How we hacked one of the worlds largest Cryptocurrency Website

Bug Bounty

One of the world’s largest cryptocurrency site was hacked by the Strynx team to find a flaw exposing multiple vulnerabilities that could to lead loss of millions of dollars. One of the team members shared his point of view on how we discovered such a critical issue involving data of millions of users.

Here’s on how we discovered it:

The testing began in two phases: Manual and Automated Recon.

The main purpose was for the discovery of an HTTP API, that could be accessed and exploited via a few commands. Manual recon is always preferred is because it allows people to be independent of different scripts and tools. Automated tools make things simple but consume a lot of time and throw out a lot of false positives. Whereas Manual Recon eliminates the possibilities of false positives and discovers issues much faster.

To begin, the website was behind Cloudflare. There are various methods on retrieving the actual server IP but Censys is generally preferred. Fast and accurate results make the recon process much faster. There are various tools used for automated recon and Censys is one of the best one to use. We’ll deep dive into some of these tools in the next blog. After obtaining the IP, port scanning was performed. Nmap was used to discover all open ports and services which could be potentially used to potentially take over the server or cause harm to the company. No special posts were found except for the port 443 used for website. The website was blockchain-based and It is always assumed that sites dealing with blockchain as usually secure and no harm can be done. But this is not the case here. A way is shown down how this server was exploited by using various methodologies including exploiting and chaining various issues.

On exploring the website, it was seen that each of the requests in the site was accompanied by a CSRF Token. For those who don’t know what a CSRF token is, it is a unique secret which has an unpredictable value that is generated server-side such that It cannot be guessed by users who make scripts which send a request on behalf of the target user. It is similar to a captcha which changes for every request. It was observed that there was an endpoint which was called to generate the CSRF Token. Thus, to automate the process of manually inserting new CSRF Token, A python script was developed. If you want to know how it was done, refer to this link: And it was time to deep dive.

Here is a short code snippet we used:

from cmd import cmd
import requests
from bs4 import BeautifulSoup

class Terminal(Cmd):
prompt = '>'

def __init__(self):
url = "url"
header = {}
cookies = {"PHPSESSID": "a1sw4s4e7s4s55w6s6sw8s5q2a"}

respose = requests.get(url, header=header, cookies=cookies)
soup = BeautifulSoup(respose.text, 'html.parser')
self.token = soup.find ('input', {'name': 'token'}) {'value'}

def default(self, args)
cmd = agrs
injection = "example" + cmd
print = (injection)
url = "example.coin"

header = {}
cookies = {"PHPSESSID": "a1sw4s4e7s4s55w6s6sw8s5q2a"}
data = {

"username" : "b"
"password" : "a"
"db" : "injection"
"token" : self.token,
"login" : ""

respose =, header=header, cookies=cookies, data=data)
soup = BeautifulSoup(respose.text, 'html.parser')

if "PDOException" not in respose.text
self.token = soup.find('input'. {'name' : 'token'}) ['value']

trminal = Terminal()

The next thing was to look for hidden directories and paths of the webserver. Using tools like dirbuster and gobuster can be used. Along with this, a wordlist was used to enumerate. As rockyou4.txt and directory-list-2.3-*.txt are very well known, a wordlist was prepared with unknown terms. Usually, the wordlists are known to developers and Pen-testers, hence another one was made. The main focus would be to search for JS files with the help of jQuery. Different methods were also used to enumerate hidden files, but we’ll leave that for later on. After this, Burp was used to analyse all the requests. Various POST requests were observed to look out for any issues. Various Parameters were tampered to check the functionality of the site and how database connection is used. Turns out there was a lack of error protection in the site which leaked data when certain parameters were being tampered.

Protip#- Always tamper data to look out for any loopholes. Suppose the value of a parameter is 0, make it 1 to see what happens. Always contradict values of parameters to look out for any loopholes.

On analysing the server (looking into JS files and the error messages) multiple occurrences of hidden parameters were found along with some sensitive information of the internal functions used by the website. These functions helped the site to give more user experience but turned out to be the worst nightmare. Various types of injections did work but we will focus on one of these in much depth. On observing the communications, it was noted that the application did accept some SQL special elements. Thus, it was time to search for SQL Injections. On testing one of the hidden parameters, it was observed that there was an error based SQLi. The working of the parameter wasn’t understood at it wasn’t making any observable changes on the page. Although, the parameter still made calls to the database. Hence it was maybe some functionality which was used for testing but the code wasn’t removed after sending the site to production.  

