фото показано с : blokt.com

Cryptocurrency investors consider security a very serious issue these days. And they could not be blamed for this very cautious stance as hackers have been known to successfully breach crypto exchanges and get away with multimillion-dollar loots in virtual currencies in numerous hacking incidents. This explains why many were alarmed on July 23, when visitors of Etherscan.io saw the deceptively simple pop-up message “1337,” which in hacker lingo meant that the site had been hacked.

One advantage of blockchain is that anyone can easily validate and confirm transactions. Basically, it’s a public record, according to Futurism, unlike transactions made via banks and other traditional financial institutions, which keep information on transactions in super secure servers where access is limited.

To access blockchain transaction details, users need to go through sites called BlockExplorers. The Etherscan.io site is a very popular BlockExplorer site, which explains why Twitter was quickly flooded with messages as users who have noticed the hack quickly warned other users to stay away from the Etherscan site, reports Motherboard.

Apparently, the hackers targeted the Disqus API, a third-party service that enables comments to be posted in Ethereum wallet addresses, according to TNW. This allowed them to inject JavaScript code into the interface, which was responsible for that pop-up “1337” message that alarmed Etherscan.io users.

After being notified, the Etherscan team quickly took charge of the situation. After disabling the comment feature, they came up with a patch addressing the vulnerability.

What most Etherscan.io users want to know is just how potentially dangerous the 1337 pop-up hack might have been. Surprisingly, the answer to that question varies greatly depending on whom one happens to ask.

For instance, there are those who maintain that the hack did not pose any threat at all. The reason for this viewpoint is simple — the Etherscan.io site does not have a wallet service, so funds were never directly compromised.

Speaking on the attack, Michael Hahn, a programmer for the Ethereum interface MyCrypto.com, explained:

“An XSS attack, in this case, javascript injection, was taking advantage of API that Etherscan uses to grab the latest comments about addresses from the Disqus CMS. It doesn’t appear that Etherscan had been serving malicious code when it was noticed. Disqus comments on Etherscan.io were disabled until a security patch is pushed which will encode the API data to remove the vulnerability to XSS. No user funds were lost.”

However, some information security experts believe that it is more dangerous than what the seemingly harmless comment appears to be. In today’s fast-paced world, information is power and has the potential to influence market movements in the blink of an eye.

Information security expert Jim Manico posted a Twitter message, saying:

“Financial reporting site where any comment can deface the site? That can affect financial markets. For a financial information site like this, it’s a real [vulnerability].”

Security researcher Scott Helme shares a similar viewpoint and told Motherboard:

“They could alter the prices shown on graphs, maybe cause a buy/sell. I’m sure that tampering with the values could impact people.”

Regardless of what could have happened, Etherscan.io users are lucky this time. According to the Etherscan team’s analysis, there were four attempts to inject the JS alert message “1337.” The first attempt “appeared non malicious,” and the team finally blocked the fourth attempt.

Etherscan 1337 Hack Did Not Compromise Crypto Wallets was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.

254 +