EtherDelta Hack Begins Rocky Weekend for Crypto

  /     /     /  
Publicated : 22/11/2024   Category : security


EtherDelta Hack Begins Rocky Weekend for Crypto


Popular cryptocurrency exchange EtherDelta announces a potential DNS attack and suspends service just days before Bitcoin hit a five-day drop.



EtherDelta last week suspended service when cyberattackers allegedly gained temporary access to the companys DNS servers.
The incident was part of a rough week for cryptocurrency, preceding a sharp drop in values at Bitcoin that hit a low ebb on Friday. The events illustrate the continued volatility of digital currencies, despite their rapid growth.
EtherDelta, a popular cryptocurrency exchange known for its broad selection of alt coins, posted a tweet on Wednesday, Dec. 20 indicating its server was compromised by attackers.
It seems the attacker(s) spoofed EtherDeltas domain to trick users into sending money. EtherDelta posted a follow-up tweet reporting the impostors app had no chat button on the navigation bar, nor did it have an official Twitter feed on the bottom right. It also had a fake order book. After a series of updates, EtherDelta said it was running again on Dec. 22.
Users using MetaMask or a hardware wallet on EtherDelta were safe from the attack, as are those who had never imported their private key on the imposers phishing site. Deposits can only be accessed through a users individual key, the company noted on Twitter.
If EtherDeltas tweets are to be interpreted literally, this was a rare kind of DNS attack, in which the registry and registrar were uninvolved, and the break-in happened on EtherDeltas own primary authoritative name server, says Farsight Security CEO Dr. Paul Vixie, a DNS security expert.
In this case, DNS was incidental to the attack, he explains. The same attacker could use a similar method to break into any other server using a similar trick, such as password guessing.
If theres a lesson for all of us here, which there almost always is, its that the keys to our kingdom are everywhere in our infrastructure, and there is no server or service we can operate with less care for its security than others, Vixie adds.
Shortly after the news of EtherDeltas attack, Bitcoin had a rough holiday weekend with a five-day drop that ended Tuesday, Dec. 26. While the two events were unrelated, the volatility of crypto should not go unnoticed, Vixie says. The recent boom and bust in crypto is almost entirely driven by ignorance and the resulting bandwagon effect, he observes. Prices are unstable and any news -- from a cyberattack to political commentary -- can send them up or down.
Unfortunately, this is just a tip of the iceberg, agrees High-Tech Bridge CEO Ilia Kolochenko. Many crypto currency platforms and exchanges are compromised without even being noticed or publicly disclosed. Further, many dont have the resources to protect themselves, he notes.
Indeed, Youbit, a Korean cryptocurrency exchange, is
filing
for bankruptcy after two cyberattacks in 2017. Nicehash, a marketplace based in Europe,
reported
losing millions in a breach this month.
We have collectively built systems so complex that we cant understand them, Vixie states. Attackers have the time and ambition to test enterprises defenses in ways that the enteprises dont test themselves.
This is especially true of cryptocurrency systems like EtherDelta, which have so much money and many new systems and operators, Vixie notes. However, any enterprise is vulnerable and this should be viewed as a potential attack against everything and anything, says Vixie. The only way to be even partially secure is with red-team testing, and internal and external auditing, he says.
Related Content:
2017 Security Predictions through the Rear Window
Network Printer & Scanner Spoofing Campaign Targets Millions
Block Threats Faster: Pattern Recognition in Exploit Kits
9 Banking Trojans & Trends Costing Businesses in 2017

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
EtherDelta Hack Begins Rocky Weekend for Crypto