Attacks/Breaches

12/26/2017
12:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

EtherDelta Hack Begins Rocky Weekend for Crypto

Popular cryptocurrency exchange EtherDelta announces a potential DNS attack and suspends service just days before Bitcoin hit a five-day drop.

EtherDelta last week suspended service when cyberattackers allegedly gained temporary access to the company's DNS servers.

The incident was part of a rough week for cryptocurrency, preceding a sharp drop in values at Bitcoin that hit a low ebb on Friday. The events illustrate the continued volatility of digital currencies, despite their rapid growth.

EtherDelta, a popular cryptocurrency exchange known for its broad selection of alt coins, posted a tweet on Wednesday, Dec. 20 indicating its server was compromised by attackers.

(Image: EtherDelta via Twitter)

(Image: EtherDelta via Twitter)

It seems the attacker(s) spoofed EtherDelta's domain to trick users into sending money. EtherDelta posted a follow-up tweet reporting the impostor's app had no chat button on the navigation bar, nor did it have an official Twitter feed on the bottom right. It also had a fake order book. After a series of updates, EtherDelta said it was running again on Dec. 22.

Users using MetaMask or a hardware wallet on EtherDelta were safe from the attack, as are those who had never imported their private key on the imposer's phishing site. Deposits can only be accessed through a user's individual key, the company noted on Twitter.

"If EtherDelta's tweets are to be interpreted literally, this was a rare kind of DNS attack, in which the registry and registrar were uninvolved, and the break-in happened on EtherDelta's own primary authoritative name server," says Farsight Security CEO Dr. Paul Vixie, a DNS security expert.

In this case, DNS was "incidental" to the attack, he explains. The same attacker could use a similar method to break into any other server using a similar trick, such as password guessing.

"If there's a lesson for all of us here, which there almost always is, it's that the keys to our kingdom are everywhere in our infrastructure, and there is no server or service we can operate with less care for its security than others," Vixie adds.

Shortly after the news of EtherDelta's attack, Bitcoin had a rough holiday weekend with a five-day drop that ended Tuesday, Dec. 26. While the two events were unrelated, the volatility of crypto should not go unnoticed, Vixie says. The recent "boom and bust" in crypto is almost entirely driven by "ignorance and the resulting bandwagon effect," he observes. Prices are unstable and any news -- from a cyberattack to political commentary -- can send them up or down.

"Unfortunately, this is just a tip of the iceberg," agrees High-Tech Bridge CEO Ilia Kolochenko. "Many crypto currency platforms and exchanges are compromised without even being noticed or publicly disclosed." Further, many don't have the resources to protect themselves, he notes.

Indeed, Youbit, a Korean cryptocurrency exchange, is filing for bankruptcy after two cyberattacks in 2017. Nicehash, a marketplace based in Europe, reported losing millions in a breach this month.

"We have collectively built systems so complex that we can't understand them," Vixie states. Attackers have the time and ambition to test enterprises' defenses in ways that the enteprises don't test themselves.

This is especially true of cryptocurrency systems like EtherDelta, which have so much money and many new systems and operators, Vixie notes. However, any enterprise is vulnerable and this should be viewed as a potential attack "against everything and anything," says Vixie. The only way to be even partially secure is with red-team testing, and internal and external auditing, he says.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.