Syscoin Developers Github Account Compromised

Syscoin has released a security notice to their community today, advising them that a malicious copy of the Syscoin 3.0.4.1 Windows based installer has been made available by a compromised Syscoin developer account.

The notice explains that on Wednesday, the Blockchain Foundry received a series of user reports that the latest Syscoin core 3.0.4 windows installer was triggering Windows Defender, AVG and Kaspersky anti-virus software, stating that the setup was from an “unknown publisher”.

When Syscoin developers began investigating these reports they discovered an ‘unsigned copy’ of the latest Windows Syscoin installer had been modified and released on the Syscoin Github page, containing trojan malware. The cause of this malicious activity has been identified, with the team reporting that a Syscoin developers Github account had been compromised, granting them access to the tamper with the code.

The Syscoin team has openly accepted that ‘this may affect windows users who downloaded and executed the Syscoin 3.0.4.1 Windows setup binaries from Github between June 09th, 10:14PM UTC & June 13th 10:23PM UTC’, and has included an extensive step-by-step guide on how to identify and remove this threat. 

Further preventative measure have also been assured by the Syscoin and Blockchain Foundry team to stop a breach like this happening again, including mandatory use of 2FA authentication on all developer accounts and ‘routine verifications of signature hashes’.

At the time of writing, SYS is still in recovery from the recent bear market and so far this latest news has not yet been reflected in the token’s value. Currently up 2.74%, the community remains bullish for the project, who have perhaps gotten off lightly in comparison to other hacks we’ve seen in this space.

A report by Carbon Black recently released daunting figures that in the last 6 months alone, $1.1 Billion has been stolen by crypto-related hacks, with reports that around 12,000 dark web markets have been identified currently offering over 34,000 malware products for as cheaply as $1. With such a lucrative cyber-crime industry growing in this space, it is becoming far more likely that these sorts of attacks will become increasingly commonplace as criminals find new ways to exploit these crypto-projects security measures. For now, Syscoin’s community will be able to breathe a sigh of relief that this recent exposure was not significantly worse.