Visitors to the Etherscan.io website were panicking on Monday when faced with a pop-up indicating that the site had been hacked. The popular Ethereum blockchain-explorer quickly fixed the breach and no data was compromised — this time.
The hacker was apparently able to implement the attack via code input into the comments section of the site.
This security vulnerability allowed the hacker to display a pop-up window to site-visitors bearing the message “1337” — hacking shorthand dating from the 1980s indicating that the attacker is an ‘elite’ or ‘leet’ hacker.
— Mr. z0rn (@Mr_z0rn) July 23, 2018
Etherscan users took to Twitter for more information on the hack and to warn others.
The comments section of the site was disabled, and a patch was developed and tested to address the issue.
On this occasion, it seems that the pop-up was the only intended consequence of the breach.
Hacks are a bit like cancer; the very word has the ability to strike fear into those that hear it. In reality, however, both can range in danger-level from completely benign to highly malicious. Despite this, no hack is ever particularly good news.
Etherscan is one of the most popular block-explorers for the Ethereum blockchain. It allows users to view, search, and understand the data on the public ledger. It does not offer a digital-wallet service, so user funds were never directly in jeopardy — but the hack could certainly have had far greater repercussions than it did.
Being able to execute code on the site gave the attacker the potential to manipulate the site as he or she saw fit. This could include embedding keyloggers or other malware or objectionable material. “It’s really down to your imagination at this point,” security researcher Scott Helme told Motherboard.
One risk particular to a site like this would be altering price graphs to make the blockchain look a certain way. This could trigger a buy/sell reaction, potentially causing a wider impact across the whole market.
Luckily, this hack has identified the security vulnerability, which can no longer be exploited for more nefarious purposes.
What do you think about the harmless Etherscan hack? Let us know in the comments below!
Images courtesy of Shutterstock, Twitter.