GitHub was attacked, hackers deleted hundreds of source libraries and asked for bitcoin

A large number of developers' Git source code libraries have been removed and asked to pay a ransom.

The attack was first discovered on May 3 and appears to be conducted across Git hosting services (GitHub, Bitbucket, GitLab).

Bitcoin

What is known so far is that the hacker removed all source code and recent updates from the victim Git repository and left a blackmail message asking the developer to pay 0.1 bitcoin (about $580).

The hacker claimed that all source code was downloaded and stored on their server and gave the victim ten days to pay the ransom; otherwise they would disclose the code.

The hacker's message is as follows:

Want to find your lost code and prevent it from being compromised; send our Bitcoin address (ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA) to 0.1 bitcoin, then tell us your Git login and proof of payment via [email protected]. If you don't believe we have your data, you can contact us and we will provide evidence. Your code has been downloaded and backed up on our server. If we do not receive the money within the next 10 days, we will use your code publicly or directly.

Upon inquiry, this bitcoin address is currently only recorded on May 3rd with a credit of approximately 0.00052525 BTC.

1

Password security is key

According to GitHub data, the code base affected by this attack has reached nearly 400.

BitcoinAbuse.com is used to track bitcoin addresses that involve suspicious activity. The site has reported 34 suspicious activity on this bitcoin address. All suspicious activity tracked by it contains the same ransomware information, indicating that this bitcoin address was used for coordinated attacks against Git accounts.

Some hacked users admit that their GitHub, GitLab, and Bitbucket accounts are not secure enough, and they forgot to remove access to old programs that they haven’t used for months—both of which are online accounts A common way of attacking.

However, all the evidence suggests that hackers have looked at the entire Internet to find Git profiles, extracted credentials, and then used these logins to access and extort Git hosting services accounts.

GitLab security director Kathy Wang acknowledged in the email that this is the root cause of the account being compromised.

We identified the source based on the supporting documents submitted by Stefan Gabos and immediately began investigating the issue. We have identified the affected accounts and have notified them. Based on our findings, we have sufficient evidence that the attacked account stores passwords in clear text when deploying the relevant code base. We strongly recommend using password management tools to ensure that passwords are stored in a more secure manner and that two-factor authentication is enabled where possible, both of which prevent this problem.

Bitbucket's parent company, Atlassian, did not respond to requests for comment, but they have begun to notify customers that hackers have illegally entered their accounts and have begun sending security warnings to those accounts that failed to log in.

Paying ransom is not the only solution

The good news is that after delving into the victim's case, members of the StackExchange Security Forum found that the hacker did not actually delete it, but only modified the Git code header file, which means that it can be recovered in some cases.

The steps on how to restore the Git codebase can be found on this page.

On Twitter, some of the key players in the developer community are currently urging victims to contact GitHub, GitLab, or Bitbucket's support team before paying a ransom, as there are other ways to recover deleted codebases.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

FTX owns 38 properties in the Bahamas worth over 200 million US dollars.

The company stated that prior to filing for bankruptcy last year, it had paid out billions of dollars to executives, ...

Blockchain

Hacker's "honeypot": the exchange has been stolen 1.36 billion US dollars, accounting for 59.2% in 2018 alone

Bitrue, a Singapore-based cryptocurrency exchange, today announced a hacking attack that cost $4.3 million worth of X...

Market

Crypto Firms on the Move: Wallets Shaking and Bacon at Lighting Speed!

FTX and Alameda sent $10 million worth of popular tokens (LINK, MKR, COMP, ETH, and AAVE) to a wallet address, which ...

Blockchain

Zhongying Internet publicly claimed that it is preparing for the first of the A-share listed companies in the digital currency trading platform.

This article Source: Finance Network · Chain Finance , the original title "Save capital chain break risk A-...

Blockchain

A brief history of crypto exchanges: a glimpse into the evolution of the most powerful organization in the blockchain industry

Written by: Nathaniel Whittemore & Clay Collins Compilation: Lu Jiangfei Source: ChainNews ChainNews I. Preface T...

Blockchain

Lose user trust? "Black Thursday" has reduced BitMEX bitcoin holdings by nearly 40%

This article Source: Cointelegraph Chinese , Author: MICHAEL KAPILKOV, the original title "from the black since ...