The creators of Syscoin cryptocurrency issued a warning for their users, in which they reported that the client installer version 184.108.40.206 for Windows contained a virus and was downloaded to Github by an attacker who hacked the account of one of the developers.
The message says that on Wednesday the Blockchain Foundry team received several calls from users who stated that the installer of the latest version of the client for Windows caused the operation of multiple antivirus programs with a warning about the “unknown source” of the file.
When the developers began to understand the problem, they found an “unsigned copy” of their software, which contained the virus, was changed and loaded onto the official cryptocurrency page on Github. The team managed to establish how the hacker uploaded the file. To do this, he hacked the developer account of Syscoin, which allowed him to change the code on behalf of a reliable source.
The Syscoin team openly acknowledged that users who downloaded the 220.127.116.11 client installer for Windows from June 9 to June 13 could be the victims of the attack. They also said that they had taken measures to prevent the repetition of such a situation in the future by setting mandatory two-factor authentication to the accounts of all developers and conducting “scheduled verification of hash signatures”.
Recently, a team of researchers Carbon Black reported that in the first half of 2018, users of cryptocurrency had already lost $1.1 billion as a result of the actions of intruders.