Home » A Crypto Wallet Developer Hacked Itself So Users Will Be Safe

A Crypto Wallet Developer Hacked Itself So Users Will Be Safe


Most people react to different situations in different ways. A crypto wallet developer took it a notch further by surprising the world with his actions. After discovering a terrible vulnerability located in the app of its users. Komodo, a cryptocurrency wallet maker, decided to hack its own app, and they took the funds of their users.

Komodo is a crypto developer startup, and they are reputed for their work on several cryptocurrency projects. They are also known for making the Agama crypto wallet. The wallet is reliant on a JavaScript library upheld in node package manager (npm), and a cruel hacker tried to use the open source nature of the code against the users on the wallet’s platform.

Some months ago, an unidentified contributor added a “valuable update” to the library, making a new dependency. Next, they patiently waited till the update merged with the Agama app, then they made an alteration to the new dependency to form a backdoor into the crypto wallet app.

The employees at npm quickly took note of the said changes, they fully realized what was happening, and without hesitating, they contacted Komodo. Regrettably, with the way things were, the action was already cast in stone, and the backdoor was in place already.

They explored several options but merely updating the wallet app to eliminate it might not be sufficient; others who did not get the proposed update before the hacker(s) broke in would lose their hard earned cryptocurrency.

In what would surprise many, Komodo took a somewhat novel approach, they hacked themselves. They used the same backdoor the malicious hacker embedded to steal about 13 million dollars’ worth of crypto. Once that was done, they moved it someplace the hacker could not reach.

Komodo posted on a blog to notify users on their platform about what they’ve done, and also the reason for taking such a drastic action. Next, they explained how users can reclaim their funds and how they can transfer their tokens back to the new, and optimistically more secure wallets.

Of course, this shows the issues developers constantly battle in their fight against hackers that try to paint the crypto community black with their actions. It is also a lesson on the strengths and dangers developers face when using 3rd party libraries and open source software that allows anyone to contribute.

Bad people can use open source software in ways that are not possible with software that isn’t open source. This is not to say that open source software’s are bad; they should be examined constantly and thoroughly for hidden vulnerabilities. This kind of event shows both sides of the coin for open sourced software.

Source: https://www.howtogeek.com/fyi/daily-news-roundup-a-cryptocurrency-wallet-developer-hacked-itself-to-save-its-users/

About the author

Jo Arazi

Jo Arazi

Jo is a seasoned writer and analyst of the cryptocurrency market with several years of experience writing for various blogs and websites worldwide. He has worked with several crypto startups and is a supporter of credible crypto projects worldwide.

Add Comment

Click here to post a comment

The following GDPR rules must be read and accepted:
This form collects your name, email and content so that we can keep track of the comments placed on the website. For more info check our privacy policy where you will get more info on where, how and why we store your data.