So gefährlich ist die Kryptowelt

In diesem Artikel geht es um mehrere Hacks und Attacken die sich innerhalb von 24 Stunden abspielten, In jedem dieser Hacks ging es um Kryptowährungen,

Abishek Dharshan

Abishek Dharshan

February 28, 2020 8:23 PM

So gefahrlich ist die Kryptowelt

A white hat hacker has found a peril in decentralized projection market Augur.  It’s the most persistent decentralized application (dApp) created on the Ethereum platform.

Security researcher Viacheslav Sniezhkov revealed the bug through the bug bounty framework HackerOne. The virus could allow an attacker to insert and corrupt data into Augur user interface. This would lead users to lose cash and get affected.

This achievement was necessitated due to Augur’s core functionality uncensored prediction market. It allows subscribers to predict the result of any circumstance. The decentralized Ethereum blockchain safeguards it. The UI configuration files are stored locally on a user’s computer.

As a result, hackers could use fake websites that serve hidden iframes and, unbeknownst to the user. Still, they can change the configuration settings kept in local files so that an Augur UI would serve up fraudulent data. In the end, they will cheat users to send funds to scammer controlled address.

Note that the bug wasn’t in the Augur smart contract unlike in the case of high-profile Parity and DAO incidents. Above all, the vulnerability is serious like other bugs.

Sniezhkov said:

“A third-party site can include a hidden iframe which can override “augur-node” configuration variable of a running augur application. This variable is persisted in localStorage. In the case of browser page reload (user action or browser/OS crash), the normal “augur-node” web sockets endpoint will be replaced with the provided by the attacker so that all the markets data, addresses, and transactions can be masqueraded.”

After several days of sparring with Snizhkov over the intensity of the peril (whether it’s a composed UI bug or something more dangerous), the Forecast Foundation, which manages the development of the Augur protocol, gave $5,000 to Sniezhkov for sharing the virus. It has then been sealed.

As of now, there is no sign to validate the exploit was used to steal users money. But the Forecast Foundation has advised the user to upgrade to the latest version of the software client, especially now that unfortified is now public.

According to a report, two weeks before dApp was launched, the developers of the protocol used the kill switch to shut down prediction markets platform is a dangerous bug was discovered in the Augur smart contract. Since there were no detrimental bugs, the kill switch was destroyed and ownership transferred to burn address.

Image Courtesy of Pixabay.

Follow us on TwitterFacebookSteemit, and join our Telegram channel for the latest blockchain and cryptocurrency news.

Abishek Dharshan
Artikel Von

Abishek Dharshan

Abishek is an Entrepreneur, Digital Nomad, Student, and ICO Marketing Manager currently based in Berlin & Champaign. He is actively involved in the Blockchain space and has worked in numerous projects in the Silicon Valley since 2017. His interests revolve around Finance, Consulting, and Blockchain Research.

Mehr Artikel auf Cryptoticker

Alle anzeigen

Regelmäßige Updates zu Web3, NFTs, Bitcoin & Preisprognosen.

Bleibe auf dem Laufenden mit CryptoTicker.