Online panic occurred earlier this week when the users of a popular Ethereum blockchain explorer site have been opening the Etherscan website to find a cryptic pop-up saying “l337” or “ELITE”, this indicates the website was hacked.
Blockchain explorers are the applications that are used by the public to view the cryptocurrency transactions taking place in the blockchain. Most of the these are essentially are financial reporting services providers and among them, Etherscan is one of the most popular for exploring the Ethereum blockchain with the website ranked at 1379 in Alexa. Most of the users who visited the site posted screenshots warning other users to stay away from the website.
Etherscan.io doesn’t offer any wallet services but it allows users to broadcast raw transactions in the Ethereum network. According to information security experts, this hack can be serious because hackers can make the Etherscan.io look any way they wanted from the client’s view. This wouldn’t technically affect the blockchain directly but this may affect the user actions if a hacker showed a fake balance in the wallets account.
The issue occurred because a commenter wrote malicious code in the websites comment module which is executed whenever a new user visits the site. Etherscan is currently working on a fix according to the post. On Twitter, the company has posted that there are no internal systems compromised due to this vulnerability.
Etherscan was using Disqus plugin for comments and the spokesperson of Disquis has advised that the fault lies with Etherscan as they have built a custom library using their API. Disquis has suggested a fix on Reddit.
“They could alter the prices shown on graphs, maybe cause a buy/sell, I’m sure that tampering with the values could impact people.”
Take your time to comment on this article.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018