11-22-2024
BSV
$68.23
Vol 163.55m
-11.09%
BTC
$99473
Vol 97271.98m
2.43%
BCH
$495.55
Vol 1533.09m
-6.12%
LTC
$90.06
Vol 1214.99m
0.58%
DOGE
$0.39
Vol 9953.49m
2.61%
Getting your Trinity Audio player ready...

MyDashWallet, a cryptocurrency wallet that supports DASH, has revealed that it has been compromised for the past two months. In a post on the Dash forum, the marketing manager for the wallet Michael Seitz urged the users to quickly move their funds or risk losing their DASH tokens entirely, if they hadn’t been stolen already.

Seitz wrote:

Today it was discovered that mydashwallet.org was compromised. The hacker was able to obtain private keys used between May 13th and July 12th. Out of an abundance of caution, anyone using mydashwallet.org in that timeframe should assume their private keys are known by the hacker and should immediately move any balances out of that wallet.

It all started in April 2018, when MyDashWallet was modified to load an external script from GreasyFork, a script hosting website. On May 13, 2019, a hacker compromised the GreasyFork account of the original author of the script, adding code that sent users’ private keys to an external server. According to another DASH representative, Leon White, who also posted on the forum, the change to the code was only detected two months later on July 12 after the hacker used the private keys to move user funds.

The extent of the damage is not yet known. However, MyDashWallet users have been advised to transfer any DASH they hold in their wallets as fast as they can, with the hacker believed to hold many of the users’ private keys. 1

For one user named FabioEcoe, his wallet was raided and he saw 143.84 DASH ($17,500) stolen by the hacker.

While the operators of the wallet have come under intense criticism from the crypto community, one security expert pointed out that the integration of third-party code is a problem that affects all industries in the digital ecosystem.

Deepak Patel, a security expert at cybersecurity firm PerimeterX, told Silicon Angle:

An understanding of digital ecosystems, especially third-party code, is a problem for a plethora of organizations. While it is a perfectly normal part of building an online environment to engage third-party code providers and affiliates, it creates a murky world of shadow IT and organizations rendering on an organizations’ website that has not been properly vetted by said organization. This leaves the digital supply chain of the web properties vulnerable to JavaScript hacks such as this, as well as to legislative penalties as a result of GDPR or other similar privacy legislation.

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement