Categories: News

AllCrypt Bitcoin Exchange Hacked, Over 40 BTC In Funds Stolen

It looks like another digital currency exchange is biting the dust, as AllCrypt announced on Twitter their site has been breached due to an exploit in WordPress. Assuming this story is true, it may have to do with the SQL injection vulnerability found in Yoast SEO, a very popular WordPress plugin. But then again, why is a digital currency exchange platform using WordPress in the first place?

2015 – Not The Year of Digital Currency Exchanges

If you have not been living under a rock over the past few months, you will have seen many headlines concerning Bitcoin and other digital currency exchanges in 2015. Both January and February have been very sad months, with over half a dozen exchanges being breached or forced to shut down for various reasons.

AllCrypt is the latest addition to that list, as the website now holds a message saying that the platform has been breached and over 40 Bitcoin has been stolen. But there are some very strange “facts” in the message provided by the AllCrypt owner, “facts” which raise even more questions than answers if you ask me.

Running a Digital Currency Exchange on WordPress….

Needless to say, when you run a digital currency exchange, you paint a target on your back for hackers, hoodlums and people who will try to exploit your platform in every way possible. By using WordPress – a popular solution for blogs and news sites – to serve as your digital currency exchange’s platform, you are putting the cat among the pigeons.

While it is no secret that WordPress is a great platform, it is also no secret that some of its features and plugins have more security holes in them compared to any other similar offering in existence.  It is a good thing to have so many independent developers working on bringing tools to the masses, but not every developer prides himself/herself on top notch security.

Especially when it comes to widely popular WordPress plugins, such as Yoast SEO – which is used by over 90% of all WordPress site owners – security is not the greatest concern. However, a recent report

showed that this popular plugin is vulnerable to SQL injections, which could give an assailant access to everything on your WordPress site.

Related Post

If you ever owned – or are planning to own – a WordPress website, make sure to update your plugins on a daily basis, either manually or automatically. Granted, these updates can sometimes break things that need to be fixed afterwards through a patch or a rollback. But the amount of times this happens compared to useful [security] updates is neglectable.

What Allegedly Happened

According to the AllCrypt site owner, someone used an exploit in order to access the WordPress admin area, uploaded some files [of unknown original or purpose], finds the Bitcoin wallet on the network and starts flooding it with withdrawal requests. Due to the built-in security, the AllCrypt Bitcoin wallet locks up until a valid withdrawal request is made by any of the platform’s users.

Apparently, the hacker(s) made a legitimate withdrawal request in order to unlock the AllCrypt Bitcoin wallet, and managed to steal 42 Bitcoin in funds. Thirty BTC belonged to customers, whereas the remaining 12 BTC was funds held by AllCrypt. A very sad day for all of those affected, and we hope they will be refunded in some way.

By the looks of things, the AllCrypt owner is in a very emotional state right [and understandably so], but we sincerely hope he/she will do everything humanly possible in order to refund customers. If not, charges may be pressed against them, which would only make matters worse after such a hack took place.

Wez will keep an eye on the situation and report back once we found out more information as to what happened exactly.

Source : https://www.allcrypt.com/sitedown.html

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

11 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

12 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

13 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

13 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

16 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

17 hours ago