Singapore cybersecurity regulators warn that websites that use WordPress encryption tools, especially price list and coin plugins, can extract sensitive visitor information.
This echoes the increasing sophistication of hackers in their efforts to steal cryptocurrencies.
The Cyber Security Agency of Singapore (CSA) explained that hackers used SQL injection to exploit Crypto Tools price index plugins in WordPress. This technology targets data-driven applications, posing a serious security risk.
“The Price Ticker & Coins List plugin for WordPress is vulnerable to SQL injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping of the user-supplied parameter and insufficient setting of the current SQL query.”
From there, it was made clear that users were vulnerable to having their sensitive information snatched from hackers, putting sensitive information such as passwords, and even cryptocurrency wallets, at risk.
“This makes it possible for unauthenticated attackers to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.”
Read more: What is rug pulling? Guide to the Web3 scam
Recently, hacking has become increasingly sophisticated, fueled by the increasing amounts of money in the cryptocurrency industry.
Sophisticated hacking trends are on the rise recently
In December 2023, BeInCrypto reported that hackers ran phishing campaigns on Google and social media, stealing millions of cryptocurrencies from victims.
“Wallet Banking was linked to phishing campaigns on Google Search and X Ads, draining approximately $58 million from over 63,000 victims in 9 months.”
However, Chainalysis highlighted in its latest crime report that revenues from cryptocurrency hacks fell by about 54.3% in 2023 compared to the previous year.
Furthermore, Scam Sniffer found that Wallet Drainers took in around $295 million from around 324,000 victims in 2023.
However, although hacking attacks have a widespread impact, the community usually responds quickly, usually within 10 to 50 minutes.
Read more: 15 Most Common Cryptocurrency Scams to Watch Out For
Meanwhile, Scam Sniffer points out that airdrops, organic traffic, paid ads, and hijacked Discord links cannot be easily detected.
However, individuals working in the cryptocurrency industry must remain vigilant against not only their cryptocurrency wallets being hacked but also their social media accounts.
Hackers are increasingly targeting influential social media accounts to post malicious links to a large number of followers, presenting a more profitable opportunity for them.
In September 2023, Ethereum co-founder Vitalik Buterin's X (formerly Twitter) account was hacked. Shortly after the hackers took control of the account, they posted a fraudulent ConsenSys link, defrauding nearly $700,000 from unsuspecting followers.