Hansa's newest feature was a vendor-locktime-tx.xlsx file. Anyone had a closer look at it?

Hansa had a file that could be downloaded by vendors after the order was shipped, it contained the timelocked tx signed by hansa along with some other info. It used to be a simple .txt file.

About a day ago there was a stickied post on the forum about a new feature, they changed the TXT to an XLSX file, it contained some additional data like statistics and graphs.

Anyone had a closer look at the file? XLSX might have some exploit in it.

On other interesting question is: are the timelocked transactions legit? Withdrawal wasn't working in the last 2 days, but the timelocked transactions might still work. Any way to verify?


Comments


[6 Points] anothernewthrowaway6:

Obviously nefarious.

For those who don't know, Microsoft Office files (Word Excel Access Powerpoint Outlook) can contain custom-written programs inside them written in a language called Visual Basic for Applications (VBA) that can infect/trash your Windows computer if malicious. (I don't know if the Mac version of Microsoft Office supports VBA and Macros or not.)

Don't download anything from the DN that isn't plaintext. At the least it's bad opsec. In this case, there was obviously malicious intent behind that switch from .txt to .xlsx.


[3 Points] Big_Boy_Stacks:

Some details included: item listing name, quantity, price in btc/usd, exact time order was marked shipped, exact time order was finalized, wallets used, and the buyer usernames associated with those transactions.

If you mean has anyone done an analysis/audit of the actual file itself then no I haven't. I definitely assume there is an exploit hiding in there.


[2 Points] SloppyJoeLieberman:

There is no reason to change formats from TXT to XLSX. I would be highly suspicious of macros, exploits, or something of that nature to be attached to the XLSX file.

If someone wants to open and examine it, maybe try a virtual instance on a sandboxed computer not connected to the Internet or a local network. Even then, you better know what you're doing and how to possibly find what something suspicious. Aside from that, avoid that shit like the plague.


[1 Points] endedbytheknife:

they don't need to find holes excel, it can run VB code so it probably has a macro to run code.


[1 Points] IronmansVisa:

Did Vendors need to download this locktime transaction file to be able to receive their coins in the 90 days or is it useless?