A big theft, which could result in a loss of $13 million, has been prevented by pro-active measures. Komodo, a crypto wallet start-up was informed about a potent theft by its internal security after an extensive audit on June 5, which showed that many customer accounts from the old crypto wallet were under threat.
To prevent the hackers from executing the theft by utilizing the malware found in the audit, Komodo hacked the vulnerable accounts itself. It then transferred the funds to a safe location, away from the reach of the hackers. Komodo worked in collaboration with the security team of npm Inc. and avoided what could be a major crypto hack. It found that a total of 8 million Komodo Tokens (KMD) and about 96 BTCs were at risk.
In npm’s official blog on Tumblr, the company stated,
The attack was carried out by using a pattern that is becoming more and more popular; publishing a “useful” package (electron-native-notify) to npm, waiting until it was in use by the target, and then updating it to include a malicious payload.
In its official statement on the situation, Komodo explained in detail about what exactly happened, and how it was avoided. It stated,
After discovering the vulnerability, our Cyber Security Team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk. We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the attacker.
The start-up has requested all the users on the Agama wallet to move their tokens to some other platform. It, however, noted that the latest Versus Version of the wallet is safe and hasn’t been affected.