It looks like another digital currency exchange is biting the dust, as AllCrypt announced on Twitter their site has been breached due to an exploit in WordPress. Assuming this story is true, it may have to do with the SQL injection vulnerability found in Yoast SEO, a very popular WordPress plugin. But then again, why is a digital currency exchange platform using WordPress in the first place?
If you have not been living under a rock over the past few months, you will have seen many headlines concerning Bitcoin and other digital currency exchanges in 2015. Both January and February have been very sad months, with over half a dozen exchanges being breached or forced to shut down for various reasons.
AllCrypt is the latest addition to that list, as the website now holds a message saying that the platform has been breached and over 40 Bitcoin has been stolen. But there are some very strange “facts” in the message provided by the AllCrypt owner, “facts” which raise even more questions than answers if you ask me.
Needless to say, when you run a digital currency exchange, you paint a target on your back for hackers, hoodlums and people who will try to exploit your platform in every way possible. By using WordPress – a popular solution for blogs and news sites – to serve as your digital currency exchange’s platform, you are putting the cat among the pigeons.
While it is no secret that WordPress is a great platform, it is also no secret that some of its features and plugins have more security holes in them compared to any other similar offering in existence. It is a good thing to have so many independent developers working on bringing tools to the masses, but not every developer prides himself/herself on top notch security.
Especially when it comes to widely popular WordPress plugins, such as Yoast SEO – which is used by over 90% of all WordPress site owners – security is not the greatest concern. However, a recent report showed that this popular plugin is vulnerable to SQL injections, which could give an assailant access to everything on your WordPress site.
If you ever owned – or are planning to own – a WordPress website, make sure to update your plugins on a daily basis, either manually or automatically. Granted, these updates can sometimes break things that need to be fixed afterwards through a patch or a rollback. But the amount of times this happens compared to useful [security] updates is neglectable.
According to the AllCrypt site owner, someone used an exploit in order to access the WordPress admin
Apparently, the hacker(s) made a legitimate withdrawal request in order to unlock the AllCrypt Bitcoin wallet, and managed to steal 42 Bitcoin in funds. Thirty BTC belonged to customers, whereas the remaining 12 BTC was funds held by AllCrypt. A very sad day for all of those affected, and we hope they will be refunded in some way.
By the looks of things, the AllCrypt owner is in a very emotional state right [and understandably so], but we sincerely hope he/she will do everything humanly possible in order to refund customers. If not, charges may be pressed against them, which would only make matters worse after such a hack took place.
Wez will keep an eye on the situation and report back once we found out more information as to what happened exactly.
The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…
Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…
The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…
The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…
Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…
While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…