Etherscan ETH Block Explorer Successfully Blocks Crypto Hacking Attempt

On July 23rd in a Reddit Post Etherscan announced that there was a suspected hacking attempt on their network which was eventually avoided. All the funds and the platform are safe for now.

Etherscan is the leading BlockExplorer for the Ethereum Blockchain. A BlockExplorer is basically a search engine that allows users to easily lookup, confirm and validate transactions that have taken place on the Ethereum Blockchain. Etherscan is not funded, operated or managed by the Ethereum Foundation but instead exists as an independent entity.

The Ethereum Blockchain has a public ledger (like a decentralized database) which Etherscan.io indexes and then makes available this information through our site. Their mission is to facilitate Blockchain transparency by indexing and making searchable all transactions on the Ethereum Blockchain in the most transparent and accessible way possible.

What Was The Attack?

The platform received reports of random javascript alerts with the content “1337” appearing on Etherscan.io. Upon further investigation, it appeared that these were injected via the summarized Disqus comments that appear at the bottom of the page site footer.

There was no risk of a compromised system other than the pop-up alert. There were 3 attempts to inject the JS alert message “1337”. The first appeared non-malicious with the second 2 coming from someone the platform knows (most likely experimental). The 4th attempt tried to inject a web3.js tx but this was blocked (truncated) by their backend.

What Followed After The Attack?

Etherscan disabled the summarized Disqus comments at the site page footer. Then they worked and tested a patch that will encode the footer comments to prevent future similar incidents. They have applied a patch to handle unescaped javascript exploits via top comments sections. Technically speaking a web3.js injection would not have been possible given the circumstances. Etherscan then informed their users about the attack on Twitter and Reddit.

Is Using Disqus A Point Of Vulnerability?

Etherscan claims that even though Disqus encodes all comments, their APIs are not encoded. However, Disqus developers claim that when using custom integration to display comments (like in the case of Etherscan), the platform should use message rather than raw_message. Etherscan developers have taken a note of this and will be implemented in the near future.

Etherscan Conclusion

It’s likely that the hacker had something far more sinister in mind than creating annoying pop-up messages. For instance, the attacker could have ultimately hoped to inject code designed to trick users into exposing their private keys or sending a transaction to a hacker-controlled wallet.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Avatar
Bitcoin Exchange Guide News Team
B.E.G. Editorial Team is a gracious group of giving cryptocurrency advocates and blockchain believers who want to ensure we do our part in spreading digital currency awareness and adoption. We are a team of over forty individuals all working as a collective whole to produce around the clock daily news, reviews and insights regarding all major coin updates, token announcements and new releases. Make sure to read our editorial policies and follow us on Twitter, Join us in Telegram. Stay tuned. #bitcoin

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,482FansLike
2,795FollowersFollow
4,266FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

China State-Owned Media Covers Crypto as 2020’s Best Performing Assets Driven by DeFi & Weak Dollar

In an unusual coordinated report on Friday, several Chinese state-owned media covered cryptocurrencies, calling them the best-performing assets of 2020. The country’s top broadcaster, China...

Crypto Custodian, Anchorage, Adds Support for DeFi Tokens: BAL, NXM, AAVE, UNI, and YFI

Anchorage, the Delaware corporation headquartered in San Francisco, California, and digital asset custodian for institutional investors is diversifying its DeFi token options for its...

Coinbase Wallet Targeted by New Trojan Malware Dubbed ‘Alien’

The Coinbase wallet is among 226 Android applications targeted by a recently discovered Trojan dubbed ‘Alien.’ This malware mostly targets the financial services space...

Barstool Sports Dave Portnoy Sold $1.25M Worth of his Bitcoin Stash But He Will Be Back

After buying the top and selling the bottom, Barstool Sports Dave Portnoy appeared on Anthony Pompliano’s podcast on “The Pomp Podcast” to discuss bitcoin...

Over 100 Million Unique Users in the Crypto Ecosystem; University of Cambridge Digital Asset Study

The 3rd Global CryptoAsset Benchmarking Study, an initiative by Cambridge researchers to analyze the developing growth of the industry, has estimated that over 100...

DeFi Protocol Synthetix Upgrading to L2 Scaling to Alleviate Gas Costs for Small SNX Stakers

Popular on-chain synthetic assets protocol, Synthetix is in the first phase of its transition to Optimistic Ethereum, a layer two scalability solution for the...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today