PDO Exception #1
PDO Exception #2

Here are some of the PDO Exceptions we found. If you don’t know what PDO Exceptions are stay tuned for upcoming blogs. We would write about this in the blogs such that if you find exceptions of this kind, you will learn how to exploit it.

An example of a hidden parameter would be as:

Suppose in JS Files, something like document.getElementById(‘id’) is mentioned. If the JS file is called to some Html page, the parameter can be called from the URL as: Thus, in some other ways including this, hidden parameters can be found.

The parameter was also tampered to search for code injections such as ‘;id’ or ‘;pwd’ to see if these values delivered any output or throw some error which can be useful for us in understanding the application. But this didn’t work so the next step was to exploit the SQLi found before.

There are various methods to find or exploit SQLi, for that, you can refer to any cheat sheets available online, as too much content is to be delivered. If another blog is needed for this please write in the comments so that we can blog about it later on. Various data from the database was extracted and the juiciest credentials were the database login credentials. If you know, the credentials are usually hashed by default, hence the next job was trying to decrypt these hashes. The hashes were decrypted easily as it was using one common password from public wordlists. It was like Ummm… Such critical site such less protection.

Ok, we got SQL access. What next?

It’s time for RCE.

If you know, after getting SQL remote access to the database, it is possible to upload a PHP shell if the database had executable permissions. To a surprise it did. It was possible to upload a shell to var/www/html directory which created a PHP shell in the root directory of the website. But this wasn’t as easy.

Hurdles don’t ever stop

Turns out there was a filter on the parameter searching out for tags. (XSS Prevention :P). This was bypassed by using double encoding which allowed malicious PHP files to be uploaded on the system. For those who don’t know about how to get a shell from SQLi, please try out Sqlmap to learn about this more. SQLmap does have a function which allows us to get a PHP shell on the webserver. It checks if it has permissions to upload to the web directories and creates a PHP file, which when opened, has options to upload our malicious web shells to the server. From the web shell, we were able to get a reverse shell to the system and hence RCE!

After this, the report was submitted using screenshots and proper POC via secure channels. Within one hour a reply was obtained back acknowledging the report and asking to provide personal details to receive a bounty. To my surprise, a 5-digit bounty was rewarded by the company for this effort. Appreciate the response and the fix time for the company as it was fixed in just 2 hours. Everything from the error codes to the database names was fixed in no time. Kudos to the company!

Please leave down any comments or any suggestions for this blog and any further blogs which you would like to read. We provide services to companies who would like their products to be tested. If you’re a company who wants us to perform complete testing of your site, please use the Contact Us page to drop a message or info(at) We would try to reply at the earliest.

16,500 thoughts on “How we hacked one of the worlds largest Cryptocurrency Website”

