Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/26/2017
12:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

EtherDelta Hack Begins Rocky Weekend for Crypto

Popular cryptocurrency exchange EtherDelta announces a potential DNS attack and suspends service just days before Bitcoin hit a five-day drop.

EtherDelta last week suspended service when cyberattackers allegedly gained temporary access to the company's DNS servers.

The incident was part of a rough week for cryptocurrency, preceding a sharp drop in values at Bitcoin that hit a low ebb on Friday. The events illustrate the continued volatility of digital currencies, despite their rapid growth.

EtherDelta, a popular cryptocurrency exchange known for its broad selection of alt coins, posted a tweet on Wednesday, Dec. 20 indicating its server was compromised by attackers.

(Image: EtherDelta via Twitter)

(Image: EtherDelta via Twitter)

It seems the attacker(s) spoofed EtherDelta's domain to trick users into sending money. EtherDelta posted a follow-up tweet reporting the impostor's app had no chat button on the navigation bar, nor did it have an official Twitter feed on the bottom right. It also had a fake order book. After a series of updates, EtherDelta said it was running again on Dec. 22.

Users using MetaMask or a hardware wallet on EtherDelta were safe from the attack, as are those who had never imported their private key on the imposer's phishing site. Deposits can only be accessed through a user's individual key, the company noted on Twitter.

"If EtherDelta's tweets are to be interpreted literally, this was a rare kind of DNS attack, in which the registry and registrar were uninvolved, and the break-in happened on EtherDelta's own primary authoritative name server," says Farsight Security CEO Dr. Paul Vixie, a DNS security expert.

In this case, DNS was "incidental" to the attack, he explains. The same attacker could use a similar method to break into any other server using a similar trick, such as password guessing.

"If there's a lesson for all of us here, which there almost always is, it's that the keys to our kingdom are everywhere in our infrastructure, and there is no server or service we can operate with less care for its security than others," Vixie adds.

Shortly after the news of EtherDelta's attack, Bitcoin had a rough holiday weekend with a five-day drop that ended Tuesday, Dec. 26. While the two events were unrelated, the volatility of crypto should not go unnoticed, Vixie says. The recent "boom and bust" in crypto is almost entirely driven by "ignorance and the resulting bandwagon effect," he observes. Prices are unstable and any news -- from a cyberattack to political commentary -- can send them up or down.

"Unfortunately, this is just a tip of the iceberg," agrees High-Tech Bridge CEO Ilia Kolochenko. "Many crypto currency platforms and exchanges are compromised without even being noticed or publicly disclosed." Further, many don't have the resources to protect themselves, he notes.

Indeed, Youbit, a Korean cryptocurrency exchange, is filing for bankruptcy after two cyberattacks in 2017. Nicehash, a marketplace based in Europe, reported losing millions in a breach this month.

"We have collectively built systems so complex that we can't understand them," Vixie states. Attackers have the time and ambition to test enterprises' defenses in ways that the enteprises don't test themselves.

This is especially true of cryptocurrency systems like EtherDelta, which have so much money and many new systems and operators, Vixie notes. However, any enterprise is vulnerable and this should be viewed as a potential attack "against everything and anything," says Vixie. The only way to be even partially secure is with red-team testing, and internal and external auditing, he says.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Tough Love: Debunking Myths about DevOps & Security
Jeff Williams, CTO, Contrast Security,  8/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5638
PUBLISHED: 2019-08-21
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user accou...
CVE-2019-6177
PUBLISHED: 2019-08-21
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Le...
CVE-2019-10687
PUBLISHED: 2019-08-21
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVE-2019-11601
PUBLISHED: 2019-08-21
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
CVE-2019-11602
PUBLISHED: 2019-08-21
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.