Get the Finder app 🥳

Track your credit score, free

Free

Syscoin GitHub hacked

Posted: 18 June 2018 6:13 pm
News

If there's a weak link somewhere, an enterprising thief can almost always find it.

Attacks need an attack vector, and some enterprising attackers found one in the GitHub repository of a marketplace cryptocurrency called Syscoin.

According to the development team, a hacker went in and replaced the official windows Syscoin wallet client with a replacement version that included malware called Arkei Stealer, a Trojan known for stealing wallet keys and passwords.

Users might be affected if they downloaded and ran the Syscoin 4.0.4.1 Windows set-up binaries from GitHub between 9 June and 13 June.

Virus scanners caught the malicious replacement and users quickly alerted the team to the problem. After a bit of investigation, it became apparent that someone had broken into GitHub to make the swap.



To hopefully prevent similar issues in the future, the Syscoin team has now required all team members with GitHub access to enable 2-factor authentication (2FA) on their accounts as well as routinely audit and verify their binaries and signature hashes to detect and prevent tampering.

The incident highlights the importance of working in a "sterile" environment, even when just signing into GitHub, an email address or anything else. It also highlights the risk of re-using passwords, and logging in to just about anything on a public computer, unsecured network or anything else.

It's also an example of the benefits of 2-factor authentication. Even if someone gets a user name and password, without having your phone, they can't get into the account.

Not all 2-factor authentication is equal though, and it's not entirely bulletproof. For example, some 2FA can be defeated with only a phone number, while others are attached to the physical phone device itself.


The growth of cryptocurrency, the digitisation of money and the countless high and low profile hack attacks that have gone with it are highlighting the importance of online security. Specifically, how there's really no such thing.

If someone's determined enough to get into an online system, they probably can with enough time and effort. The $500 million CoinCheck hack, for example, happened because user funds were left in an online wallet rather than in offline cold storage the way they should have been.

It's always important to get one's downloads from an official source, but as this incident and others show, that's not a perfect solution by itself.


Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and NANO.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Latest crypto guides

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site