Last weekend's hack of cryptocurrency repository Doge Vault was worse than previously thought because it gave attackers full access to the underlying system, including the databases that stored private keys for all user wallet addresses and cryptographically protected user passwords.
The exposure means that users should presume all Doge Vault addresses are compromised and immediately cease using any of them to transfer funds, Doge Vault officials advised in a brief announcement posted Thursday. Although the announcement said that passwords were protected by a "strong one-way hashing algorithm," users should presume the large majority of them will be converted into plaintext in a matter of hours, days, or weeks, depending on the specifics of the Doge Vault hashing regimen. As a result, people should stop using the passwords on all sites. Doge Vault users should also be on the lookout for highly targeted phishing attacks, since the hack exposed user account data that may be considered sensitive.
"It is believed the attacker gained access to the node on which Doge Vault’s virtual machines were stored, providing them with full access to our systems," Thursday's announcement stated. "It is likely our database was also exposed containing user account information; passwords were stored using a strong one-way hashing algorithm. All private keys for addresses are presumed compromised, please do not transfer any funds to Doge Vault addresses."