205
Singapore’s cyber security regulators caution that websites employing WordPress crypto widgets, especially price ticker and coins list plugins, can extract sensitive visitor information.
This reiterates the growing sophistication of hackers in their efforts to steal cryptocurrency.
WordPress Crypto Widgets At Risk
The Cyber Security Agency of Singapore (CSA) explained that hackers use SQL Injection to exploit WordPress crypto widgets’ price ticker plugins. This technique targets data-driven applications, posing a serious security
“Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the ‘coinslist’ parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.”
From there, it was explained that users are subject to their sensitive information being extracted from the hackers, which puts sensitive information such as passwords and even crypto wallets at risk.
However, while hacking attacks have a widespread impact, the community usually responds quickly, usually within 10-50 minutes.
Meanwhile, Scam Sniffer notes that airdrops, organic traffic, paid advertising, and hijacked Discord links are not as easily detected
However, individuals in the crypto industry must remain vigilant against crypto wallet hacks and also their social media accounts.
Hackers are increasingly targeting influential social media accounts to spread malicious links to a large following, which presents a potentially more lucrative opportunity for them.
In September 2023, Ethereum co-founder Vitalik Buterin had his X (formerly Twitter) account compromised. Shortly after hackers took control of the account, they posted a fraudulent ConsenSys link, swindling almost $700,000 from unsuspecting followers.
