Do you use the Komodo Agama wallet to store your KMD and BTC cryptocurrencies?
Have your funds been illegally transferred to a new address overnight?
If so, don’t worry, it’s probably safe, and if you’re lucky, you’ll get your money back.
This is exactly what happened…
Komodo, a cryptocurrency project and developer of the Agama portfolio, chose a surprisingly unique way to protect its client’s funds.
The company hacked its customers and illegally transferred almost 8 million KMDs and 96 bitcoins from their cryptocurrency wallets to a new address belonging to the company.
Why? To protect their clients’ funds from hackers.
It may seem strange, but it’s true.
Two months ago, the library called “electronic-native-notify” received an update from its anonymous author, which included the secret backdoor in a new code designed to steal and send semi / private key and other passwords of Agama users. on a remote server.
Therefore, if you have accessed any version of the Agama portfolio downloaded from the official Komodo website or its Android and iOS applications after April 13 this year, you have probably stolen your wallet credentials.
“The attack was carried out using a model that is becoming increasingly popular; publishing a useful package (electronic-native-notify) for npm, waiting for it to be used by the destination and then updating it to include the malicious code Payload, said the npm blog.
The npm blog also shared a short video demonstration showing how the Agama portfolio backed up secretly sent the wallet’s private seed to a remote server in the background.
Finding a vulnerability, Komodo decided to use a similar password theft technique to allow users to access as many affected portfolios as possible and transfer their funds to a secure wallet before hackers could steal them.
“The secure portfolios of RSGD2cmm3niFRu2kwwtrEHoHMywJdkbkeF (KMD) and 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk (BTC) are under the control of the Komodo team and the owners can tell that their assets will be returned to the owners, they will return their assets to the Komodo team and the owners will be able to tell their goods will be returned to Komodo.
However, it is important to note that not all affected user portfolios have been canceled by the company.
Therefore, if your wallet has not been canceled, we strongly recommend that you immediately transfer all your funds from Agama to a new address.
Komodo also said that the Verus version of its Agama portfolio is not affected by this vulnerability and is still completely secure as it does not include a malicious library.
Therefore, users of the Verus version of the Agama portfolio are not affected by security.