Wallet Provider Komodo Protects Customers Funds By Exploiting Vulnerability
Komodo Platform, a cryptocurrency company hacked itself in an uncommon effort to safeguard its clients from being accessed. When the firm discovered a weakness in mobile wallet app called Agama, Komodo exploited the weakness to gain access to $13 million worth cryptos from clients’ wallets before it is attempted by an external party.
The company said it got a notice of a malware risk affecting the customers of its cryptocurrency wallet Agama on June 4, 2019 at 5 pm UTC from cyber security provider npm and assisted safeguarding of more than $13 million in cryptocurrency assets.
Komodo said the aim of the assault was to implant malware to retrieve the seeds of the wallet as well as other passphrases utilized in the system.
Komodo elaborating how the bug was created:
“It now seems clear that the bug was created intentionally to target Komodo’s version of Agama wallet. A hacker spent several months making useful contributions to the Agama repository on GitHub before inserting the bug. Eventually, the hacker added malicious code to an update of a module that Komodo’s Agama was already using.”
The cryptocurrency wallet provider further explained how the bug functions:
“The update contained malicious code that stored all seed phrases on a public server. The hacker saved the seed phrases on a public server to obscure his/her identity and to create a scenario where anyone could be a suspect when the vulnerability was finally exploited.”
Komodo alerted the customers impacted of the hack and advised the recovery method of the assets. Cryptocurrency transactions have recorded numerous breaches in latest times. In a significant safety violation, hackers robbed over $40 million worth of Bitcoin (BTC) from cryptocurrency exchange Binance.
The Taiwanese firm said it found the violation at 17:15:24 (UTC) on May 7, 2019, where hackers fraudulently obtained more than 7,000 Bitcoins using a range of assault techniques, including phishing, viruses, to name a few.
Hackers also obtained multiple client API keys, 2FA numbers, and other data, as per Binance. After the hack, the exchange briefly stopped all activities and ensured that it would fully reimburse the impacted clients.
Crypto brokerage website Coinmama informed customers in February 2019 that it experienced a safety violation that impacted about 450,000 customers’ emails and encrypted passwords. The business said some unidentified intruders accessed client information and offered for sale on dark web registry.
Likewise, in a cyber-attack, Cryptopia lost almost 19,390 ETH tokens. The cybercriminals sent their loot to famous crypto exchanges with Bitbox, Binance, and Huobi registering the maximum volume of withdrawals. It is reported that almost $900,000 has been withdrawn from the $16 million robbed by hackers.