Skip to content

Rare Pepe Wallet Backdoored In Attempted Frog Heist

December 10, 2017

Joe Looney, Bitcoin developer and maintainer of Rare Pepe Wallet, a CounterParty assetwallet designed to improve pepecash-based trading UX, announced today on Twitter that rarepepewallet.com has been compromised. Users should restore their wallets to another trusted CounterParty wallet and transfer their funds to a new wallet in the meantime.

Also read: $28K Bitcoin Price in Sight as Futures Trading Gets Underway

Join the Bitsonline Telegram channel to get the latest Bitcoin, cryptocurrency, and tech news updates: https://t.me/bitsonline

Someone Really Wants Some Rare Pepe

Rare pepe

Clearly the wallet needs more of this

The wallet became compromised via a malicious commit pushed to the wallet’s repository from Looney’s Github account that had been broken into earlier by the attacker(s).

The attacker(s) then used the changes they’d made to the site to modify the site’s JavaScript while it was live, probably in an attempt to lift userswallet passphrases.

Luckily, Looney was quick to remedy the issue, disclosing the security breach and shutting down the site for repairs. No Pepes have yet been reportedstolen, but for those with potentially compromised wallets, Looney recommends the following:

Looney Thinks He Knows Source of the Attempted Pepe Heist

When reached out to for comment on the breach, Looney noted that he didn’t “use 2fa [two-factor authentication]” and this was likely the cause of the Github break-in, despite his using a Github specific email address.

In addition, Looney stated the hack made him reconsider his practices, and he “might get a [Yubikey] now.”

With this news in mind, itt’s important to remember that most web wallets are only as secure as the people hosting them and that keeping your funds on exchanges and web wallets is a bad, risky practice for people holding nontrivial amounts of crypto.

With that said, running a full CounterParty node comes with a lot of overhead and a terrible UX, and those using applications like Book of Orbs and Rare Pepe Wallet to streamline the process can hardly be blamed for doing so.

Where do you stand? Do you think it’s wrong Looney didn’t use 2FA? Let us know in the comments below!


Images courtesy Rare Pepe Directory, Pixabay

The postRare Pepe Wallet Backdoored In Attempted Frog Heist appeared first on Bitsonline.


Source link