As a seasoned researcher with extensive experience in the blockchain and cybersecurity space, I can’t help but be deeply concerned about the recent hack that hit Fractal ID, an on-chain identity platform, on July 14th, 2024. The breach, which affected 0.5% of its users or 6,300 accounts, was a sobering reminder of how even the most advanced systems are not immune to human error and lax security practices.
On July 14, 2024, Fractal ID, an on-chain identity system, experienced a cyberattack leading to the exposure of confidential information for approximately 6,300 users – around 0.5% of its total user base. The root cause of this security incident was traced back to a careless action taken by an operator with administrative privileges in 2022. Instead of creating a unique and secure password, they used a previously employed one, which violated operational security guidelines and paved the way for the hacker to gain unauthorized access to users’ sensitive data, including wallet addresses, KYC documents, and residential addresses.
Expert: In a recent X post, ZachXBT, an on-chain detective, unveiled the intricacies of the latest hack. The malefactor disclosed information about a Fractal ID worker whose account was breached due to the absence of two-factor authentication and the reuse of passwords, making it simple for the hacker to penetrate his account and steal data.
With my extensive background in cybersecurity and having dealt with numerous security breaches throughout my career, I can tell you that a 29-minute response time is impressively quick. When I read the report from Fractal ID’s team about the incident on July 14th, 2024, I was relieved to see that their systems were able to recognize and stop the attack so swiftly.
The situation initially seemed like a glitch in the backend’s frontend coding, but at 07:29 UTC, it became apparent that this was actually an attempted cyber-attack. In response, Fractal ID promptly secured their system by shutting down the backoffice to prevent further damage. Following this action, they disabled all employee accounts, except for those held by senior personnel, in order to restore access to these accounts.
Moving ahead, the on-chain identity platform has implemented steps to prevent similar vulnerabilities from recurring, as technical safeguards will now impede employees from circumventing operational security. Furthermore, Fractal ID has reported the incident to relevant authorities for investigation, fortified its security framework and protocols, and engaged the services of an external cybersecurity expert.
In the end, it seems that the users will take charge of their own data instead of relying on a centralized server, which had previously led to this breach.
Read More
- Smash or Pass: Analyzing the Hades Character Tier List Fun
- Hades Tier List: Fans Weigh In on the Best Characters and Their Unconventional Love Lives
- Why Final Fantasy Fans Crave the Return of Overworlds: A Dive into Nostalgia
- Sim Racing Setup Showcase: Community Reactions and Insights
- Understanding Movement Speed in Valorant: Knife vs. Abilities
- Why Destiny 2 Players Find the Pale Heart Lost Sectors Unenjoyable: A Deep Dive
- How to Handle Smurfs in Valorant: A Guide from the Community
- Valorant Survey Insights: What Players Really Think
- Honkai: Star Rail’s Comeback: The Cactus Returns and Fans Rejoice
- Dead by Daylight: All Taurie Cain Perks
2024-07-22 16:29