Security Events | MyDashWallet Online Wallet User Assets Theft Details Disclosure

event

On July 10, 2019, the Dimensional Security Lab (johnwick.io) received a credit feedback from a user claiming that he was lost while using the MyDashWallet online wallet (https://mydashwallet.org/). Dash, which is worth millions of RMB, was analyzed by a team of technicians and users of the Dimensional Security Lab to conclude that this is a typical supply chain attack.

As of press time, the hang-up code on the MyDashWallet website still exists and is still valid! In order to secure the assets of Dash users, we strongly recommend not using the MyDashWallet online wallet at this time !

analysis

The MyDashWallet website source references several third-party js scripts, one from greasyfork.org , a share distribution site for the GreaseMonkey oil monkey script, similar to the github of the programmer community.

Let's take a look at this js code on greasyfork.org:

At first glance, it is a harmless script for individual animals, but as long as you pull down, you can see the true face of it: stealing the user's Dash information, including account balance, account private key PrivateKey, Keystore, Seed, etc. ! Sure enough:

Only children can do multiple-choice questions, all adults must!

Let's take a look at this script. When it detects that the last 5 digits of the 6th character of the host name of the user's access to the website is hwall (that is, it matches mydas hwall et.org ), the stealing action is triggered.

After the stealing action is completed, the stolen information will be sent to https://api.dashcoinanalytics.com/stats.php in POST mode.

Combined with the script history version and code differences on greasyfork.org, it is known that hackers deployed malicious scripts as early as May 13, 2019.

Combined with the domain name registered by the hacker to collect the stolen information, it can be seen from the whois information that the domain name was registered on May 13, 2019!

The validity period of the HTTPS certificate for this domain name will be effective from May 14, 2019!

321

in conclusion

From the above analysis we can infer:

  • At least until May 13, hackers took control of the MyDashWallet website ( mydashwallet.org )
  • On September 13th, I rented a secret server and applied for a domain name and HTTPS certificate.
  • Malicious scripts were submitted on greasyfork.org on May 13 and are constantly updated
  • Then insert this malicious script on mydashwallet.org, then Jiang Taigong fishing until now!

 

After we informed the user of the above analysis, the user immediately reported the relevant question in the telegram group of MyDashWallet, but was immediately kicked out by the administrator! At present, MyDashWallet has not made any response after we released the relevant event warning!

We will continue to update Blocking; if you have any questions or suggestions, please contact us!

Share:

Was this article helpful?

93 out of 132 found this helpful

Discover more

Blockchain

How many entities hold Bitcoin? These 7 exchanges are worth watching

Written by: Rafael Schultze-Kraft Translation: Lu Jiangfei Source: Chain News Problems with quantifying the number of...

Policy

Jurors buckle up as Sam Bankman-Fried's criminal trial takes off with riveting jury directions

SBF faces seven charges of financial fraud in connection with FTX's downfall in November.

Opinion

US SEC Chairman's pessimistic tone: Cryptocurrency businesses often non-compliant, filled with opacity and risk

During a Q&A session at the 27th annual Financial Markets Conference held by the Federal Reserve Bank of Atlanta ...

Blockchain

Coinbase becomes Tezos' largest verification node, will it be a new trend for exchanges?

Original: Cryptopotato , original author: Jordan Lyanchev Source: Odaily Planet Daily, Translator: Yu Shunsui Accordi...

Blockchain

Why do institutional investors use the exchange Bakkt as the gateway to the world of encryption?

Bakkt, the cryptocurrency exchange initiated by ICE, the parent company of the New York Stock Exchange, has officiall...

Opinion

Amazon's participation and the skyrocketing value of AI company Anthropic become FTX's biggest hope of repaying the debt?

FTX previously invested $500 million as a lead investor in Anthropic's Series B financing round, so the expected appr...