  1. Pingback: Keto Diet Pills

  2. Pingback:

  3. Pingback: Cutting Steroids for Weight Loss

  4. Pingback: Diet Pills

  5. Pingback: Buy Best Testosterone Booster

  6. Pingback: Gym Exercises

  7. Pingback: Information on Brain and Nootropics

  8. Pingback: Digital Health

  9. Pingback: lowest price for viagra 100mg generic

  10. Pingback: generic viagra pills

  11. Pingback:

  12. Pingback: how to purchase Viagra 25mg

  13. Pingback: Viagra 50mg coupon

  14. Pingback: Viagra 150mg coupon

  15. Pingback: order Viagra 50 mg

  16. Pingback: Viagra 50 mg canada

  17. Pingback: Viagra 130mg pills

  18. Pingback: Cialis 20mg australia

  19. Pingback: Cialis 60mg united states

  20. Pingback: Cialis 10mg no prescription

  21. Pingback: where can i buy Cialis 40 mg

  22. Pingback: Cialis 60 mg canada

  23. Pingback: where to buy Cialis 40mg

  24. Pingback: Cialis 80 mg over the counter

  25. Pingback: Cialis 40 mg united states

  26. Pingback: sildenafil 100mg united kingdom

  27. Pingback: tadalafil 80 mg online

  28. Pingback: levitra 40 mg price

  29. Pingback: lasix 40 mg tablets

  30. Pingback: furosemide 40 mg australia

  31. Pingback: propecia 5mg tablet

  32. Pingback: where to buy lexapro 20mg

  33. Pingback: finasteride 5mg without a doctor prescription

  34. Pingback: abilify 10 mg tablets

  35. Pingback: actos 15mg pills

  36. Pingback: aldactone 25mg united states

  37. Pingback: allegra 120 mg without prescription

  38. Pingback: allopurinol 300 mg united kingdom

  39. Pingback: amaryl 4 mg coupon

  40. Pingback: how to purchase amoxicillin 250 mg

  41. Pingback: cheap ampicillin 500 mg

  42. Pingback: antabuse 250mg canada

  43. Pingback: antivert 25 mg pills

  44. Pingback: arava 20mg cheap

  45. Pingback: where to buy strattera 25mg

  46. Pingback: aricept 10 mg canada

  47. Pingback:

  48. Pingback: arimidex 1 mg cheap

  49. Pingback: tamoxifen 10mg tablets

  50. Pingback: ashwagandha 60caps price

  51. Pingback: atarax 25 mg medication

  52. Pingback: augmentin 750/250mg usa

  53. Pingback: avapro 150mg pharmacy

  54. Pingback: avodart 0,5mg tablet

  55. Pingback: where can i buy baclofen 10 mg

  56. Pingback: cost of bactrim 800/160mg

  57. Pingback: benicar 20 mg no prescription

  58. Pingback: where to buy Biaxin 500 mg

  59. Pingback: Premarin 0,3mg uk

  60. Pingback: calcium carbonate 500 mg otc

  61. Pingback: casodex 50 mg nz

  62. Pingback: where can i buy catapres 100 mcg

  63. Pingback: ceclor 500mg without a prescription

  64. Pingback: ceftin generic

  65. Pingback: celebrex 200mg uk

  66. Pingback: celexa price

  67. Pingback: cheap cephalexin

  68. Pingback: cipro purchase

  69. Pingback: where can i buy claritin 10 mg

  70. Pingback: free slots

  71. Pingback: online casinos

  72. Pingback: ocean casino online

  73. Pingback: online slots for real money

  74. Pingback: rivers casino

  75. Pingback: casino games online

  76. Pingback: play casino

  77. Pingback: casino online usa

  78. Pingback: online slots for real money

  79. Pingback: online casino gambling

  80. Pingback: insurance car insurance

  81. Pingback: mexico car insurance

  82. Pingback: car insurance quotes companies in texas

  83. Pingback: costco car insurance quotes

  84. Pingback: car insurance online

  85. Pingback: auto owners car insurance

  86. Pingback: erie car insurance quotes

  87. Pingback: cheap insurance auto

  88. Pingback: progressive car insurance quotes

  89. Pingback: insurance for cars

  90. Pingback: new mexico personal loans

  91. Pingback: 5mg cialis

  92. Pingback: best payday loans

  93. Pingback: payday loans near me

  94. Pingback: same day installment loans

  95. Pingback: buy cialis usa

  96. Pingback: fast quick loans

  97. Pingback: when to take viagra

  98. Pingback: sex with viagra

  99. Pingback: bad credit loans in pa

  100. Pingback: sildenafil 100mg

  101. Pingback: buy cialis brand

  102. Pingback: 1 hour payday loans no credit check

  103. Pingback: personal loans near me

  104. Pingback: cialis samples request

  105. Pingback: cbd oil vs hemp oil comparison

