BlackWallet.co was victims of a DNS hijacking attack, on January 13 the attackers have stolen over $400,000 from users’ accounts (roughly 670,000 Lumens).

The spike in cryptocurrency values is attracting cybercriminals, the last victim is the BlackWallet.co a web-based wallet application for the Stellar Lumen cryptocurrency (XLM).

The platform was victims of a DNS hijacking attack, on January 13 the attackers have stolen over $400,000 from users’ accounts (roughly 670,000 Lumens).

According to Bleeping Computer, the attackers collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate.

Stellar Lumen today is considered as the eight most popular cryptocurrency.

The attackers hijacked the DNS entry of the BlackWallet.co domain and redirected it to a server they operated, as result of the attack, the application suspended its service.

Technically users were logging to the bogus domain entering their credentials, then the attackers used them to access the account and steal the funds.

Blackwallet (web wallet) has apparently been hacked pic.twitter.com/HhewwBXnD9 — Kevin Beaumont (@GossiTheDog) January 14, 2018

The DNS hijack of Blackwallet injected code, if you had over 20 Lumens it pushes them to a different wallet. pic.twitter.com/Eiwb8UR1Nn — Kevin Beaumont (@GossiTheDog) January 14, 2018

Well I know now why XLM is dipping Blackwallet got hacked and the worst part was that I laughed my ass off when reading the reddit…their misery is my gain and for a moment, I felt nothing but joy. Okay maybe there's something wrong with me. — Colton Miles (@Omgflamethrower) January 14, 2018

Users on Reddit and other communities promptly spread the news of the hack.

The attackers immediately started moving funds from the XLM account to Bittrex, a cryptocurrency exchange, in the attempt to launder them by converting in other digital currency.

The situation is critical, admins are asking Bittrex to block the attackers’ operations before is too late.

“I am the creator of Blackwallet. Blackwallet was compromised today, after someone accessed my hosting provider account. He then changed the dns settings to those of its fraudulent website (which was a copy of blackwallet).” the Blackwallet creator wrote on Reddit.

“Hacker wallet is: https://stellarchain.io/address/GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI

I’ve contacted both SDF and Bittrex to ask them to block the bittrex’s account of the hacker. I’ve contacted my hosting provider to disable my account and my websites.

Hacker sent the funds to a bittrex account. This might lead to an identity.”

Hello @BittrexExchange , please block the account with MEMO XLM 27f9a3e4d954449da04, he hacked https://t.co/ooPMtN2HV4 and is now sending all the funds to your exchange! This is URGENT! A lot of money is involved (>$300,000) https://t.co/nH1MnpPeyw https://t.co/3NlQ01m1yV — orbit84 (@orbit0x54) January 14, 2018

According to the BlackWallet admin, the incident took place after someone accessed his hosting provider account.

The creator of the web-based wallet application is trying to collect more info about the hack from his hosting provider.

“If you ever entered your key on blackwallet, you may want to move your funds to a new wallet using the stellar account viewer,” he added. “Please note however that blackwallet was only an account viewer and that no keys were stored on the server!” he added in the statement.

In December, the popular cryptocurrency exchange EtherDelta suffered a similar incident, attackers conducted a DNS attack that allowed to steal at least 308 ETH ($266,789) as well as a large number of tokens.

Pierluigi Paganini

(Security Affairs – hacking, Lumens)

Share this...

Linkedin Reddit Pinterest

Share On