While Temporarily Closed, Malware Sent To DGEX Users
DGEX is a popular NXT and BTC exchange. It recently suffered a hack that shut it down temporarily. Now, its users are getting phishing emails that appear to come from the company.
The most popular pure NXT and BTC only exchange on the web already shut down after suffering an attack on its network and losing 52 BTC and 1.2M NXT. The exchange has promised to cover all losses and it is days from relaunching its market. Unfortunately, one attacker wanted to take advantage of that.
Today, a warning was posted on the NXT forums about a fraudulent email getting sent out to DGEX users imitating DGEX's admin email. The email insisted that the exchange was launching early and that users should download the updated DGEX wallet. The post was then shared via email with every NXT forum member.
DGEX itself says it did not send out the email and the files contained are likely viruses or malware. It is unclear at this point if the exchange's emails were hacked or if the attackers were able to spoof the email addresses. At press time no one has analyzed the files in depth, but with them not actually coming from their claimed party, it is clear their intent is malicious. We are trying to get our hands on the email so we can analyze it ourselves.
This represents yet another social engineering attack attempt on the cryptocurrency world, something that seems to be increasing. NXT has a feature designed to prevent just this, the NXT token which can be used to verify identities similar to PGP, but it has not been widely used. NXT also recently launched a decentralized exchange, which is something that would prevent many of the issues the cryptocurrency world has faced as of late.
The email included links to a bitbucket that resembled DGEX's main wallet client developer Westlyh. His repo is westlyh, the attackers linked to “westlynxt” which may have lent some credibility to users only glossing over the email.
The attacker or attackers also emulated the writing style of Graviton, the "operator" of DGEX who is well known on the NXT Forums. Just like a previous successful phishing attempt on the NXT Community, the attacker(s) seemed to have a strong understanding of the community. This has led to speculation that the attacks could have been perpetrated by the same person who may be a member of the forum.
The number of users affected and how they were affected remains unknown at this point. DGEX has stated on the NXT forums that this recent attack will not set their relaunch back any. The site plans to relaunch with limited features sometime before Midnight tonight. When talking to us they said that all the basic features should still be launched this week.
We have reached out to Graviton, and asked him what security precautions were being added to prevent further breaches. He responded that
"Nobody can prevent unauthorized sending of emails in their name, that is an inherent problem with the ancient email messaging.”
We then asked if he has filled DMARC (Domain-based Message Authentication, Reporting & Conformance) records, he responded that he “[doesn't] know what that is.”
We will update this space if more information becomes available.
Did you enjoy this article? You may also be interested in reading these ones:
Do you want to read Cointelegraph from your mobile device? Then go to our Indiegogo campaign, contribute, collect your prize and enjoy the mobile app!