Last active
February 18, 2022 04:33
-
-
Save AriESQ/c4b4b88024dda7d2ee91de2bcd07fee2 to your computer and use it in GitHub Desktop.
Klayswap crypto exchange hack via BGP hijacking and x509 certificate issue.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
S. Korean cryptocurrency exchange Klayswap was attacked and had cryptocurrency stolen. | |
The attackers compromised a third-party customer service messaging tool developers.kakao.com via BGP hijack, after taking control | |
over the IP address block, the attacker used domain validation to acquire a TLS certificate from a public issuer, ZeroSSL. The target | |
did not have a Certificate Authorization Authority DNS record, which may have mitigated this attack. | |
The fraudulent certificates can be seen here: | |
https://crt.sh/?q=developers.kakao.com | |
Sources: | |
https://therecord.media/klayswap-crypto-users-lose-funds-after-bgp-hijack/ | |
https://twitter.com/campuscodi/status/1493301901340905472 | |
https://www.manrs.org/2022/02/klayswap-another-bgp-hijack-targeting-crypto-wallets/ | |
https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-898f26727d66 | |
https://medium.com/s2wblog/post-mortem-of-klayswap-incident-through-bgp-hijacking-en-3ed7e33de600 | |
https://www.usenix.org/conference/usenixsecurity18/presentation/birge-lee | |
https://www.secureworks.com/research/bgp-hijacking-for-cryptocurrency-profit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment