|Jul 24, 2018 05:04 PM||By: Ben Noble | 7229 Views|
Etherscan went on to dismiss any fear, uncertainty, and doubt about Disqus, stating that the comments were encoded, but the APIs were not.
When asked if supplies would be safe, Etherscan answered, "Yes, funds are safe. We will post a more complete follow up later." A Disqus developer proposed the phrase "message" should be used in the code first then "raw_message." The block explorer's admin said it would "implement the plan."
However, different Redditor suggested the attack was a parent for something potentially more wicked, saying:
"Often in penetration testing, you would do small tests that could look more like errors or vandalism, but you're still finding holes poked in the frame. One of those holes might open up to something much more important than just creating a popup."
Based on this penetration, the added code could have been an early effort at a phishing scam, like to obtain users' private keys.