A hacker has spent an entire day exploiting a vulnerability in the source code of the Pigeoncoin cryptocurrency to steal 235 million PGN tokens, which ended up being worth only a mere $15,000 after all the day's work.
The attacker didn't exploit a Pigeoncoin vulnerability, but a bug in the Bitcoin code found and fixed eight days before, on September 19. That bug --CVE-2018-17144-- was one of the most critical bugs in the history of the Bitcoin network.
The bug, if it would have been exploited, would have allowed an attacker to crash Bitcoin network nodes and create a situation of a "51% attack," which, in turn, could have allowed an attacker to perform a double-spend attack that would have generated unmerited funds for the assailant.
As ZDNet reported at the time, while the bug was fixed with urgency in the Bitcoin code, it would take some time before all the smaller Bitcoin-based cryptocurrencies would be in a position to apply the fix to their own code.
"Copycat currencies are at risk. By definition, there's always a group upstream that knows their vulnerabilities," said, at the time, Emin Gün Sirer, a professor at Cornell University and a renowned cryptographer and cryptocurrency expert.
This is exactly what appears to have happened with Pigeoncoin, whose developers failed to integrate the upstream fix for the CVE-2018-17144 Bitcoin bug.
They only patched the bug after the hacker had already gained access to 235 million PGN coins, just over 25 percent of all the PGN coins on the market --923 million.
The only reason why this hack didn't yield more money for the hacker was because Pigeoncoin is one of the least traded and least known cryptocurrencies on the market, with one PGN being valued at a lowly $0.000066 and Pigeoncoin's entire market cap being a laughable $60,000.
If the hacker would have paid attention to these details, he wouldn't have wasted a day hacking a cryptocurrency that nobody uses and is barely traded anywhere.
All the major Bitcoin-offshoot cryptocurrencies, like Litecoin, have already ported the fix to their codebases, but there are many more that have not yet applied the CVE-2018-17144 patch, and are likely vulnerable.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.