On January 24, a significant security breach was disclosed by AdsPower's security team, indicating that hackers had infiltrated their systems by disseminating malicious code. This breach specifically targeted third-party cryptocurrency wallet plugins within the AdsPower fingerprint browser. In response, the company swiftly patched the vulnerability and took measures to enhance system security.
Furthermore, they reported the incident to the relevant authorities in Singapore and are actively cooperating with ongoing police investigations. The breach first came to light between January 21 and January 22, as several users began encountering difficulties while trying to install or update the MetaMask plugin.
Recognizing the potential severity of these reports, the technical team initiated a deeper investigation on January 23. This led to the identification of anomalies in the plugin download link, which prompted an immediate remediation that involved replacing the compromised link with the official download address. By the following day, January 24, AdsPower had detected the tampering of the plugin and took decisive action to remove the malicious plugin package.
They also fixed the download link and provided crucial instructions to users who had been affected, advising them to reinstall the plugin to mitigate any security risks. An internal investigation unveiled that the attackers had exploited a vulnerability in a third-party technical service system. This allowed them to upload a compromised version of the MetaMask plugin, which potentially jeopardized the cache information of users' wallet plugins.
In light of these findings, AdsPower has implemented upgrades to the application center's plugin download mode to fortify cybersecurity measures. They have announced their commitment to enhancing their cybersecurity protocols, emergency response strategies, and supply chain security management practices moving forward. For users who have been affected by this incident, AdsPower is offering an exclusive value-added service package through the AdsPower client, as a gesture to ensure their security and trust in the platform.
This incident serves as a crucial reminder of the ongoing risks associated with third-party plugins in the cryptocurrency space, highlighting the importance of robust cybersecurity practices and user vigilance..