en
Back to the list

MyDashWallet was compromised for two months, keys stolen

source-logo  chepicap.com 16 July 2019 03:09, UTC

MyDashWallet, a platform used for trading Dash cryptocurrency was attacked by hackers between May 13 and July 12. DASH's team urges users to abandon MyDashWallet services and move their private keys to another wallet.

MyDashWallet acts as an online wallet for handling DASH allowing users to store, send, and receive DASH from within their web browser. It works on Javascript and was developed and maintained by DeltaEngine. 

The marketing manager for DASH, Michael Seitz said, ''The hacker was able to obtain private keys used between May 13 and July 12. Out of an abundance of caution, anyone using mydashwallet.org in that timeframe should assume their private keys are known by the hacker and should immediately move any balances out of that wallet.''

Today it was discovered that https://t.co/PozDtfUaf3 was compromised between May 13th-July 12th. Anyone using mydashwallet during that time should assume their private keys are known by the hacker and immediately move balances out of that wallet. Details: https://t.co/yKRopU0HgJ

— DASH (@Dashpay) July 12, 2019

The full amount of the theft still remains unknown, but one user claimed to have lost 143.84 DASH ($17,597) to the hackers. However, the final hack amount could be much more elaborated. Those who used MyDashWallet services in conjunction with hardware wallets or 'associated tipbots' were not affected as the third party wallets did not seem to be vulnerable.

Dash prices did not display much of a price reaction immediately after the hack. Though, it has been down about 16% from July 12. The overall downward slide of major cryptos plus the hack could be probable elements. DASH traded at $121 at the time of writing with market cap holding at $1.1 billion.

DASHUSD Chart provided by TradingView

Another DASH representative reported that, in April 2018, changes were made to MyDashWallet where the portal began to load an external script from third-party host GreasyFork. The GreasyFork account of that script’s creator was used by the hackers to add malicious code. Right from that time, the script was automatically sending the private keys of MyDashWallet users to an external server which likely remained under control of hackers.

chepicap.com