  106. Pingback: brother sister viagra

  107. Pingback: health benefits of cbd hemp oil

  108. Pingback: viagra online pharmacy

  109. Pingback: buy cialis usa

  110. Pingback: reputable cbd oil companies

  111. Pingback: viagra gel

  112. Pingback: cbd oil benefits and uses in books

  113. Pingback: cost of generic viagra

  114. Pingback: cbd oil for dogs with cancer

  115. Pingback: generic viagra reviews

  116. Pingback: cbd hemp oil for sale amazon

  117. Pingback: cheap cialis

  118. Pingback: buy levitra in usa

  119. Pingback: what is viagra

  120. Pingback: cbd oil and anxiety

  121. Pingback: sister viagra prank

  122. Pingback: cialis and alcohol

  123. Pingback: cbd hemp oil capsules

  124. Pingback: essay writing services reviews

  125. Pingback: vardenafil 20mg

  126. Pingback: how to writing essay

  127. Pingback: atorvastatin dubai

  128. Pingback: buy essay online

  129. Pingback: how to write scholarship essay

  130. Pingback: college paper writers

  131. Pingback: printable homework planner

  132. Pingback: essay writing services australia

  133. Pingback: money can buy happiness essay

  134. Pingback: does money buy happiness essay

  135. Pingback: automatic paper writer

  136. Pingback: where to buy cleocin

  137. Pingback: clomid 25 mg usa

  138. Pingback: cialis familjeliv

  139. Pingback: cheap viagra online

  140. Pingback: Testogen

  141. Pingback: clonidine 0,1 mg without a doctor prescription

  142. Pingback: viagra sex stories

  143. Pingback: clozaril medication

  144. Pingback: colchicine 0,5 mg australia

  145. Pingback: symbicort inhaler 160/4,5mcg generic

  146. Pingback: combivent canada

  147. Pingback: pfizer viagra cost

  148. Pingback: coreg pharmacy

  149. Pingback: national junior honor society essay help

  150. Pingback: cialis opisanie

  151. Pingback: generic cialis

  152. Pingback: compazine 5mg online

  153. Pingback: coumadin no prescription

  154. Pingback: cozaar coupon

  155. Pingback: buy custom research paper

  156. Pingback:

  157. Pingback: dissertation defense advice

  158. Pingback: order crestor

  159. Pingback: college essay help service

  160. Pingback: cymbalta over the counter

  161. Pingback: help writing thesis statement

  162. Pingback: someone write my paper

  163. Pingback: phd thesis database

  164. Pingback: dapsone 1000caps generic

  165. Pingback: ddavp 0.1 mg online

  166. Pingback: depakote no prescription

  167. Pingback: diamox 250mg prices

  168. Pingback: differin 15g united states

  169. Pingback: cheap diltiazem 30mg

  170. Pingback: doxycycline without a prescription

  171. Pingback: dramamine 50mg online

  172. Pingback: elavil 10mg without a prescription

  173. Pingback: where to buy erythromycin

  174. Pingback: nizagara vs viagra

  175. Pingback: etodolac usa

  176. Pingback: augmentin nausea treatment

  177. Pingback: flomax 0,2 mg medication

  178. Pingback: viagra for men

  179. Pingback: need help writing scholarship essay

  180. Pingback: discount cialis

  181. Pingback: garcinia cambogia caps australia

  182. Pingback: cialis mail order pharmacy

  183. Pingback: cialis tadalafil

  184. Pingback: geodon 40mg for sale

  185. Pingback: hyzaar 12,5mg price

  186. Pingback: keflex and upper respiratory infection

  187. Pingback: cost of imdur

  188. Pingback: does cialis work

  189. Pingback: cheap tadalafil

  190. Pingback: cialis for women

  191. Pingback: does ciprofloxacin cause bloating

  192. Pingback: cialis for sale

  193. Pingback: imitrex 25mg price

  194. Pingback: oxybutynin vs vesicare

  195. Pingback: imodium medication

  196. Pingback: where to buy viagra

  197. Pingback: canadian viagra

  198. Pingback: generic viagra online for sale

  199. Pingback: does tizanidine contain sulphur

  200. Pingback: i was reading this

  201. Pingback: female viagra

  202. Pingback: aripiprazole drug class

  203. Pingback: cheap imuran

  204. Pingback: allopurinol 7155

  205. Pingback: indocin 75 mg tablet

  206. Pingback: lamisil 250mg no prescription

