On July 23, 2018, the most popular Ethereum block explorer site Etherescan.io was hit malicious attack. According to Motherboard, the hackers were able to use the website’s comments section to introduce malicious code. However, the attack revealed to be more like a prank than a real attack. Even so, while it was apparently harmless, it exposed a vulnerability that could have caused a lot more troubles that could have affected the entire cryptocurrency industry.
The hacker was able to add a pop-up to the site displaying “1337” which is universal hacker jargon for “you have been hacked.” As soon as Etherscan users noticed the hack, they ran onto Twitter to shout out to other users about the issue. The Etherscan team immediately took notice and tried to fix the problem. Later that day, the team made a Reddit post commenting on the whole event.
Even though the team has confirmed that the attack did not have any impact on the user’s funds, the comment section was immediately disabled. According to the Reddit post, the malicious code introduced by the hacker in the comment section of the site contained a line which executed itself in the browser of any user visiting the site. The team also stated it was already working and testing a patch to fix the issue.
On Twitter, the team also assured users that there were no risks of systems being compromised other than the annoying pop-up “alert (1337).”
— Etherscan.io (Not giving away Ether) (@etherscan) July 23, 2018
Etherscan doesn’t have a digital wallet service, and even though it does allow users to broadcast raw transactions to the Ethereum network, none of the user’s funds have been compromised. All and all the hack turned out to be harmless in the regard.
It was an easy job for the actor behind the blow, as all they had to do to get that pop-up running was to leave a comment containing a malicious line of code. Since the service doesn’t have a wallet service for its users, it doesn’t hold any of the user’s funds. However, if the hacker had other intentions, he could have well caused a panic sell by altering the prices shown on the site.
Talking to Motherboard, security researcher Scott Helme said:
“They could alter the prices shown on graphs, maybe cause a buy/sell. I’m sure that tampering with the values could impact people.”
Security experts say this kind of threat is increasing. While this attack resulted in a fix and had no direct impact on Etherscan.io users, it might also be a heads up to the team to go through a significant security check-up on its platform.