The developer of the Komodo cryptocurrency wallet “hacked” the wallets of its own clients to prevent an attack that could lead to theft of funds worth about $ 13 million
. Two months ago, the Npm library received an update containing a hidden backdoor, which could lead to theft of user funds stored in old Komodo Agama wallets.
The audit revealed that malware can steal “seed” and credentials for access to cryptocurrency wallets. To prevent hackers from exploiting malicious code, Komodo used the vulnerability to extract funds from users of Agama wallets and transfer them to a safe place inaccessible to hackers.
A vulnerability report on the Npm JavaScript Packages repository blog entry notes: “After our internal security tools notified us of this threat, we reported it to Komodo and coordinated with the company to protect its users and remove malware from Npm. ”
“Upon discovering a vulnerability, our cybersecurity team used the same malicious code to gain control over the many affected" sids "and protect users' funds," Komodo said.
The company notes that it was able to protect 8 million Komodo (KMD) and 96 BTC tokens, with a total value of about $ 13 million. In order to prevent hackers from using old “seed” and other data in the future, the developers advised users of the Agama wallet to transfer their funds to newer versions wallet products and create new KMD and BTC addresses, as well as new passwords.
The developer Komodo acted on the lead and, most likely, not in vain - cryptocurrency wallets often suffer from vulnerabilities and become targets for hackers. Last month, a vulnerability was discovered in the Wallet Generator paper wallets generator, and in April, hardware wallets manufacturer Ledger warned users about a phishing attack on a Windows application.
. Two months ago, the Npm library received an update containing a hidden backdoor, which could lead to theft of user funds stored in old Komodo Agama wallets.
The audit revealed that malware can steal “seed” and credentials for access to cryptocurrency wallets. To prevent hackers from exploiting malicious code, Komodo used the vulnerability to extract funds from users of Agama wallets and transfer them to a safe place inaccessible to hackers.
A vulnerability report on the Npm JavaScript Packages repository blog entry notes: “After our internal security tools notified us of this threat, we reported it to Komodo and coordinated with the company to protect its users and remove malware from Npm. ”
“Upon discovering a vulnerability, our cybersecurity team used the same malicious code to gain control over the many affected" sids "and protect users' funds," Komodo said.
The company notes that it was able to protect 8 million Komodo (KMD) and 96 BTC tokens, with a total value of about $ 13 million. In order to prevent hackers from using old “seed” and other data in the future, the developers advised users of the Agama wallet to transfer their funds to newer versions wallet products and create new KMD and BTC addresses, as well as new passwords.
The developer Komodo acted on the lead and, most likely, not in vain - cryptocurrency wallets often suffer from vulnerabilities and become targets for hackers. Last month, a vulnerability was discovered in the Wallet Generator paper wallets generator, and in April, hardware wallets manufacturer Ledger warned users about a phishing attack on a Windows application.