The block explore, EtherScan, recently prevented a hacking attempt on their website where a user tried to use the comment section to inject a Java Script (JS) code in a phishing attempt. The attempt was immediately identified and the developers used the back end of the website to eliminate any threats and blocking the source’s attempt.
Users of the website on Monday observed the unusual “1337” pop-up message written on the website which caught the eye of most of them. Luckily, the phishing attempt wasn’t successful and the hacker couldn’t get anything other than the “1337” message to pop up on the screen. The comment that was used to inject the malicious code by Disqus was showed in the Reddit post of EtherScan.
Although EtherScan is block explorer and even if it was compromised, the users wouldn’t have faced much of a problem but there could have been a case of injecting a kind of JS that would made the user click through it and asked for the transaction information. There was a potential risk involved although a minor one. The website claimed that they were immune to these injections but the hacker used Disqus account (A third party comment hosting service) and used to inject the Java Script malicious code through comment section.
The website owners acted swiftly as soon as they got the news and disabled the Disqus comments from the page footer as explained in their official Reddit post. After disabling comments, they claimed to have worked and tested a patch that will encode footer comments to prevent future similar incidents in the future. According to the Reddit post, there were a total of 3 attempts of injecting the Java Script into the website. The first try was non malicious, the second was experimental and the source was known to EtherScan management, while the third try was an attempt to break in which was stopped at the back end of website. For the safety of users and to avoid them getting phished, the developers immediately released Twitter and Reddit posts.
— Etherscan.io (Not giving away Ether) (@etherscan) July 23, 2018
The hacker wasn’t successful with the sinister thought process and could only manage to Pop-up a “1337” message, however, had the attempt to fool users to give up their private wallet keys been successful, the website would’ve faced grave difficulties in tracing the roots of the injection and reimbursing the lost funds. Luckily, no money was lost during this attempt, but it left developers alarmed and pushed them to take precautions to prevent such incidents in the future, which also include encoding all the comments.
Earlier this year, in February, hackers phished $1m from users who tried to contribute to Bee initial coin offerings (ICO) by impersonating salespersons and operators on social media and emails.
The exchanges have also faced a number of hacking attempts (making up to 27% of the total attacks) over the year and have lost a significant amount of money. The incidents include the famous hacking incident of Mt. Gox (They had to file for bankruptcy because of the loss of 850,000 bitcoins in 2014) and the incident of Coincheck, which lost the equivalent of $530m.
An expert from Kaspersky Labs even said that phishing ways are continuously evolving and it is almost impossible to stop or give full protection against the new phishing techniques. Lead web content analyst of Kaspersky Lab, Nadezhda Demidova said in a press release;
The success criminals have enjoyed suggests that they know how to exploit the human factor, which has always been one of the weakest links in cybersecurity, to capitalize on user behaviors.
The techniques used by the hackers tend to teach developers and it results in the provision of immunity to their webpages, however, for the safety of users of such websites, it is advised for them to minimize the use of exchanges and use their own private wallets and make transactions and exchanges only when absolutely necessary because the scammers are naturally drawn towards exchanges and businesses where they can either simply phish the material right out of the websites (i.e. private keys and passwords) or blackmail the users to leak out information and demand cryptocurrency for safety.
It is an established fact that cryptocurrency is the future of currency and transactions, yet the security levels on the blockchain are still rookie. The users and website owners are looking forward to the technological advancements where they’re ensured complete insulation and immunity from scammers and any phishing techniques, but as stated by Nadezhda Demidova the phishing is difficult to stop as of yet but hopefully there might be an evolution in the near future.