Cryptocurrency wallet developer Komodo has effectively hacked its own customers to avert an attack that could have resulted in the theft of funds worth nearly $13 million.
An audit showed a malware threat with the potential to steal cryptocurrency wallet seeds and logins.
To prevent hackers from taking advantage of the malicious code, Komodo and npm used the same backdoor to extract Agama users’ funds and transferred them to a safe location away from hackers reach.
“After being notified by our internal security tooling of this threat we responded by notifying and coordinating with Komodo to protect their users as well as remove the malware from npm.”
In a security alert, Komodo said: “After discovering the vulnerability, our Cyber Security Team used the same exploit to gain control of a lot of affected seeds and secure the funds at risk.”
Komodo said it was able to safeguard 8 million komodo (KMD) tokens and 96 bitcoin, collectively worth nearly $13 million.
To prevent hackers from using their old seeds and paraphrases in the future, the developer advised Agama wallet users to move their funds to its newer wallet products and create new KMD and BTC addresses, as well as new passphrases.