Comment Section Used By Hacker In An Attempt To Hack Etherscan

An obvious attempted hack in which the hack tried to use the comment section to operate a malicious code has been discovered by Ethereum block explorer Etherscan.

On Monday, users trying to access the official Etherscan website were welcomed by a suspicious Javascript popup messaging stating “1337,” indicating that a hack attempt was made on the system, possibly in an effort to conduct an ethereum phishing scam.

After investigations were carried out, Etherscan reached the conclusion that the attack was done in the website’s comment section, which enables users to comment on ethereum addresses and is operated by third-party comment hosting service Disqus.

With immediate action, the website deactivated the summarized Disqus comments at the site page footer and, based on an announcement posted on Reddit, is currently working on a patch that will compress the footer HTML and stop further attacks.

MyCrypto developer Michael Hahn noted that, from the look of things, the website has not served up any malicious code by the time the attack reach to the notice of developers.

“XSS, in this case, a javascript injection, was taking advantage of Disqus comments that people use to comment on addresses. It doesn’t appear that Etherscan had been serving malicious code when it was noticed. Disqus comments on Etherscan.io were disabled until a security patch is published which will encapsulate/encode the field to remove the vulnerability to XSS.”

Yet, it is possible that the hacker has further plans than just creating malicious pop-up messages.

Fortunately, this hack attempt did not result in any loss or damage, although other recent hacks have not be dealt with in this manner.

Reply

Time limit is exhausted. Please reload CAPTCHA.