CoinDesk CMS Exploit Now Fixed | Unidentified Actors Create 'Fake' Drafts For Unpublished Articles

CoinDesk, a cryptocurrency-focused news site, has reportedly encountered a vulnerability on its CMS (content management system). As of press time, the issue has been fixed, according to the reports.

The recent exploit might have given someone access to the system which houses several articles that will be published soon.

Based on the latest update by the news site, the incident might have used unidentified actors to have a peek at the unpublished headlines. This would also allow the hackers to take advantage of crypto insider trading.

CoinDesk Fixes Latest CMS Exploit

CoinDesk CMS Exploit Now Fixed | Unidentified Actors Create 'Fake' Drafts For Unpublished Articles
CoinDesk, a cryptocurrency-focused news site, has reportedly encountered a vulnerability on its CMS FLY:D from Unsplash

In the official report by CoinDesk on its site, the white-hat hacker identified the participation of unidentified actors in the CMS leak that took place last week.

The people behind the incident might have benefited a lot from it since they could immediately know nonpublic information for crypto trading ahead of the official publication of an article.

As of press time, the site's chief content officer Kevin Worth wrote in the latest report that the issue is now fixed. He also included that CoinDesk has also "added safeguards" in its system.

Related Article: Coinsuper Users Unable to Withdraw Funds? Issue Back in November 2021 Still Unfixed

CoinDesk Leak is a Developer Mistake

All over Twitter, The Verge spotted a more serious take on the recent CMS exploit. Although several reports said that the leak only allowed the actors to view the drafts of the articles, there's a deeper implication for the said issue.

According to Twitter user @Tree_of_Alpha, the exploit was a result of a "simple" mistake of a developer. Since "bad" actors can make their way through the API or application programming interface, the system can be easily manipulated once there's access inside.

Furthermore, the same report noted that a long error message or an error stack will return when there's a bad request that API received. In doing so, the error stack will pave the way for someone to invade the backend publishing system of CoinDesk.

This would later allow users to revise the unpublished articles. They could also create fake drafts and take a peek at the unreleased details about trading.

More than three years ago, the same thing happened to BusinessWire when hackers get access to their unpublished press releases. At that time, the hacker said that he was selling these articles to stock traders to earn a chunk of profit via middlemen in Moscow.

The insider-scheme trading was not a new case anymore to the authorities. Last year, Bloomberg reported that the US investigators probed over the potential market manipulation and insider trading done in Binance.

As part of the investigation, officials questioned the crypto exchange if the management or staff was profiting from the customers.

Cyberattack on Publications

In another report by Tech Times, News Crop suffered from a cyberattack last week. The hacking incident was believed to have been staged by Chinese-state-sponsored hackers, according to the officials.

The authorities discovered that the hackers have compromised Google Drive documents and files, and even the email addresses of the affected journalists.

Elsewhere, Avast launched free ransomware decryptors for the victims of the Tohnici ransomware gang.

Read Also: CMS for Small Business: What You Need to Know

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics