BlackWallet hacked: Hackers replace DNS server, steal $400k in Stellar

As the price of Bitcoin and other cryptocurrencies is surging, the cybercriminal community is exploring the opportunity to steal user funds as every now and then there are incidents involving hackers targeting unsuspecting investors by hacking an exchange and a wallet.

The latest victim of a hack attack against cryptocurrencies is the web-based BlackWallet used in storing Stellar Lumens (XLM). Reportedly, hackers successfully targeted BlackWallet this weekend (January 13th) and stole $444,000 in XLM.

How hackers hacked BlackWallet

The incident has been confirmed by the admin and creator of Blackwallet and an official statement has also been posted on Reddit according to which hackers compromised the hosting account of BlackWallet’s website (BlackWallet.co) then hijacked its DNS (Domain Name Servers) and redirected to a fake website that looked exactly like Blackwallet’s.

Following the change, the moment an unsuspected user signed in on the fake website their funds would go straight to the wallet owned by hackers. Moreover, hackers placed a code that with every sign in, would move 20 Lumens (that are needed to keep the wallet intact) to their account.

In total, hackers were able to transfer Stellar Lumens (XLM) worth $444,000 majority of which went to SDF and Bittrex cryptocurrency exchange where hackers will probably convert the stolen funds without getting their identity exposed.

According to a Tweet by Kevin Beaumont‏, an IT security researcher who examined the code placed by hackers “The DNS hijack of Blackwallet injected code if you had over 20 Lumens it pushes them to a different wallet.”

What is next

The creator of BlackWallet, on the other hand, has asked hosting firm to disable their account. They have also contacted SDF and Bittrex to freeze the stolen funds however it is unclear if both parties will be able to cooperate or whether there has been any response from them.

The BlackWallet admin is also suggesting customers immediately transfer their funds to some other wallet in the event they entered their key on blackwallet. Users can transfer their funds using the stellar account viewer.

At the time of publishing this article, BlackWallet’s website was offline and displaying a 403 error. To read previous data breaches and hack attacks against cryptocurrency wallets and exchanges follow this link.

Image credit: DepositPhotos/HarshMunja

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.