Categories: News

AllCrypt Bitcoin Exchange Hacked, Over 40 BTC In Funds Stolen

It looks like another digital currency exchange is biting the dust, as AllCrypt announced on Twitter their site has been breached due to an exploit in WordPress. Assuming this story is true, it may have to do with the SQL injection vulnerability found in Yoast SEO, a very popular WordPress plugin. But then again, why is a digital currency exchange platform using WordPress in the first place?

2015 – Not The Year of Digital Currency Exchanges

If you have not been living under a rock over the past few months, you will have seen many headlines concerning Bitcoin and other digital currency exchanges in 2015. Both January and February have been very sad months, with over half a dozen exchanges being breached or forced to shut down for various reasons.

AllCrypt is the latest addition to that list, as the website now holds a message saying that the platform has been breached and over 40 Bitcoin has been stolen. But there are some very strange “facts” in the message provided by the AllCrypt owner, “facts” which raise even more questions than answers if you ask me.

Running a Digital Currency Exchange on WordPress….

Needless to say, when you run a digital currency exchange, you paint a target on your back for hackers, hoodlums and people who will try to exploit your platform in every way possible. By using WordPress – a popular solution for blogs and news sites – to serve as your digital currency exchange’s platform, you are putting the cat among the pigeons.

While it is no secret that WordPress is a great platform, it is also no secret that some of its features and plugins have more security holes in them compared to any other similar offering in existence.  It is a good thing to have so many independent developers working on bringing tools to the masses, but not every developer prides himself/herself on top notch security.

Especially when it comes to widely popular WordPress plugins, such as Yoast SEO – which is used by over 90% of all WordPress site owners – security is not the greatest concern. However, a recent report

showed that this popular plugin is vulnerable to SQL injections, which could give an assailant access to everything on your WordPress site.

Related Post

If you ever owned – or are planning to own – a WordPress website, make sure to update your plugins on a daily basis, either manually or automatically. Granted, these updates can sometimes break things that need to be fixed afterwards through a patch or a rollback. But the amount of times this happens compared to useful [security] updates is neglectable.

What Allegedly Happened

According to the AllCrypt site owner, someone used an exploit in order to access the WordPress admin area, uploaded some files [of unknown original or purpose], finds the Bitcoin wallet on the network and starts flooding it with withdrawal requests. Due to the built-in security, the AllCrypt Bitcoin wallet locks up until a valid withdrawal request is made by any of the platform’s users.

Apparently, the hacker(s) made a legitimate withdrawal request in order to unlock the AllCrypt Bitcoin wallet, and managed to steal 42 Bitcoin in funds. Thirty BTC belonged to customers, whereas the remaining 12 BTC was funds held by AllCrypt. A very sad day for all of those affected, and we hope they will be refunded in some way.

By the looks of things, the AllCrypt owner is in a very emotional state right [and understandably so], but we sincerely hope he/she will do everything humanly possible in order to refund customers. If not, charges may be pressed against them, which would only make matters worse after such a hack took place.

Wez will keep an eye on the situation and report back once we found out more information as to what happened exactly.

Source : https://www.allcrypt.com/sitedown.html

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Topping the Best New Meme Coins to Buy Now: BTFD Leads the Charge!

In a world where meme coins can turn a latte budget into a lambo fund,…

5 hours ago

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, MicroStrategy Falls After Bitcoin Price Dips, and Ethereum Heist Involves North Korean Hackers

Best Cryptos to Buy Today: Qubetics Presale Hits $2.7M, Bitcoin Price Dips, and Ethereum Heist…

9 hours ago

WIF Set to Overtake BONK? Lunex Soars with 100x Potential in Altcoin Season

As altcoin season heats up, all eyes are on the rising stars—especially Lunex, which is…

17 hours ago

Binance Coin Price Dips: BNB Holders Rush To Lunex Presale To Hedge Their Long Positions

While the broader market witnessed a notable upward movement, Binance Coin (BNB) experienced a decline…

18 hours ago

Crypto Stalwarts Forecasted 800% Growth in Innovative Projects: VeChain, Rollblock and Polkadot!

This blazing crypto bull run has investors looking for the next top altcoins set to…

18 hours ago

Dogecoin Price Set To Recreate 36,000% Rally From 2021 After Pennant Formation

The Dogecoin price is back in the limelight, captivating the crypto world with its recent…

18 hours ago