Most people react to different situations in different ways. A crypto wallet developer took it a notch further by surprising the world with his actions. After discovering a terrible vulnerability located in the app of its users. Komodo, a cryptocurrency wallet maker, decided to hack its own app, and they took the funds of their users.
Some months ago, an unidentified contributor added a “valuable update” to the library, making a new dependency. Next, they patiently waited till the update merged with the Agama app, then they made an alteration to the new dependency to form a backdoor into the crypto wallet app.
The employees at npm quickly took note of the said changes, they fully realized what was happening, and without hesitating, they contacted Komodo. Regrettably, with the way things were, the action was already cast in stone, and the backdoor was in place already.
They explored several options but merely updating the wallet app to eliminate it might not be sufficient; others who did not get the proposed update before the hacker(s) broke in would lose their hard earned cryptocurrency.
In what would surprise many, Komodo took a somewhat novel approach, they hacked themselves. They used the same backdoor the malicious hacker embedded to steal about 13 million dollars’ worth of crypto. Once that was done, they moved it someplace the hacker could not reach.
Komodo posted on a blog to notify users on their platform about what they’ve done, and also the reason for taking such a drastic action. Next, they explained how users can reclaim their funds and how they can transfer their tokens back to the new, and optimistically more secure wallets.
Of course, this shows the issues developers constantly battle in their fight against hackers that try to paint the crypto community black with their actions. It is also a lesson on the strengths and dangers developers face when using 3rd party libraries and open source software that allows anyone to contribute.
Bad people can use open source software in ways that are not possible with software that isn’t open source. This is not to say that open source software’s are bad; they should be examined constantly and thoroughly for hidden vulnerabilities. This kind of event shows both sides of the coin for open sourced software.