to donate the highest even amount of gold they had in their possession, and nothing else.
One of the first instances of framing was when one of the hackers donated 300 gold to Gaius Julius. This seemingly was done manually. Most of the rest of the gold was liquidated on the Monetary Market in an effort to destabilize the RUB.
The first ones were sloppy and caused glitching on eRep pages. They quickly got better and appeared as blank comments on newspaper articles. Since I had already lost all my gold, and there were no reports of any item thefts, I was not worried about investigating some of the links. EDIT: Nagyzee has said he may be missing some Q5 gifts.
The one that got me was a comment on an article describing the benefits of emigration to eIsrael. The page would take too long to load, and immediately force me back to the homepage. As I said earlier, the exploits quickly were streamlined into blank article comments. The one that got me apparently redirected to a sharethis.com url, but again later ones seemingly did not.
Within an hour of my loss, there were many many people shouting and posting about the exploiters. Many were screaming that the next exploiter was MoredanKantose, though it is widely believed that he was just another victim.
Soon the evolving exploit only stole one gold piece at a time from victims, even though some were still drained completely. Also, Emerick fell victim to a similar framing attack that the eRussian president endured.
It was about this time where the administrators visibly began to crack down on the madness. They suspended all the accounts involved. They hid or removed the JS code in article comments. They temporarily killed the ads. Some scamming accounts were banned before they even swiped a dime.
At this time I believe that no gold has been returned, but it seems as if the exploit has been closed. Some have said the admin team are going to remedy the situation tomorrow, but again I could not find that in an official article or post anywhere.
This is an unofficial, incomplete list of accounts who received these golds. The total range of the attacks is in the low five figures.
http://www.erepublik.com/en/citizen/donate/list/77851 (victim)
http://www.erepublik.com/en/citizen/donate/list/1230646 (victim, returned funds manually)
http://www.erepublik.com/en/citizen/donate/list/1231360
http://www.erepublik.com/en/citizen/donate/list/1425001 (victim, maybe?)
http://www.erepublik.com/en/citizen/donate/list/1507822 (victim)
http://www.erepublik.com/en/citizen/donate/list/1625508
http://www.erepublik.com/en/citizen/donate/list/1705760
http://www.erepublik.com/en/citizen/donate/list/1718173
http://www.erepublik.com/en/citizen/donate/list/1789367
http://www.erepublik.com/en/citizen/donate/list/2026143
http://www.erepublik.com/en/citizen/donate/list/2025781
http://www.erepublik.com/en/citizen/donate/list/2027034
http://www.erepublik.com/en/citizen/donate/list/2027270
http://www.erepublik.com/en/citizen/donate/list/2027292
http://www.erepublik.com/en/citizen/donate/list/2027317
http://www.erepublik.com/en/citizen/donate/list/2027476
If you have any information to add, please post it in comments. Also, if you know of any other accounts that received funds in this manner, post them here. I am (vaguely) considering going through the donations of some of these accounts and totaling the donations from this morning.
Comments
Good Explanation and First
voted. Damn hackerscum.
We are talking about tens of thousands in gold. The Peace GC org in Nunavut had over 3000 gold donated out of it. Greek Orgs also reported losing thousands.
Incredible, and horrifying at the same time. I hope the people who did this get their asses kicked via karma
Damn hackers. Thankfully I avoided them.
😃 jk
So just by clicking the news article it was auto donating gold from you?
I clicked the one newspaper about going to israel like 8 times before I finally got through and was able to read it. I thought it was weird but I didn't think any more into it...
Good thing I have no gold and only USD...
did the same but had no gold this is a really cool game only wish there was pvp
http://www.erepublik.com/en/newspaper/california-times-200318/1" target="_blank">http://www.erepublik.com/en/newspaper/ca[..]318/1
iv lost 19 gold
Yesterday morning, I noticed two "rough drafts" of that Come To Israel article pop up in the US media before the one with the bug hit. Both the rough drafts had gibberish titles, and the content of the all the articles were the same.
thanks for the explanation, i lost nothing but i think we should publicly execute hackers.
Great explanation! I'm full of Schadenfreude for the hackers... I want to see names posted and know who did this. And spit on their eGrave.
The funny part is that I've known about this exploit for six months now. I sent in a report to eRepublik and they never replied.