Jul 25, 2018 at 08:37
Jul 25, 2018 at 08:37 UTC
Recent Hack on Etherscan Reveals Their Security Vulnerabilities
The Crypto market averted what could have been a huge disaster on Monday, when popular crypto site Etherscan was hacked. For those not familiar with Etherscan, it is a BlockExplorer website which enables users to look for transactions on the Ethereum blockchain network. One of the main boon or bane of blockchain is that it is a open public ledger where people are privy to other people’s transactions.
On Monday, an user added a pop-up on Etherscan’s site which read “1337” which is code for “you’ve been hacked.” It wasn’t a major hack but it definitely caused a wave of panic among users. Many took to Twitter to warn other users about the hack and soon enough the Etherscan team posted an update on the situation. What is bizarre about this entire situation is that this entire fiasco took absolutely no effort on the hacker’s part since it originated from the comments section on the site. Etherscan allows its users to comment on ethereum addresses and this is powered by a third-party comment hosting service Disqus.
After the hack, the site quickly disabled the comments and made the users aware that no funds had been compromised in the process. However, it is difficult to ignore what could have happened if this had indeed turned out to be a major hack. A plethora of sensitive information on the site could have been manipulated by the potential hacker which would have made people decide on their investments accordingly. Scott Helme, a security researcher said that “They could alter the prices shown on graphs, maybe cause a buy/sell… I’m sure that tampering with the values could impact people.”
Scams or hacks like these are everywhere on the internet and especially in the crypto sector which loses a lot of funds each year to such hacks. In the beginning of July, Hola, a free virtual private network (VPN) extension for Google Chrome, was hacked and that allowed bad actors to monitor ethereum related activity of Hola users.