Komodo, the blockchain startup and exchange, has hacked its own users to save their assets from a backdoor vulnerability to prevent exploitation from hackers. The vulnerability came from Komodo’s Agama wallet app, which was accepting a malicious code.
According to ZDNet, a news outlet, Komodo managed to gather 8 million Komodo coins and 96 bitcoins . The coins were worth $13 million.
A back-doored library
The incident seemed a little strange at first, but it soon became apparent that this was a supply chain attack using the back-doored library. Unfortunately, for Komodo, their Agama app was loading the malicious electron-native-notify library, but only after Komodo released Agama v0.3.5 was it truly susceptible to an attack.
For an attack to be successful, the code would collect Agama wallet app seeds and passphrases, then putting the data to a remote server. Then with the information gleaned, they could access users/ crypto wallets.
Quick thinking from Komodo saves the day
After realizing the possibility of a devastating attack, Komodo and its security team quickly jumped into action and began salvaging the vulnerable funds. Using the malicious code which could have caused them so much damage, the security team exported funds to safety.
In a security alert release, Komodo noted:
“We were able to sweep around 8 million KMD and 96 BTC from the vulnerable wallets, which otherwise would have been easy pickings for the attacker. The safe wallets […]
Unfortunately, the turbulence is not yet over. Komodo users may still be susceptible to an attack as a hacker could still use old seeds and passphrases to get into accounts. Therefore, Komodo has advised users to take out their funds and change their information to prevent falling victim. They have also closed the old Agama wallets and asked users to move to newer versions which haven’t been compromised.
- Analysis & Opinion1 week ago
Why BTI’s ‘Market Surveillance Report’ is biased
- China1 week ago
Bitmain’s Bitdeer Unleashing A Game Changing Litecoin L5 Miner, Hash Rate Spikes
- News5 days ago
OkEx’s Token OKB Lists on Bitfinex
- World News1 week ago
Emurgo Partners with BBQ Restaurant Tamura, ADA Accepted
- World News1 week ago
Head of Russian oil company: Facebook’s GlobalCoin may be used to pay for barrels of oil
- India1 week ago
India’s Insane Anti-Crypto Bill Proposes 10-Yr Prison for Bitcoin Adopters: Report
- Analysis & Opinion6 days ago
India’s crypto ban could be fake news
- World News6 days ago
Michael Arrington Praises Binance, Will Zhao’s Exchange Adopt xRapid?