BSV
$53.56
Vol 30.74m
-1.48%
BTC
$95677
Vol 42690.62m
-1.87%
BCH
$448.02
Vol 342.07m
-2.21%
LTC
$101.06
Vol 806.48m
0.13%
DOGE
$0.31
Vol 4704.65m
-3.59%
Getting your Trinity Audio player ready...

MyDashWallet, a cryptocurrency wallet that supports DASH, has revealed that it has been compromised for the past two months. In a post on the Dash forum, the marketing manager for the wallet Michael Seitz urged the users to quickly move their funds or risk losing their DASH tokens entirely, if they hadn’t been stolen already.

Seitz wrote:

Today it was discovered that mydashwallet.org was compromised. The hacker was able to obtain private keys used between May 13th and July 12th. Out of an abundance of caution, anyone using mydashwallet.org in that timeframe should assume their private keys are known by the hacker and should immediately move any balances out of that wallet.

It all started in April 2018, when MyDashWallet was modified to load an external script from GreasyFork, a script hosting website. On May 13, 2019, a hacker compromised the GreasyFork account of the original author of the script, adding code that sent users’ private keys to an external server. According to another DASH representative, Leon White, who also posted on the forum, the change to the code was only detected two months later on July 12 after the hacker used the private keys to move user funds.

The extent of the damage is not yet known. However, MyDashWallet users have been advised to transfer any DASH they hold in their wallets as fast as they can, with the hacker believed to hold many of the users’ private keys. 1

For one user named FabioEcoe, his wallet was raided and he saw 143.84 DASH ($17,500) stolen by the hacker.

While the operators of the wallet have come under intense criticism from the crypto community, one security expert pointed out that the integration of third-party code is a problem that affects all industries in the digital ecosystem.

Deepak Patel, a security expert at cybersecurity firm PerimeterX, told Silicon Angle:

An understanding of digital ecosystems, especially third-party code, is a problem for a plethora of organizations. While it is a perfectly normal part of building an online environment to engage third-party code providers and affiliates, it creates a murky world of shadow IT and organizations rendering on an organizations’ website that has not been properly vetted by said organization. This leaves the digital supply chain of the web properties vulnerable to JavaScript hacks such as this, as well as to legislative penalties as a result of GDPR or other similar privacy legislation.

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement