Etherscan.io Hack Can Manipulate Cryptocurrency Markets

Online panic occurred earlier this week when the users of a popular Ethereum blockchain explorer site have been opening the Etherscan website to find a cryptic pop-up saying “l337” or “ELITE”, this indicates the website was hacked.

Blockchain explorers are the applications that are used by the public to view the cryptocurrency transactions taking place in the blockchain. Most of the these are essentially are financial reporting services providers and among them, Etherscan is one of the most popular for exploring the Ethereum blockchain with the website ranked at 1379 in Alexa. Most of the users who visited the site posted screenshots warning other users to stay away from the website.

Etherscan.io doesn’t offer any wallet services but it allows users to broadcast raw transactions in the Ethereum network. According to information security experts, this hack can be serious because hackers can make the Etherscan.io look any way they wanted from the client’s view. This wouldn’t technically affect the blockchain directly but this may affect the user actions if a hacker showed a fake balance in the wallets account.

The issue occurred because a commenter wrote malicious code in the websites comment module which is executed whenever a new user visits the site. Etherscan is currently working on a fix according to the post. On Twitter, the company has posted that there are no internal systems compromised due to this vulnerability.

Etherscan was using Disqus plugin for comments and the spokesperson of Disquis has advised that the fault lies with Etherscan as they have built a custom library using their API. Disquis has suggested a fix on Reddit.

A security researcher named Scott Helme advised that the attacker having the ability to execute JavaScript in the browser will be able to affect the prices of cryptocurrency.

“They could alter the prices shown on graphs, maybe cause a buy/sell, I’m sure that tampering with the values could impact people.”

Take your time to comment on this article.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers