Agama news

Desktop. Established in 2016, USA. Fiat - no.

World latest news

Reverse Pickpocket: Why Komodo Team Hacked Their Own Users

The cryptocurrency world is full of risks, from malicious hackers to unexpected bugs. But you’d never expect developers to hack their own users–and you’d be even more surprised if their next step was to give the stolen funds back. That’s the curious moral dilemma that faced developers for the Komodo (KMD) Platform last week. After discovering a major vulnerability in the Komodo Agama wallet, developers took an unusual emergency measure–stealing their own users’ funds, before a hacker could steal them first. According to developers, some $13M of Komodo tokens were removed in a preventive theft that foiled a months-long hacking scheme. How To Hack A Wallet According to the official explanation from the Komodo team, the exploit was intentionally inserted into Agama code after long preparation. “A hacker spent several months making useful contributions to the Agama repository on GitHub before inserting the bug,” the team explained in an official update. “Eventually, the hacker added malicious code to an update of a module that Komodo’s Agama was already using.” That meant anyone updating their wallet would automatically download the malicious code, which would store seed phrases and pass phrases in an external server. However, the backdoor was eventually discovered by Node Package Manager, a popular tool used to include external libraries into any project. NPM promptly notified Komodo developers, who had to take immediate action. This discovery presented a dilemma to the Komodo team: they knew that they would have to notify users, but they also needed to resolve the bug to prevent a hacker from immediately siphoning funds. The team believed the hacker was already collecting seeds and was simply waiting for the right time to steal the compromised funds. “We did a full scan, using the hacker’s exploits against him to understand which accounts had been affected,” explained Komodo CMO Steve Lee. “After assessing all possible options and scenarios, we made the decision to intervene on behalf of our users.” When the story of the vulnerability first broke, the community reacted with confusion, Lee said. “The most important thing we want people to understand is that we don’t have — and never have had — access to users’ private keys or seed phrases. We used the attacker’s same exploit to find every address that was affected, and we made the decision to use that same exploit to protect those funds and transfer them to a safe location. This was an internal white-hat counterattack.”Steve Lee, CMO of Komodo Platform  Komodo’s CTO, Kadan Stadelmann, had previously worked on IT security projects for both the Tunisian and Austrian Governments. Stadelmann’s quick thinking was essential in preventing further hacks, Lee said: “He is a very skilled and experienced white hat hacker who knew exactly what was going on and how best to rectify the situation.” As funds were drained away, the thief saw the tokens moving and tried to steal as many as possible. According to Lee, the hacker made off with around a million KMD($1.66M), but the potential theft could have been significantly worse had the Komodo team not intervened. Damage Control In an effort to clarify misunderstandings, Lee emphasized that this vulnerability is not a flaw in Komodo’s blockchain technology, and does not affect transaction security. “It is important to understand that our core technology has not been compromised. This is a software product suffering from an external software vulnerability. The Komodo blockchain and all dPoW protected ecosystem chains remain entirely secure. Komodo has always employed a robust internal security code review process, along with external 3rd party penetration-testing, on all our core blockchain technologies. We are now assessing solutions to extend a more robust security audit to all our software products as well.”Steve Lee, CMO of Komodo Platform Following the incident, the Komodo team began publicizing the details of the vulnerability, as well as instructions to users on how to recover their funds. Lee emphasized that the exploit only affects the Komodo Agama wallet; other wallets, including the Verus Agama wallet, remain safe. “Komodo’s policy in situations like these is to explore all possible solutions, and pick the one that puts our users and partners first,” Lee explained. “Understandably, we had some frustrated users, however the majority of the community response has been positive.” While the attempted theft provides a cautionary tale to the users of blockchain technology, the prompt by Komodo developers prevented a larger disaster for Komodo users. “Malicious attacks on our industry will continue to be an ongoing issue,” Lee said. “It’s through how we handle situations like these and how we learn from them that the technology can be made even more secure in the future.”   The post Reverse Pickpocket: Why Komodo Team Hacked Their Own Users appeared first on Crypto Briefing.
CryptoBriefing

Crypto Project Komodo Hacked Itself for $13M

Cryptocurrency project, Komodo, has hacked its own Agama wallet and prevented $13 million from being stolen after it learned… The post Crypto Project Komodo Hacked Itself for $13M appeared first on Invest In Blockchain.
Invest In Blockchain

npm thwarts malware attempt, helps Komodo protect $13 million in crypto assets

On Tuesday, June 4, the npm, Inc. security team, in collaboration with Komodo, helped protect over $13 million in cryptocurrency assets after finding and responding to a malware threat targeting the users of a cryptocurrency wallet called Agama. The attack focused on getting a malicious package into the build chain for Agama and stealing the […]
CryptoNinjas

Komodo “Infiltrates Itself” to Prevent Security Breach

Is it possible to hack yourself? It seems like something of an enigma; after all, you control the account or business in question, so you obviously know how to access it properly. How Komodo Prevented Major Losses Nevertheless, it appears hacking itself is exactly what one company has done. That company is known as the Komodo Platform. After learning that there was a backdoor open in its coding that could potentially give hackers access to its customers’ funds, the company ultimately “infiltrated” itself and moved its clients’ funds onto a different network, knowing that they would be saving their money from theft. In many ways, it’s a noble move to make, but not everyone is taking the news lightly. The backdoor was discovered in what’s known as the Agama application, a digital wallet developed by the Komodo team. The company knew that several wallets had either already been compromised or were on the verge of being compromised. With little time to act, it moved funds as best as it could and as quickly as it could. These funds included $13 million in assorted bitcoins and Komodo tokens, and all potential hacks were ultimately thwarted. This is good news in that nobody was hurt or stolen from or humiliated. However, some customers are complaining that their funds were tampered with or tackled without their permission and are demanding a better explanation from the Komodo team. The company has since announced that the coins are on a new platform and that customers have the chance to reclaim their coins. The move was not about stealing coins or moving them out of people’s control; it was about preventing a malicious actor from taking advantage of the company and its clientele. Despite all the money it handles, Komodo is still being labeled a “cryptocurrency startup,” which means it’s still in the early stages of operating. In a statement, company executives announced why they did what they did, along with the full results of the “money move:” After discovering the vulnerability, our cyber security team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk. We were able to sweep around eight million in KMD and 96 BTC from the vulnerable wallets, which otherwise would have been easy pickings for an attacker. The safe KMD and BTC wallets are under the control of the Komodo team, and assets can be reclaimed by their owners. See our support page article for details. The Right Move Forward? Digital hacks and cyberattacks have become far too common in the crypto industry, and it’s nice to know that companies like Komodo are taking the necessary steps to prevent their customers from being affected. Despite its startup status, Komodo did what several larger, more established crypto-based companies couldn’t. The post Komodo “Infiltrates Itself” to Prevent Security Breach appeared first on Live Bitcoin News.
Live Bitcoin News

Blockchain Startup Komodo Hacks Itself, Claims to Save $13 Million in User Assets

Komodo, a blockchain startup, took a bizarre turn recently as it hacked itself to save $13 million in user assets. The startup found an issue with the Agama wallet, which could be exploited to siphon off cryptocurrencies. A hack like no other While hacks are common in the crypto sector, Komodo took an unusual path to hack itself. The company learned of a backdoor vulnerability in the Agama wallet, which could be used to hack the digital assets of the users. Agama is one of the older wallet apps that may provide a safe backdoor entry to users. However, before the hackers could exploit the issue, the developers found the flaw and extracted the at-risk digital currencies from the wallets they controlled. The team confirmed that they could save 96 BTC worth about $742,000 and 8 million Komodo worth about $11.92 million from theft. In a security notice posted on June 5, the company noted that after they discovered the vulnerability, the Cyber Security Team at Komodo used the same exploit to control user funds and extract them to a safe wallet. The company provides the addresses of the two safe wallets (one for BTC and one for KMD). They have asked users to reclaim their assets using their support page article. How did the vulnerability start? The vulnerability of the system was brought in via a contributing useful code. It was then updated to include a security vulnerability into the wallet. The security vulnerability was discovered by the Npm JavaScript package repository. The malicious code was pushed for the electron-native-notify (version 1.1.6) JavaScript library. This update included the code designed to steal digital currency wallet seeds and login passphrases. Npm staffers found that it was unusual for a limited feature-set wallet to contain such advanced functionality. The team then realized that it had discovered a supply-chain attack. The Agama wallet, which was the older wallet developed by Komodo, was loading “the now-malicious electron-native-notify library. The backdoor was added to the electron-native-notify library on March 8, but it made its way to Agama wallet on April 13 with the Agama v0.3.5 release.” Npm explained that the attack was carried out using an increasingly popular method of launching attacks where hackers publish a ‘useful’ package and then update it with a malicious payload. Komodo has asked its users to move all their assets from Agama wallets. The post Blockchain Startup Komodo Hacks Itself, Claims to Save $13 Million in User Assets appeared first on FXTimes.com - Daily Cryptocurrency and FX News.
Cryptovibes

Komodo Wallet Hacks Itself to Secure $13 Million Users Funds from Fraudsters

Komodo (KMD) a distributed ledger technology (DLT) project that claims to be highly secure, independently scalable and fully interoperable, announced in a blog post on June 5, 2019, that it was alerted of a security issue in one of the libraries used by the Agama wallet which could have potentially put the funds of someRead MoreRead More. The post by Ogwu Osaemezu Emmanuel appeared first on BTCManager, Bitcoin, Blockchain & Cryptocurrency News\
BTC Manager

Researchers exploit crypto wallet bug before hackers to save customer funds

A cryptocurrency startup exploited a backdoor in its own platform to protect its customer’s funds after threat actors had spotted and attempted to exploit the flaw. Researchers on the npm, Inc security team discovered a backdoor in the Agama cryptocurrency wallet on the Komodo platform during a security audit of the platform. “This attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application,” npm researchers said in a June 5 blog post. Upon further investigation, the researchers identified a malicious update that lead them to the discovery of a supply chain attack aimed at another app downstream, which was exploiting the newly discovered backdoor. Researchers used the same vulnerability to seize its user’s funds, 8 million KMD and 96 BTC collectively worth nearly $13 million, and transport them to safety before the threat actors could gain access to them. The vulnerable wallet has since been discontinued and those who were affected are recommended to create new KMD and BTC addresses that use new seeds and passphrases. The post Researchers exploit crypto wallet bug before hackers to save customer funds appeared first on SC Media.
SC Media

npm thwarts malware attempt, helps Komodo protect $13 million in crypto assets

CryptoNinjas On Tuesday, June 4, the npm, Inc. security team, in collaboration with Komodo, helped protect over $13 million in cryptocurrency assets after finding and responding to a malware threat targeting the users of a cryptocurrency wallet called Agama. The attack focused on getting a malicious package... npm thwarts malware attempt, helps Komodo protect $13 million in crypto assets
CryptoNinjas

npm, Inc. Catches Malware Attempt, Helps Komodo Protect $13M in Cryptocurrency Assets

Sophisticated Attack via Malicious JavaScript Thwarted by Operators of npm registry On Tuesday, June 4, the npm, Inc. security team, in collaboration with Komodo, helped protect over $13 million in cryptocurrency assets after finding and responding to a malware threat targeting the users of a cryptocurrency wallet called Agama. The attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application. The attack was carried out by using a pattern that is becoming more and more popular: the attacker published a "useful" package (electron-native-notify) to the npm registry, waited until it was in use by the target, and then updated it to include a malicious payload. npm, Inc.'s internal security tooling team identified the threat and immediately responded by notifying and coordinating with Komodo to protect their users, as well as removing the malware from npm. The Komodo cyber security team used the same exploit to gain control of the affected seeds and secure the funds at risk, sweeping approximately 8 million KMD and 96 BTC from the vulnerable wallets. ** If your wallet has not been swept, or you have other assets than KMD and BTC, Komodo strongly recommends moving all funds from Agama to a ...Full story available on Benzinga.com
Benzinga
More news sources

Trending

Hot news

Hot world news

Bakkt Official Launch Date, Ethereum Upgrade, Coinbase Bank & Is Everyone Ready?

Support Me On Patreon! https://www.patreon.com/TheModernInvestor ---------------------------------------------------------------------------- Protect And Store Your Crypto With A Ledger Nano: https://www.ledger.com?r=8af3ed38d3b7 ----------------------------------------------------------------------------- Want To Send Me A Tip? Bitcoin Donations Address: 1BYhrLpntMYW97sd8K6fquTcr5MYwPAe2y Ripple (XRP) Donation Address: rsoKR5VHJx84oMTYbS7tWg7g5aFebYirVi Ethereum / KIN / OmiseGo Donation Address: 0x0e5f5CEFaA9A0713AB6D8F79E6679E22d86C21f6 ----------------------------------------------------------------------------- Open An Account With Binance! https://www.binance.com/?ref=22170588 ------------------------------------------------------------------------------ Buy Bitcoin And Ethereum With Fiat On Binance! https://www.binance.je/?ref=35009618 -------------------------------------------------------------------------------- Follow Me On Facebook ! https://www.facebook.com/TheModernInvestor https://www.youtube.com/channel/UC-5HLi3buMzdxjdTdic3Aig Follow Me On Twitter: https://twitter.com/ModernInvest ---------------------------------------------------------------------------------- Very Special Thanks To My Patreon Supporters: Professor Wally From Gunbot University Forex Lens Inc Auspicious Agile & Blockchain Yet Another Nick Bitsource AML Solutions Chris Charles Roman Geber David Chosrova Stuart Niven Larry Gooch Tyler Winklevoss NBKrypto Steven Harper Ulf Fatman Josefsson Mohammad Tabbaa Brian Vaci Jeffrey Pete Mozar Cryptocurrency Logic Jonathan Robert Kraus Josh Gorcyca K9 Ytrup Crypto Jedi Truls Lee 3000 O. Tom Chhuong Kaneko Tomonori Sir Thomas11_11 Mike McCarty Crypto And Beer Shipmate ZEN Lunacy VV Nicola Kenny Mr. Smith Joey The Happy Farmer Damien Walker ---------------------------------------------------------------------------------- Photo Credit To: https://s.yimg.com/uu/api/res/1.2/w1SLnQC3Xbz2p6F9u0JhVw--~B/aD0xMDAwO3c9MTkxMDtzbT0xO2FwcGlkPXl0YWNoeW9u/http://media.zenfs.com/en-US/homerun/cnbc.com/a26078ac0fe32a76bc5a2b8addf19e1f
The Modern Investor

CME Futures CRUSHED Bitcoin... Will Bakkt do the Opposite?

👇🏻Support the channel by using my affiliate links👇🏻 ✘ Exchanges I'm using: ► Coinbase FIAT https://www.coinbase.com/join/59398125002bcc03276297d6 ► Binance FIAT https://www.binance.je/?ref=35002320 ► Binance Altcoins https://www.binance.com/?ref=16553332 ► Bitmex Futures https://www.bitmex.com/register/s0r1z5 ► Bybit Futures https://www.bybit.com/app/register?ref=RPyME ► Deribit Futures & Options https://www.deribit.com/reg-2331.1757 ✘ My Chart Tool: ► TradingView https://tradingview.go2cloud.org/aff_c?offer_id=2&aff_id=12339 ✘ My Hardware Wallets: ► Ledger https://www.ledgerwallet.com/r/f7c4 ► Trezor https://shop.trezor.io/product/trezor-one-white?offer_id=14&aff_id=1164 ✘ Keep your Private Keys safe: ► https://cryptosteel.com/product/cryptosteel/?csr=517 ✘ Support the Channel via BTC Lightning Network: ► https://tippin.me/@sunnydecree ✘ BTC: ► 12vg29zgveAqm31yiUrL9kM2ANmYMFaA93 ✘ Follow me: ► https://twitter.com/sunnydecree ► https://discord.gg/Psrt8Yn ► https://www.youtube.com/sunnydecreede #Bitcoin #BTC #Crypto
sunny decree

Here’s Why Bakkt Launch Is a Blessing For Bitcoin Holders

Yesterday’s big announcement that regulatory approval has been granted to Bakkt could be the best news bitcoin investors have had this year. It opens the door to the institutional investors and is a huge step forward for crypto industry legitimization in the US. Bakkt To Launch Next Month After months of procrastination, the new cryptocurrency trading platform launched by the Intercontinental Exchange (ICE) has finally been given the green light. The news that the Commodity Futures Trading Commission (CFTC), and the New York State Department of Financial Services, has granted regulatory approval broke late yesterday as reported by Bitcoinist. The concept of physically delivered bitcoin futures will require investors to either produce actual BTC or take delivery in them from their respective exchanges and platforms. Crypto trader at TexasWest Capital, Scott Melker, who also goes by the twitter handle ‘Wolf of All Streets’ stated the news was ‘arguably the most bullish event for institutional investors in the history of bitcoin’. The @Bakkt news is arguably the most bullish event for institutional investors in the history of bitcoin. PHYSICALLY delivered futures (require the holder to either produce actual bitcoin or take delivery from the exchange) backed by the New York Stock Exchange. We are maturing. — The Wolf Of All Streets (@scottmelker) August 16, 2019 Being backed by the New York Stock Exchange has granted bitcoin a level of legitimization never seen before. Investors will get the opportunity to trade in daily and monthly physical bitcoin futures contracts which is likely to lead to greater mainstream adoption. Bakkt is also planning to onboard a number of commercial retailers such as Starbucks which will provide an easier way for people to make purchases using bitcoin and other crypto assets. General Counsel for Compound Finance, Jake Chervinsky, was equally bullish on the Bakkt news stating that: “It offers a way for large, risk-averse institutions to buy and custody bitcoin through an end-to-end regulated system approved by the CFTC and NYDFS, and backed by the sterling reputation of ICE. Compliance lawyers rejoice!” The former litigator also noted that there is still a long way to go since there is still the SEC to contend with. When questioned on the possibility of big investors trying to short bitcoin he added; “Short sellers betting against a commodity probably don’t want to hold the underlying, so shorting via physically-delivered futures is more for entities that are net long (like miners) and want to hedge.” Fintech Business Analyst going by the twitter handle ‘Mr. Gordon’ was equally bullish on Bakkt; “This must be what it feels like to win the lottery!  The confirmation of the launch of #Bakkt changes EVERYTHING… Those of us who have been investing in crytpo for the last couple of years now have some very serious decisions to make…” This must be what it feels like to win the lottery! The confirmation of the launch of #Bakkt changes EVERYTHING.. Those of us who have been investing in crytpo for the last couple of years now have some very serious decisions to make….. Like which colour to get pic.twitter.com/Klo5GwOWY7 — Mr Gordon (@MrGordon_UK) August 16, 2019 Picking a Lambo color is probably a little presumptuous at the moment. Bitcoin price did not even react to the announcement as markets remain choppy this morning. BTC is still consolidating in the mid-$10k range after two dips into four-figure territory late in the week but the long term prospects have just brightened significantly. Will Bakkt send Bitcoin price to a new all-time high later this year? Add your thoughts below. Images via Bitcoinist Image Library, Twitter: @scottmelker, @MrGordon_UK The post Here’s Why Bakkt Launch Is a Blessing For Bitcoin Holders appeared first on Bitcoinist.com.
Bitcoinist

Bakkt launch bears good news for Bitcoin’s price and regulation

One of the biggest news last year was the announcement made by the New York Stock Exchange’s parent company, Intercontinental Exchange. In August 2018, The firm announced that it would be venturing into the cryptocurrency space with the launch of a new company – Bakkt. This turned out to be an extremely bullish news in […] The post Bakkt launch bears good news for Bitcoin’s price and regulation appeared first on AMBCrypto.
AMBCrypto

Bakkt’s Gets Nod for Physically Delivered Bitcoin Futures Approved from CFTC

The Commodities Futures Trading Commission (CFTC) has greenlighted the physically delivered Bitcoin futures product by Bakkt. Company CEO confirmed the news and said that the derivatives product would debut on September 23. Bakkt will be the first to debut physical BTC futures Kelly Loeffler, CEO of Bakkt recently announced that the startup had won approval from the US CFTC to start offering physically settled Bitcoin futures contracts. Bakkt is backed Intercontinental Exchange, and Loeffler is married to Jeff Sprecher, the CEO of ICE. With this approval, Bakkt will become the first company to launch the physical BTC futures. The products will debut on the market on September 23, and all contracts will be cleared by ICE Clear US, the same service that clears trades for NYSE. Loeffler gave a lengthy statement on the product suggest that Bakkt’s product received CFTC approval after a self-certification process. They have also started user acceptance testing. The Bitcoins backing the futures contracts will be under the custody of Bakkt Warehouse. Bakkt Trust Company, a qualified custodian, has also received approval from the New York State Department of Finance Services. She said, “This offers customers unprecedented regulatory clarity and security alongside a regulated, globally accessible exchange in a market underserved by institutional-grade infrastructure.” Bakkt wins the race The ICE-backed startup is not the only company eyeing the lucrative physically-settled Bitcoin futures sector. Numerous other companies like LedgerX are planning to bring the same opportunity to the market. LedgerX could have become the first company to launch these products as it received approval for offering futures, options and swaps settled in Bitcoin by the CFTC. However, the regulator says that the company lacks adequate approvals for launching the physical futures product. Meanwhile, Bakkt has decided to offer two types of futures contracts- daily and monthly. The collection of variation margin and initial margin collateral will be done by ICE Clear US. Product testing began last month to ensure that there are no hiccups when it eventually launches for the buyers. The qualified custodian of Bakkt will help in addressing concerns of the regulator related to manipulation and theft. Note that the company acquired Digital Asset Custody Company (DACC) earlier this year to win the New York regulator’s approval to become a qualified custodian. The company has also decided to pay $35 million for hedging against risks. Loeffler says that doing so will help bring safety for market participants and bring more integrity to this sector. The post Bakkt’s Gets Nod for Physically Delivered Bitcoin Futures Approved from CFTC appeared first on FXTimes.com - Daily Cryptocurrency and FX News.
Cryptovibes
By continuing to browse, you agree to the use of cookies. Read Privacy Policy to know more or withdraw your consent.