(BlockBar) According to CCN, the cryptocurrency platform Komodo found that its wallet had serious security vulnerabilities and had to “hack” and “invade” its user computer system to save $13 million worth of cryptocurrency.
As claimed by the official, Komodo’s network security team successfully “swept” and retrieved 8 million Komodo (KMD) and 96 bitcoins, equal to the value of about 13 million before the hacker seized the security flaws to steal the user’s private key. At the same time, the Komodo team transferred all of the assets to the company’s two wallets: (KMD) (BTC). As stated by official announcement, after the team solves some details, users can retrieve the encrypted assets in the next few weeks. Komodo urges affected users to get in touch through their Discord chat platform. The team also encourages all users of its Agama wallet to take security precautions and transfer funds to the new address.
Security vulnerability was discovered during the routine checking of management of software package, called as NPM. What’s interesting is that this is a popular hacker mode now. Firstly, issuing a “useful” package, and then waiting for it to be used by the target, finally, updating it to contain the malicious payload. The attacker was very patient. He has been “disguised” into a normal contributor for several months. Komodo inadvertently put the infected Javascript library package in an Agama wallet. Luckily, not all versions are affected. The company blocked the loophole before the hacker could cause any serious damage, and KMD’s response in the market was quite calm after the event.
Fortunately, this attack doesn’t cause big financial damages, but the security vulnerabilities and risks still endanger wallets in the network. More security measures need to take to prevent users from large losses. There is no doubt that cryptocurrency fans hope that this is the first and only event that requires “attacking” users to keep their money safe.
Weekend is the most representative female writer in the blockchain industry. She is known for her keen news capture ability and is good at English writing of blockchain news in the Chinese region.
