Vulnerability Komodo wallet: $13 million at risk since April 16, now safe

06 Jun, 2019
by Jelmer van der Dussen
Vulnerability Komodo wallet: $13 million at risk since April 16, now safe

A vulnerability in Komodo's Agama Wallet has been discovered. $13 million worth of cryptocurrency that was at risk since April 16 has been moved to safe wallets by the project.

The vulnerability was discovered on Wednesday and soon after the Komodo team used the exploit to gain control of seeds that were affected. According to a statement of the cryptocurrency project, 'we were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the attacker'. 

These transactions to the safe wallets had a total worth of $13 million. The exact details on how Komodo secured the funds are not shared yet, but the team has said that a full recap of the event will be published later.

KMD Wallet: RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF

BTC Wallet: 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk

In the statement on Wednesday the Komodo Team said that the assets are now under control of Komodo and can be reclaimed by their users. All users that still have assets in their Agama wallet are recommended to move them away as soon as possible.

Users affected
It's not yet clear what the exact damage is for Komodo holders, but the project has stated in several tweets that no funds have been lost.

However, in a statement released on Thursday, the Komodo Team says that they are still in the process of assessing the damage. 'While it is substantial, it looks manageable. Our goal is to compensate our users as much as possible. Our founder, jl777, offered 500K KMD ($765000) from his personal holdings.'

Users that have empty wallets and are seeing a transaction going out of their wallets to the safe address (RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF) can fill in this form to reclaim their funds. 'We don't have any ETA of distributed funds yet', the project says.

The vulnerability
According to package manager NPM, that found the vulnerability, a malware threat was targeting users of the Agama wallet. 'This attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application', NPM said in a statement.

The package that was innocent at first was installed by Komodo on March 8. 15 days later, the malicious payload was introduced to the package. On April 16, Agama updated its wallet to the new version. From this moment on, wallet seeds were stolen and the funds of users were at risk.

Read more details on the vulnerability here.

The price of Komodo hasn't reacted to the vulnerability. $KMD is even up 5% today. 

KMD/USD Chart proviced by Tradingview

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

BTC RETRACEMENT! This is what's next for Bitcoin! Subscribe to the Chepicap YouTube Channel for more videos!

Read more about: Komodo (KMD)


Have you been affected by the Komodo vulnerability?

(4 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage