Boutique Media & consulting group
BTC$64163
ETH$3127
BNB$603
XRP$0.52
Recently, an ethical hacker found a wide vulnerability in Blockfolio, a widespread mobile based virtual asset portfolio tracking app. It is to be noted that the security issue appeared primarily in the older versions of the application.
The security gap could have permitted a hacker to check the source code and probably inject their own code into the application’s GitHub repository and subsequently inject the malicious code into the app itself.
Paul Litvak, a security researcher at cybersecurity firm Intezer, discovered the aforementioned issue last week, when he decided to review the security of the digital asset-related tools he was using. Litvak has been involved in virtual currencies since 2017 when he used to build bots for trading. From the last 3 years, he has been using Blockfolio in order to manage his crypto portfolio.
The aforesaid vulnerability had been public for 2 years and till last week the issue was still there for any hacker to take advantage of. Since Blockfolio does not have any bug bounty program to get rid of bugs in the code, the researcher alerted Blockfolio about the issue by means of social media.
See also
