Ethereum block explorer Etherscan has thwarted an apparent hacking attempt in which the would-be attacker attempted to use the comment section to serve up malicious code.
Upon investigating the matter, Etherscan determined that the attack had originated in the website’s comment section, which allows users to comment on ethereum addresses and is powered by third-party comment hosting service Disqus.
The website promptly disabled the summarized Disqus comments at the site page footer and, according to an announcement posted on Reddit, is now working on a patch that will encapsulate the footer HTML and prevent another similar incident from occurring in the future.
According to MyCrypto developer Michael Hahn, it does not appear that the website had served up any malicious code by the time developers had noticed the attack.
However, it’s likely that the hacker had something far more sinister in mind than creating annoying pop-up messages. For instance, the attacker could have ultimately hoped to inject code designed to trick users into exposing their private keys or sending a transaction to a hacker-controlled wallet.
Thankfully, this particular scheme does not seem to have had led to any loss of funds, though other recent incidents have not been resolved quite so cleanly.
Earlier this month, hackers infiltrated Hola, a free virtual private network (VPN) extension for Google Chrome, and used that access to monitor the activity Hola users who accessed ethereum web wallet service MyEtherWallet.
In February, hackers phished approximately $1 million from users attempting to contribute to the Bee Token initial coin offering (ICO) by impersonating the token sale’s operators on social media and in email conversations.
Featured Image from Shutterstock
Last modified: May 20, 2020 6:22 PM UTC