Israeli cybersecurity unicorn Salt Security says it identified a security flaw on a cryptocurrency wallet platform that could have left two million users facing possible large-scale account takeover (ATO) attacks.
The company, founded in 2016, and with offices in Tel Aviv and Palo Alto, California, did not say which platform was compromised.
It said researchers discovered a vulnerability in the “User Login” functionality, especially with the Google authentication feature.
“It could have allowed for hundreds of millions to be stolen from crypto currency wallets,” the company said in a statement issued on Thursday.
The flaw could have allowed cybercriminals to gain complete access and to transfer account balances to their own cryptocurrency wallet or private bank account.
“Cryptocurrency platforms rely on APIs ((application programming interfaces) for the data connectivity that powers their online services,” said Yaniv Balmas, VP of Research, Salt Security.
“The Salt Labs research demonstrates the dangers that an API misconfiguration can cause and highlights the need for stronger visibility into these vast API ecosystems in order to protect critical services and customers’ valuable data. Even a minor security flaw holds the potential to devastate a business.”
The company has developed an API threat protection solution capable of detecting vulnerabilities and offering prioritized insights to eliminate as much risk as possible. Its patented solution prevents next-gen API attacks by leveraging machine learning and AI to automatically and routinely protect organizations.