Hackers Tried to Attack Etherscan Using the Comment

On Monday, there was an attempt of a hacker attack on Etherscan explorer. According to the report, the users notify the administration of the website about the alert “1337” that popped up on the screen. They suggested it was the attempt to insert a malicious code to the site.

java script

After the investigation was conducted, the administration found out the core of the problem; it was a comment in the section where users can write comments on ETH addresses. It is important to note that this section is run by a service Disqus.

The explorer has suspended the work of Disqus comments abruptly and now is trying to prevent similar attack by a patch which encapsulates the footer HTML.

As a media outlet reported, MyCrypto developer Michael Hahn gave a comment on this situation:

“XSS, in this case a javascript injection, was taking advantage of Disqus comments that people use to comment on addresses. It doesn’t appear that Etherscan had been serving malicious code when it was noticed. Disqus comments on Etherscan.io were disabled until a security patch is published which will encapsulate/encode the field to remove the vulnerability to XSS.”

Etherscan is a block browser, a search tool, it also provides API services for Ethereum.

We would like to remind you that hackers attack is not a rare case in the cryptocurrency world. There was news about hacker stole over $12 million worth in Ethereum, holders of ETH were robbed. With the situation getting worse, cryptocurrency holders need to be careful.

Subscribe to The Coin Shark news in Facebook: https://www.facebook.com/coinshark/