Tech

Dan Taylor

Komodo hacks own Agama wallet to protect user funds

A serious vulnerability has been discovered in a cryptocurrency wallet app, putting millions of dollars’ worth of user cryptocurrency at imminent risk of theft. The vulnerability was discovered in the Agama wallet app, which runs on the Komodo platform, during an independent security audit of the code this week.

When alerted to the hack, the Komodo team used the same exploit to take user funds out of compromised accounts and move them to safe storage, a risky tactic that saw them effectively hack their own app to protect users.

The tactic appears to have saved some 96 SegWitCoin (BTC), worth around $13 million, before a hacker stumbled over the funds.

In a post on their blog, Komodo described its response to the attack, and how users affected can reclaim funds removed from their wallets. According to Komodo, “After discovering the vulnerability, our Cyber Security Team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk. We were able to sweep around 8 million KMD and 96 BTC from the vulnerable wallets, which otherwise would have been easy pickings for the attacker.

“The safe wallets RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF (KMD) and 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk (BTC) are under the control of the Komodo Team, and assets can be reclaimed by their owners. See our support page article for details.”

Nevertheless, serious questions will now be asked of the firm and its security setup, with attention turning to the integrity of its other apps.

The backdoor was uncovered by a team at the npm JavaScript package repository, which found a malicious update for the electron-native-notify library.

The team found that the update was in fact a supply chain attack aimed at an alternative target downstream. Agama was using EasyDEX-GUI, which was directly loading the compromised library.

The team responsible for uncovering the attack said the script would collect sensitive information, including passwords, and record them on a remote server, making the subsequent theft a straightforward process.

While Komodo appears to have got off lightly, the firm must now prioritize security to ensure this cannot happen again.

To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.

COMMENT

[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]