Komodo (KMD) Team Hacked into Agama Wallets to Save User Funds At Risk

Komodo discovered a fatal exploit potential and took away user funds for safety before fixing the issue.

The Komodo project discovered a fatal exploit vulnerability in the Agama wallet, and resorted to special measures - actually hacking into the wallets and taking away funds for safety. As The Hacker News reported, users of the Agama wallet standard version may have found their funds redirected.

“After discovering the vulnerability, our Cyber Security Team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk. We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the attacker,” warned the Komodo team.

The funds were redirected to two safe wallet addresses, and users can claim them through Komodo’s support page.

The nature of the Agama wallet hack is a third-party malicious JavaScript library, injected by an anonymous author in a March 8 update. The script sent private keys or scripts to a remote server, thus exposing all newly created wallets.

“The attack was carried out by using a pattern that is becoming more and more popular; publishing a “useful” package (electron-native-notify) to npm, waiting until it was in use by the target, and then updating it to include a malicious payload,” the security experts at npm noted.

The Komodo project, along with the npm security team, found the vulnerability and actually exploited it to divert the funds in some wallets for safekeeping.

The Komodo team warns users of the standard Agama version to move any funds from the wallet as soon as possible, no matter when the addresses were generated. Users of the Verus Agama wallet are deemed safe. The owners of Pirate Coin are also warned on Reddit to move their funds.

The Agama wallet functions like the Electrum family of wallets, and is still a work in progress to include additional features and decentralized exchange (DEX). The Electrum wallet versions have been adapted for multiple digital assets, and have shown tainted versions in the past.

The usual mode of attack for Electrum wallet downloads is to direct users to a GitHub page, where malicious users have gained access to offer additional downloads. In the past, similar faked Electrum wallets have stolen BTC and other coins. Launching a version of the Electrum wallet has been relatively easy for new projects, and in the chaos of new launches, hackers managed to slip in compromised versions of the wallets, as was the case with Electrum wallet for Bitcoin Gold (BTG).

Following the news of the intercepted vulnerability, KMD market prices rose, adding more than 14% overnight to $1.58. KMD has been making a slow recovery in 2019, moving up from lows of $0.65 in January. The asset is still far from its peak prices in early 2018 at above $12.80.

Reading now