Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

12/26/2017
12:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

EtherDelta Hack Begins Rocky Weekend for Crypto

Popular cryptocurrency exchange EtherDelta announces a potential DNS attack and suspends service just days before Bitcoin hit a five-day drop.

EtherDelta last week suspended service when cyberattackers allegedly gained temporary access to the company's DNS servers.

The incident was part of a rough week for cryptocurrency, preceding a sharp drop in values at Bitcoin that hit a low ebb on Friday. The events illustrate the continued volatility of digital currencies, despite their rapid growth.

EtherDelta, a popular cryptocurrency exchange known for its broad selection of alt coins, posted a tweet on Wednesday, Dec. 20 indicating its server was compromised by attackers.

(Image: EtherDelta via Twitter)

(Image: EtherDelta via Twitter)

It seems the attacker(s) spoofed EtherDelta's domain to trick users into sending money. EtherDelta posted a follow-up tweet reporting the impostor's app had no chat button on the navigation bar, nor did it have an official Twitter feed on the bottom right. It also had a fake order book. After a series of updates, EtherDelta said it was running again on Dec. 22.

Users using MetaMask or a hardware wallet on EtherDelta were safe from the attack, as are those who had never imported their private key on the imposer's phishing site. Deposits can only be accessed through a user's individual key, the company noted on Twitter.

"If EtherDelta's tweets are to be interpreted literally, this was a rare kind of DNS attack, in which the registry and registrar were uninvolved, and the break-in happened on EtherDelta's own primary authoritative name server," says Farsight Security CEO Dr. Paul Vixie, a DNS security expert.

In this case, DNS was "incidental" to the attack, he explains. The same attacker could use a similar method to break into any other server using a similar trick, such as password guessing.

"If there's a lesson for all of us here, which there almost always is, it's that the keys to our kingdom are everywhere in our infrastructure, and there is no server or service we can operate with less care for its security than others," Vixie adds.

Shortly after the news of EtherDelta's attack, Bitcoin had a rough holiday weekend with a five-day drop that ended Tuesday, Dec. 26. While the two events were unrelated, the volatility of crypto should not go unnoticed, Vixie says. The recent "boom and bust" in crypto is almost entirely driven by "ignorance and the resulting bandwagon effect," he observes. Prices are unstable and any news -- from a cyberattack to political commentary -- can send them up or down.

"Unfortunately, this is just a tip of the iceberg," agrees High-Tech Bridge CEO Ilia Kolochenko. "Many crypto currency platforms and exchanges are compromised without even being noticed or publicly disclosed." Further, many don't have the resources to protect themselves, he notes.

Indeed, Youbit, a Korean cryptocurrency exchange, is filing for bankruptcy after two cyberattacks in 2017. Nicehash, a marketplace based in Europe, reported losing millions in a breach this month.

"We have collectively built systems so complex that we can't understand them," Vixie states. Attackers have the time and ambition to test enterprises' defenses in ways that the enteprises don't test themselves.

This is especially true of cryptocurrency systems like EtherDelta, which have so much money and many new systems and operators, Vixie notes. However, any enterprise is vulnerable and this should be viewed as a potential attack "against everything and anything," says Vixie. The only way to be even partially secure is with red-team testing, and internal and external auditing, he says.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32615
PUBLISHED: 2021-05-13
Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.
CVE-2021-33026
PUBLISHED: 2021-05-13
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the ca...
CVE-2021-31876
PUBLISHED: 2021-05-13
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with ...
CVE-2019-10062
PUBLISHED: 2021-05-13
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attri...
CVE-2020-23995
PUBLISHED: 2021-05-13
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.