Related Posts
I hate standardized testing :(
Additional Posts in Everything crypto
Thoughts on LiteCoin?
Can I send ETH from MEW to Rocketpool?
What are you farming?
There is coin for it!
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.
How do you track your crypto assets in blockfolio? You input type of coin, date of transaction, amount and price at purchase. Then the app just adds it all up and let's you see total $ invested verses current portfolio amount based on prices from the last API fetch and how much profit/loss you made.
How does blockfolio update current crypto prices? By using APIs from various exchanges. The vulnerability is that the API call is neither authenticated nor encrypted via HTTPS/SSL. This means that if you use the blockfolio app on an unsecured wifi (airport, starbucks, etc) or a secure wifi network that has been compromised (unlikely to happen), anyone that is snooping can see the API call taking place.
What does that mean? It will show them device ID (very easy to track the person from this) and how much you have in holdings for each currency that you have in blockfolio that it attempts to refresh prices for.
Now you're right. No account info is shared in this entire process. But if you were a hacker, would you waste your time trying to hack someone only to find out they have $1K in ethereum? Or what if you easily exploit this blockfolio vulnerability and find people that have $20k+ for example? So long story short, it paints a target on your back. For a hacker to actually get your coins is a whole other process, but this vulnerability can show them how much you have.
Did I ever say it connects to your account? Read the link
http://reddit.com/r/ethtrader/comments/6kbglm/blockfolio_security_warning/
What is blockfolio?
An app to monitor and track your crypto portfolio. I personally use an excel spreadsheet with a macro that refreshes the data every 60 seconds, but I know a lot of folks on here use blockfolio
u should sell ur shit now. ur doomed.
-.- blockfolio doesn't connect to ur account dude.
Not following, I read the article but at no point do you put any account information in. Not seeing the vulnerability.
and within an airport, logging onto wifi, how likely will u run into a hacker that will do this specific activity