  207. Pingback: amiodarone severe side effect

  208. Pingback: where can i buy levaquin 250 mg

  209. Pingback: amitriptyline and marijuana effects

  210. Pingback: lopid 300 mg over the counter

  211. Pingback: amlodipine besylate and ed

  212. Pingback: lopressor uk

  213. Pingback: luvox generic

  214. Pingback: common allergic reactions to amoxicillin

  215. Pingback: macrobid 100 mg coupon

  216. Pingback: web medical information

  217. Pingback: meclizine no prescription

  218. Pingback: abilify maintena administration

  219. Pingback: mestinon tablets

  220. Pingback: atorvastatin mgs

  221. Pingback: azithromycin how long to cure chlamydia

  222. Pingback: no prescription pharmacies

  223. Pingback: global pharmacy canada

  224. Pingback: micardis online pharmacy

  225. Pingback: Neurontin

  226. Pingback: mobic without a prescription

  227. Pingback: withdrawal from baclofen and gabapentin

  228. Pingback: meds online

  229. Pingback: motrin without a prescription

  230. Pingback: where to buy nortriptyline

  231. Pingback: baclofen interaction with tramadol

  232. Pingback: bupropion hcl 150mg xl

  233. Pingback: viagra

  234. Pingback: phenergan 25 mg without a prescription

  235. Pingback: buspirone hcl dosage

  236. Pingback: where to buy plaquenil

  237. Pingback: prednisolone 40mg over the counter

  238. Pingback: buspirone constipation

  239. Pingback: prevacid cost

  240. Pingback: order prilosec 20mg

  241. Pingback: coreg vs metoprolol tartrate

  242. Pingback: proair inhaler without a prescription

  243. Pingback: medicine celebrex

  244. Pingback: procardia united states

  245. Pingback: substtute for celexa

  246. Pingback: proscar nz

  247. Pingback: protonix 20 mg cheap

  248. Pingback: provigil 200mg without a prescription

  249. Pingback: generic viagra cost

  250. Pingback: pulmicort tablet

  251. Pingback: order viagra

  252. Pingback: pyridium tablets

  253. Pingback: reglan nz

  254. Pingback: remeron usa

  255. Pingback: cialis versus viagra

  256. Pingback: retin-a cream 0.05% without a prescription

  257. Pingback: viagra on line no prec

  258. Pingback: revatio price

  259. Pingback: viagra pills for sale

  260. Pingback: risperdal 4 mg cheap

  261. Pingback: robaxin 500 mg without a doctor prescription

  262. Pingback: rogaine usa

  263. Pingback: seroquel 200mg otc

  264. Pingback: order singulair 5mg

  265. Pingback: skelaxin 400 mg prices

  266. Pingback: spiriva 9mcg cheap

  267. Pingback: tenormin uk

  268. Pingback: low cost cialis 20mg

  269. Pingback: thorazine uk

  270. Pingback: buy toprol 100mg

  271. Pingback: viagra rough fuck nurse forced

  272. Pingback: cost of tricor 160 mg

  273. Pingback: where can i buy valtrex 1000 mg

  274. Pingback: buy verapamil

  275. Pingback: voltaren online

  276. Pingback: wellbutrin 150 mg online pharmacy

  277. Pingback: zanaflex 2mg cheap

  278. Pingback: gookerdoughboy777

  279. Pingback: visit site

  280. Pingback: zocor online pharmacy

  281. Pingback: zovirax 400mg cost

  282. Pingback: zyloprim 100mg united states

  283. Pingback: zyprexa 2,5 mg canada

  284. Pingback: order zyvox

  285. Pingback: sildenafil usa

  286. Pingback: how to buy tadalafil 10 mg

  287. Pingback: furosemide nz

  288. Pingback: escitalopram cheap

  289. Pingback: aripiprazole purchase

  290. Pingback: cimetidine viagra interactions

  291. Pingback: cost of cialis 20 mg tablets

  292. Pingback: where to buy pioglitazone 15mg

  293. Pingback: where can i buy spironolactone

  294. Pingback: viagra generics india

  295. Pingback: fexofenadine without a prescription

  296. Pingback: glimepiride 1mg otc

  297. Pingback: cheapest meclizine 25 mg

  298. Pingback: buy leflunomide 10 mg

  299. Pingback: how to purchase atomoxetine 18mg

  300. Pingback: cheapest donepezil 10mg

  301. Pingback: anastrozole 1mg coupon

  302. Pingback: irbesartan uk

  303. Pingback: how to purchase dutasteride

  304. Pingback: olmesartan tablet

Leave a Reply to Easy Payday Loan Cancel reply

Your email address will not be published. Required fields are marked *