Dash Warns For Vulnerabilities in MyDashWallet
In what has been reported as an oversight, the Dash team has reportedly spotted a vulnerability in MyDashWallet, a third-party wallet for the masternode cryptocurrency. The vulnerability allows an externally loaded script to send the private keys of users to a server. Dash confirmed the vulnerability in a tweet, urging users to seize from using the wallet. The tweet reads,
A vulnerability has been found in mydashwallet. Please do not use the wallet until further notice! (externally loaded JS sending private keys to a remote server).
There has been no reported case of theft or stolen funds as at the time of discovering the vulnerability. However, it is harmful to have an external script loaded onto a wallet. Anyone with access to the server’s database can compromise the wallets of users through their private keys.
Dash in a series of tweet explained that the script which has been dormant for about a year has been removed.
The script was unused for a year, but not removed (now is). Luckily it is cached and only users that didn’t have it exactly at May 13th when the external site was compromised should have downloaded it.
Notwithstanding, users have been asked to create new HD wallets and transfer their funds from MyDashWallet.