en
Back to the list

Vulnerability Komodo wallet: $13 million at risk since April 16, now safe

source-logo  chepicap.com  + 10 more 06 June 2019 21:50, UTC

A vulnerability in Komodo's Agama Wallet has been discovered. $13 million worth of cryptocurrency that was at risk since April 16 has been moved to safe wallets by the project.

The vulnerability was discovered on Wednesday and soon after the Komodo team used the exploit to gain control of seeds that were affected. According to a statement of the cryptocurrency project, 'we were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the attacker'. 

These transactions to the safe wallets had a total worth of $13 million. The exact details on how Komodo secured the funds are not shared yet, but the team has said that a full recap of the event will be published later.

Agama update thread *** (1/3) After discovering the vulnerability, our Cyber Security Team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk. We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets (...)

— Komodo (@KomodoPlatform) June 5, 2019

KMD Wallet: RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF

BTC Wallet: 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk

In the statement on Wednesday the Komodo Team said that the assets are now under control of Komodo and can be reclaimed by their users. All users that still have assets in their Agama wallet are recommended to move them away as soon as possible.

Users affected
It's not yet clear what the exact damage is for Komodo holders, but the project has stated in several tweets that no funds have been lost.

However, in a statement released on Thursday, the Komodo Team says that they are still in the process of assessing the damage. 'While it is substantial, it looks manageable. Our goal is to compensate our users as much as possible. Our founder, jl777, offered 500K KMD ($765000) from his personal holdings.'

Agama update ** (1/3) After mitigating the immediate threat, we are in the process of assessing the damage. While it is substantial, it looks manageable. Our goal is to compensate our users as much as possible. Our founder, jl777, offered 500k KMD from his personal holdings (...)

— Komodo (@KomodoPlatform) June 6, 2019

Users that have empty wallets and are seeing a transaction going out of their wallets to the safe address (RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF) can fill in this form to reclaim their funds. 'We don't have any ETA of distributed funds yet', the project says.

The vulnerability
According to package manager NPM, that found the vulnerability, a malware threat was targeting users of the Agama wallet. 'This attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application', NPM said in a statement.

The package that was innocent at first was installed by Komodo on March 8. 15 days later, the malicious payload was introduced to the package. On April 16, Agama updated its wallet to the new version. From this moment on, wallet seeds were stolen and the funds of users were at risk.

Read more details on the vulnerability here.



The price of Komodo hasn't reacted to the vulnerability. $KMD is even up 5% today. 



KMD/USD Chart proviced by Tradingview

chepicap.com

Similar news (10)
Add similar news