Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is effectively a supply chain attack. To defend against it you need to secure the supply chain all the way from build to deployment.

So a quick solution would be to run a job that checks your site every minute or so and compares the javascript against known hash values. Shut the site down if a hash has changed.



AFAIK, cryptocurrency companies are not looking for security experts at all. Users money are free, while company money isn't.


You’re wrong. Every crypto company I’ve worked with has spent significant amounts on security consultants, audits, test nets, and bug bounties.


Not every. I asked them directly.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: