Malicious Syscoin Installer Copy Puts Users Security at Risk, Github Account Hacked
In the early hours of the morning, Syscoin releases a statement on their Twitter page that informed consumers that they could be at risk. A recent security threat disguised itself as the Syscoin 220.127.116.11 installer for Windows. The warning on Twitter specifically reached out to users that have performed the download between June 9th and June 13th, implying that the threat has not gone too far.
In the notice that consumers are given full access to through a link on the post, the Blockchain Foundry shows multiple reports that the installer was responsible for triggering several anti-virus software program. The publisher was unknown, which shows that it did not come from Syscoin itself.
As the company originally started to investigate the cause of the issue, they found an “unsigned copy” of the coding in the installer that had been altered, now containing trojan malware. The developers have found this error and corrected it, though the hacker had access to the GitHub account that allowed them to tamper with the code.
The only people impacted by this breech of security are “users who downloaded and executed the Syscoin 18.104.22.168 Windows setup binaries from GitHub between June 09th, 10:14PM UTC & June 13th 10:23PM UTC.” However, the company has already established a protocol to fix this issue, which the affected individuals will have to follow to protect their systems.
To add further security against another breech of this kind, both Syscoin and Blockchain have established mandatory 2FA authentication for their developers. They also plan to keep up with “routine verifications of signature hashes.”
When this article was written, SYS is still working on their recovery from the recent dips in the crypto market. However, this breech and subsequent solution have made no positive or negative impact on the value of their tokens.
Unfortunately, there are many companies that have been hit with attacks just like this one at Syscoin. In the last six months, over $1.1 billion has been stolen from crypto accounts.
The dark web market is responsible for selling over 34,000 malware programs, with some of the viruses going for just a dollar. As much as other companies attempt to secure their platforms, the crypto industry is likely to see many more of these attacks as digital criminals discover the lucrative benefits of their hacking.
At least for now, Syscoin’s users can feel comforted and safe by the recent changes to the verification procedures and the step-by-step way of getting out of this recent hack.