Phishing attack during the Waves debut
Phishing attack during the Waves debut

Phishing attack during the Waves debut

By Aneta Karbowiak - 26 Jul 2018

Chevron down

On July 24, Waves announced that its decentralized exchange has finally finished testing the beta version and has launched the platform.

Just two days later, however, comes news of a hacker attack.

Coindesk gives the news today on the hack of the Waves platform and the official website of the company.

There is mention of a phishing attack that got private information about customers’ wallets.

However, after a long battle with the hackers Waves’ team managed to regain complete control over the domains.

The attack was led by a few hackers who managed to counterfeit the passport of Sasha Ivanov, Waves CEO.

The attacker then sent the document to the domain company, changing the password to access the platform.

Someone just faked my passport and gave it to support [staff] at the domain company and they changed the password at his request. Then the attacker was able to change the main website,” explained Ivanov.

Sasha explained yesterday that the “ website is back online. We had an unpleasant accident with DNS hijacking, fortunately it was resolved fairly quickly. No financial damage to user wallets occurred. Another reminder that current centralized DNS system needs a major overhaul.

It has to be said that Waves’ security has also been criticised by users, as the system requires their seed phrases to be placed on a website in order to use Waves’ portfolio.

The cryptocurrency exchange platform was already being tested at the beginning of 2017 and has recently undergone a redesign of its interface and internal engine to attract more users.

The security of the DEX was also accused in 2017 when it turned out that user portfolio passwords were stored in a database that anyone with access to the file system could access.

The platform has recently had a turnover of around $6 million in cryptocurrencies, 90,000 users and 330,000 portfolios, but the decentralization of the exchange remains rather uncertain.

While almost all centralized exchanges are forced to do KYC/AML, Waves makes this operation optional. Identification is required only when the user wants to withdraw fiat currencies or when someone wants to list their token on the exchange.

The main criticism of decentralization is also due to the fact that the platform seeks partnerships with banks, which calls into question the true purpose of this DEX.

We are looking for partnerships with major banks because we hope major banks will want to issue their own fiat tokens,” Ivanov told CoinDesk.

Aneta Karbowiak

Graduated in Biology from the University of Genova, she was soon interested in the development of mobile applications and chatbots. She entered the publishing world as manager of an English sports website where she managed a team of ten people. Passionate about blockchain technology and cryptocurrencies, she began writing for Qubithacker.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.