Syscoin Github hacked: Wallets contain malware
Syscoin, a decentralised marketplace and payment cryptocurrency has fallen victim to a malware attack on their Github account. The attackers implemented their malware in the Windows-based installers on Github's release pages starting June 9.
If you have downloaded this client between the dates of June 9th and June 13th be sure to check your computer for virusses. Please be aware this exploit method could potentially affect other blockchain projects on Github.
Upon investigation, the Syscoin developers found that a malicious, unsigned copy of the Windows Syscoin 22.214.171.124 installer was made available via the Syscoin Github release page on June 9th, 2018 due to a compromised GitHub account. This installer contained malicious code. (Trojan:Win32/Feury.B!cl)
To prevent such attacks in the future, the Syscoin developers and Blockchain Foundry staff with Github access will:
- Be required to have 2FA authentication enabled
- Perform routine verification of signature hashes
- Work with Github to ensure users will be able to detect if binaries have been altered after release
Read the full security notice here.