Cryptocurrency project, Komodo, has hacked its own Agama wallet and prevented $13 million from being stolen after it learned of a security vulnerability. On June 5, the team published a blog post that informed users of the vulnerability, what they could do about it and the wallet provider’s decision to hack its own wallet.
The company was informed of the flaw in one of the libraries used by the Agama wallet by the cyber security team, which they then used to gain control of affected seeds and secure the vulnerable funds. The post says that the funds are now secured in two safe wallets managed by the team, where users can reclaim their assets if they have been affected,
We were able to sweep around 8 million KMD and 96 BTC from these vulnerable wallets, which otherwise would have been easy pickings for the attacker. The safe wallets RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF (KMD) and 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk (BTC) are under the control of the Komodo Team, and assets can be reclaimed by their owners. See our support page article for details…In case your wallet has not been swept, or you have other assets than KMD and BTC, we strongly recommend moving all funds from Agama to a new address as soon as possible.
Komodo also recommends that users upgrade to the Verus version of the Agama wallet, which is unaffected by the vulnerability.