Popular Ethereum Classic (ETC) wallet Classic Ether Wallet has recently been compromised by a social engineering attack and users are, at least for now, advised not to use the service.

The wallet was hijacked by a hacker who called the wallet’s web host, German company 1and1, and managed to convince them that he was the website’s owner, therefore being granted access. How the hacker convinced 1and1’s customer support, and what information he used to do so, is still unknown.

After being granted access to the website’s domain registration, the hacker changed its settings so that the domain would point to a hostile server he owns. Now, if the wallet is used to make a transaction, the tokens won’t be sent to the recipient, and will instead be stolen by the hacker – victims essentially fall for what is known as a phishing attack.

On June 30, 2017, Ethereum Classic’s developers discovered the hack and quickly reacted by using Twitter to inform users that the wallet has been hijacked.

*Warning* We have reason to believe https://t.co/gqITK3Z5xU has been hijacked. Do not use!! — Ethereum Classic (@eth_classic) June 30, 2017

Eventually, Ethereum Classic’s team managed to get CloudFare, a popular distributed denial of service (DDoS) attack prevention provider, to place a warning on the website, so that everyone who tries to access it is informed that it may fall victim to the phishing attack.

As long as users don’t visit Classic Ether Wallet’s website, don’t use it to transact, and don’t paste in it their private keys, their funds are safe. Moreover, Ethereum Classic’s team also confirmed that the site’s version hosted on GitHub is safe, as the attack only took over Classic Ether Wallet’s website. Ethereum Classic’s team stated:

“The best advice is to sit tight. As long as users do not use the website right now, their wallet is okay and secure. There was nothing wrong with the code of Classic Ether Wallet. It was a social engineering attack. Many bitcoin have been stolen the same way”

Alternatively, users can use My Ether Wallet and connect it to the ETC node, in order to stay safe. Later on, Ethereum Classic’s team, later on, tweeted out that a developer took over the domain and put an end to the situation:

Classic Ether Wallet page is dead for right now. An $ETC developer has retaken control over the domain. The hijacking is finally over. — Ethereum Classic (@eth_classic) June 30, 2017

Users report losing thousands

On Ethereum Classic’s subreddit r/EthereumClassic, one of the top threads informs users about the attack and asks them not to use the wallet. Nevertheless, for some, it was already too late.

Reddit user CryptoCryptoCrypto stated that he lost 201 ETC (over $3,600) because of the attack. Money that, according to him, was needed to pay for medical expenses:

Nope… just 201 ETC’s… but for me a substantial sum of over $3,600.00; something that was to help with my medical bills. Money comes and goes; I have to accept it, but trust in humanity only erodes with time(…)”

A wallet address, provided by the hijacked user, shows us that someone else lost 800 ETC (about $14,400). The hacker has already split these funds among various wallets in order to reduce his chances of getting caught.

Featured image from Shutterstock.