Etherscan ETH Block Explorer Successfully Blocks Crypto Hacking Attempt

On July 23rd in a Reddit Post Etherscan announced that there was a suspected hacking attempt on their network which was eventually avoided. All the funds and the platform are safe for now.

Etherscan is the leading BlockExplorer for the Ethereum Blockchain. A BlockExplorer is basically a search engine that allows users to easily lookup, confirm and validate transactions that have taken place on the Ethereum Blockchain. Etherscan is not funded, operated or managed by the Ethereum Foundation but instead exists as an independent entity.

The Ethereum Blockchain has a public ledger (like a decentralized database) which indexes and then makes available this information through our site. Their mission is to facilitate Blockchain transparency by indexing and making searchable all transactions on the Ethereum Blockchain in the most transparent and accessible way possible.

What Was The Attack?

The platform received reports of random javascript alerts with the content “1337” appearing on Upon further investigation, it appeared that these were injected via the summarized Disqus comments that appear at the bottom of the page site footer.

There was no risk of a compromised system other than the pop-up alert. There were 3 attempts to inject the JS alert message “1337”. The first appeared non-malicious with the second 2 coming from someone the platform knows (most likely experimental). The 4th attempt tried to inject a web3.js tx but this was blocked (truncated) by their backend.

What Followed After The Attack?

Etherscan disabled the summarized Disqus comments at the site page footer. Then they worked and tested a patch that will encode the footer comments to prevent future similar incidents. They have applied a patch to handle unescaped javascript exploits via top comments sections. Technically speaking a web3.js injection would not have been possible given the circumstances. Etherscan then informed their users about the attack on Twitter and Reddit.

Is Using Disqus A Point Of Vulnerability?

Etherscan claims that even though Disqus encodes all comments, their APIs are not encoded. However, Disqus developers claim that when using custom integration to display comments (like in the case of Etherscan), the platform should use message rather than raw_message. Etherscan developers have taken a note of this and will be implemented in the near future.

Etherscan Conclusion

It’s likely that the hacker had something far more sinister in mind than creating annoying pop-up messages. For instance, the attacker could have ultimately hoped to inject code designed to trick users into exposing their private keys or sending a transaction to a hacker-controlled wallet.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide