A blockchain startup hacked its users’ wallets to save $13 million in Bitcoin and other cryptocurrency from being stolen, ZDNet reports.
Security researchers advised the Komodo Platform of a ‘backdoor‘ in Agama, one of its older wallet apps, that would have allowed hackers to siphon any and all digital assets held inside.
Before that could happen, devs made use of the the flaw themselves to extract at-risk cryptocurrency to wallets under their control.
Bad actors are said to have smuggled the backdoor into Agama by contributing useful code and updating it to include security vulnerabilities at a later date.
“The attack was carried out by using a pattern that is becoming more and more popular; publishing a ‘useful’ package […], waiting until it was in use by the target, and then updating it to include a malicious payload,” explained the firm that discovered the flaw.
A blog post advised affected Komodo users to reclaim their swept cryptocurrency by visiting its support page. The team also urged anyone who may have used its old wallet, Agama, to move any stored funds to an alternate (and safe wallet) as soon as possible.
Internet baddies regularly target cryptocurrency wallet apps. Indeed, popular Bitcoin wallet Electrum has been under siege for months, which estimates suggest has amounted to at least 771 BTC ($5.9M) in lost cryptocurrency.