Hundreds of owners of the cryptocurrency Dogecoin awoke on Christmas to a not-so-cheery discovery: their digital wallets had been cleared out. Someone has stolen at least 30 million Dogecoin from Dogewallet.com, one of the largest sites being used to hold Dogecoins.
The discovery came after Dogecoin forum users began posting complaints that their funds were disappearing without their authorization. The attack apparently targeted the site themselves, the hacker modifying the sites’ receiving page to ensure transactions came straight to the thief’s’ account. The site has since been shut down and the site’s owners are now investigating the digital robbery.
Dogecoin is new to the cryptocurrency game, having been reportedly started by the founders as a joke to counter the rising Bitcoin trend. The name comes from the popular Doge meme and uses the memes Shiba Inu dog character as the currency mascot.
But the message from the dogewallet.com sang a different tune:
We found many reports of Dogewallet transactions being sent to ‘DQT9WcqmUyyccrxQvSrjcFCqRxt8eVBLx8’. We’re currently looking at logs and have found thousands of attempts to hack our systems. Specifically, the attack originated from the hacker gaining access to our filesystem and modifying the send/receive page to send to a static address. We’re currently reviewing logs for information. The site is shut down right now.
At the time of the Christmas day theft, the currency was worth just $.00059 a coin, so the ’30 million’ in Dogecoin actually translates to just under $13,000. The founders say that those affected will be compensated for their losses, most likely in hopes to keep Dogecoin alive.
While the online theft may seem kind of small potatoes, especially when comparing it to some of the massive Bitcoin heists in recent months, it’s another reminder that cryptocurrencies, being so new, don’t necessarily have adequate security in place that ensures its place in our financial future. It’s unclear how the attacker gained access to the filesystem and was able to go undetected long enough to steal at least 30 million digital coins, but the theft doesn’t help sing Dogecoin’s – or any cryptocurrencies – praises.
One of the main causes of the hacking theft was that many users were storing their coins in online digital wallets, as opposed to an offline storage that Bitcoin uses. As this attack shows us, it’s imperative that cryptocurrency collectors keep their crypt-cash offline, and password-protected. It’s a risk trading in cryptocurrency, as attractive as they can be to privacy fanatics, because they aren’t as protected, by government or otherwise.
Commenting in the subreddit r/dogemarket, which, before the 25th was used to sell and trade the digital currency, one Dogecoin owner lamented about his Christmas day experience:
Please remember, even if you know the risks and take (many) precautions, remember how easy it is to be on the wrong side of chance. An online wallet is not an inherently “bad thing”. It’s a tool, and like any tool, it can be used or misused. In this case, I misused the wallet by letting my coins sit in it for a day. A single day, and one night of holiday celebration, cost me 4.5 million doge. Don’t let that be you next time.
No matter how good or bad your Christmas was this year, think of it this way: At least you didn’t get digitally robbed (unless you were a Dogecoin investor, in which case…better luck next year!).
Read more from The Verge.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.