Crypto Startup Hacks Itself to Save $13 Million in Users’ Cryptocurrency

The startup says the users can reclaim their funds.

Share on Facebook Tweet Snapchat Share Reddit Comment
Crypto Startup Hacks Itself to Save $13 Million in Users’ Cryptocurrency

Photo Credit: Komodo

Agama wallet of Komodo blockchain platform was found to be housing a vulnerability

Highlights
  • Komodo transferred over $13 million worth of crypto to its own wallets
  • Komodo was informed about the vulnerability on Wednesday
  • The startup hacked its own wallets the same day

In an interesting tale of quick thinking, a cryptocurrency startup claims to have hacked its own customers to save their funds from a malicious third-party. Apparently, Komodo, which is a crypto-platform, discovered a vulnerability in its Agama Wallet, which potentially put funds of several Agama users at risk. In order to save these funds from hackers, for whom the impacted wallets would have been easy-pickings, Komodo used the same vulnerability to hack the user wallets and save as much as 8 million Komodos or KMD (which is roughly $12.48 million or Rs. 86.6 crores) and 96 Bitcoins or BTC (which is roughly $765,000 or Rs. 5.3 crores).

As per a blog post on Komodo's official website, the blockchain platform on Wednesday was informed about an issue with one of the libraries used by the Agama wallet. This issue had potentially put the consumers using the Agama wallet to store their cryptocurrencies at risk. Without waiting to make and release a patch and then hoping for the customers to apply it, the Komodo team decided to hack the wallets themselves before someone else can and transfer all the cryptocurrency to themselves in an effort to save it.

Komodo says the collected funds are present in RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF (KMD) and 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk (BTC) wallets and can be reclaimed by their owners. The consumer whose funds have been transferred to the company can use this form to reclaim them.

According to Komodo, all Agama Wallets downloaded from its website, Atomic explorer wallet, and Agama Mobile wallets are affected by the vulnerability. The Verus Agama, KomodoOcean QT, and Ledger Hardware wallet are not impacted.

Although the Komodo blog post doesn't include any technical details of the vulnerability, npn package manager's team has shared some information. npn's service was used to push a malicious dependency to Agama wallet.

“The attack was carried out by using a pattern that is becoming more and more popular; publishing a “useful” package (electron-native-notify) to npm, waiting until it was in use by the target, and then updating it to include a malicious payload,” npm team wrote in a blog post.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Komodo, Agama Wallet
Gaurav Shukla Gaurav Shukla is a part of the Gadgets 360 news team and based out of New Delhi. Gaurav is responsible for making sure Gadgets 360 news section is updated with the latest happenings from the world of science and technology. When he is not editing or assigning stories, Gaurav writes about mobile devices, science, social media, and the Internet at large. With over 11 years of experience in tech journalism, Gaurav has reported on everything from the first Android phone to reach the Indian market to ...More
Instagram Rolls Out Lyrics Feature in Music Stories to Rival TikTok
Destiny 2 Becomes Free-to-Play, Cross Save Support and Shadowkeep Expansion Announced
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com