Bitcoin
Bitcoin (BTC)
$95,515.00 -2.03403
Bitcoin price
Ethereum
Ethereum (ETH)
$3,325.05 -1.93523
Ethereum price
BNB
BNB (BNB)
$657.70 -1.14208
BNB price
Solana
Solana (SOL)
$182.23 -2.18501
Solana price
XRP
XRP (XRP)
$2.23 -1.15634
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000217 -2.64081
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000177 -0.86
Pepe price
Bonk
Bonk (BONK)
$0.0000319 1.27037
Bonk price
dogwifhat
dogwifhat (WIF)
$1.96 -1.9493
dogwifhat price
Popcat
Popcat (POPCAT)
$0.779433 3.96305
Popcat price
Bitcoin
Bitcoin (BTC)
$95,515.00 -2.03403
Bitcoin price
Ethereum
Ethereum (ETH)
$3,325.05 -1.93523
Ethereum price
BNB
BNB (BNB)
$657.70 -1.14208
BNB price
Solana
Solana (SOL)
$182.23 -2.18501
Solana price
XRP
XRP (XRP)
$2.23 -1.15634
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000217 -2.64081
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000177 -0.86
Pepe price
Bonk
Bonk (BONK)
$0.0000319 1.27037
Bonk price
dogwifhat
dogwifhat (WIF)
$1.96 -1.9493
dogwifhat price
Popcat
Popcat (POPCAT)
$0.779433 3.96305
Popcat price
Bitcoin
Bitcoin (BTC)
$95,515.00 -2.03403
Bitcoin price
Ethereum
Ethereum (ETH)
$3,325.05 -1.93523
Ethereum price
BNB
BNB (BNB)
$657.70 -1.14208
BNB price
Solana
Solana (SOL)
$182.23 -2.18501
Solana price
XRP
XRP (XRP)
$2.23 -1.15634
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000217 -2.64081
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000177 -0.86
Pepe price
Bonk
Bonk (BONK)
$0.0000319 1.27037
Bonk price
dogwifhat
dogwifhat (WIF)
$1.96 -1.9493
dogwifhat price
Popcat
Popcat (POPCAT)
$0.779433 3.96305
Popcat price
Bitcoin
Bitcoin (BTC)
$95,515.00 -2.03403
Bitcoin price
Ethereum
Ethereum (ETH)
$3,325.05 -1.93523
Ethereum price
BNB
BNB (BNB)
$657.70 -1.14208
BNB price
Solana
Solana (SOL)
$182.23 -2.18501
Solana price
XRP
XRP (XRP)
$2.23 -1.15634
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000217 -2.64081
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000177 -0.86
Pepe price
Bonk
Bonk (BONK)
$0.0000319 1.27037
Bonk price
dogwifhat
dogwifhat (WIF)
$1.96 -1.9493
dogwifhat price
Popcat
Popcat (POPCAT)
$0.779433 3.96305
Popcat price

Cryptocurrency Desktop Client Victim of Trojan Attack

News
Cryptocurrency Desktop Client Victim of Trojan Attack

Syscoin announced on official Github page the project’s official client had faced a malicious trojan attack. The post urged users who downloaded the software via GitHub between June 09, 2018 10:14 PM UTC & June 13, 2018 10:23 PM UTC to take immediate action.

GitHub Compromised

The initial attack vector of the malicious software was a compromised GitHub account belonging to one of the team members, which allowed the perpetrators to gain admin level access and replace the official Windows client with a spiked version.

The altered client introduced by the hacker contained a relatively well-known piece of malicious software called Arkei Stealer, which targets users password and private keys of wallets stored on the local device. Fortunately, a scan from VirusTotal, an automatic virus database and aggregate cataloging service, shows that 44/67 of the major antivirus software vendors have already blacklisted the offending software, severely limiting its ability to spread any further.

Syscoin recommends that all windows users identify the installation date of their desktop cryptocurrency client and ensure that it does not fall between June 9 and June 13, 2018. Affected users are advised to backup their data to a clean storage medium, scan their system with an antivirus, change all passwords related to that machine using an uninfected device and migrate their funds to a newly generated encrypted wallet on a clean machine.

Syscoin Tightens Up Security in Response

The Syscoin team has taken steps to ensure that this kind of attack does not happen again by requiring all Block Foundry Staff and Syscoin Developers to enable two-factor authentication for accessing accounts, perform routine verification of signature hashing and work with Github to ensure users will be able to detect altered binaries.

While many people may be familiar with 2FA from their experience logging in with major cryptocurrency exchanges. Syscoins implementation of signature hashes, through the use of the open source tool Gitian, requires some exploration.

Multifactor Checksum Validation

When developers publish software, they often accompany their release with a checksum — using MD5 or SHA using a hashing algorithm — creating a unique string that acts a signature for that version of the program. This allows users to download the ‘published’ software, run the same hashing algorithm and cross-reference their results with developers while ensuring the data they downloaded is identical to the software publisher.

Gitian, developed by the pseudonymous Dev Random alongside other members of the Bitcoin core community, takes this concept of verifiably secure and trusted code to a new level.

Due to the complexities of compiling human-readable code into binary, it is often the case that two developers compiling identical code will create slightly different binary, resulting in dramatically different checksums.

Gitian creates a replicable working environment across multiple machines by running a Virtual Machine inside of another Virtual Machine, allowing multiple developers to cross-reference each others code and compile binary with the relative certainty that it will be identical across all devices. In the circumstance someone introduces malicious code — intentionally or otherwise — another team member will be able to identify who created it and diagnose the issue quickly.

The scale of those affected by the Syscoin hack has yet to be determined, however, the team’s rapid reaction in notifying the broader security community and their steps taking in locking down the project’s production pipeline are hopeful signs of an impenetrable future to come.