EXPLORING THE BLOCK. One of the main draws of a blockchain is that it’s a public record. Anyone, anywhere, can look at every cryptocurrency transaction on the blockchain — unlike the transactions made via traditional financial institutions, the information isn’t secreted away in a server somewhere.
To access this data, users often turn to websites called BlockExplorers, which allow them to search transactions, view recent trends, or even look up the activity of a specific crypto account. Etherscan is one of the most popular BlockExplorers for the Ethereum blockchain, and on Monday, it was the target of hack that, while seemingly harmless, could have had repercussions for the entire crypto market.
THE “ELITE” HACK. The hack itself wasn’t exactly revolutionary — the hacker simply added a pop-up to the site displaying “1337,” decades’ old hacker lingo for “you’ve been hacked.” Etherscan users took to Twitter to warn other of the hack, and later on Monday, the Etherscan team posted an update on the situation via Reddit.
Old Hacker Lingo (Wikimedia Commons)
Turns out, all the hacker had to do to get their pop-up to appear was leave a comment on the site. The company quickly disabled the comments, then developed and tested a patch to address the vulnerability. They confirmed that the “hack” didn’t compromise the funds of any Etherscan users.
WORST-CASE SCENARIO. In reality, the hack probably couldn’t have directly compromised the funds of any Etherscan users — the site doesn’t include a digital wallet service, meaning it doesn’t actually “hold” any cryptocurrencies.
However, had the hacker taken a different approach, they could have caused much bigger waves in the crypto community. “They could alter the prices shown on graphs, maybe cause a buy/sell,” security researcher Scott Helme told Motherboard. “I’m sure that tampering with the values could impact people.”
The crypto sphere is already riddled with bad actors, and each additional scam, scheme, or hack has the potential to further shake investors’ confidence in it. It might not have been the hacker’s intention, but by drawing the Etherscan team’s attention to this security vulnerability, they may have prevented a future hack that could have had a much more significant, and much more negative, impact on the world of cryptocurrencies.