Hackers Steal $400,000 of Cryptocurrency in DNS Hijack

Unknown hackers have hijacked the DNS server for web-based wallet application BlackWallet, an online storage service that stores Stellar Lumen (XLM) a major cryptocurrency.

Early on Saturday, January 13, attackers hijacked the DNS entry of the domain BlackWallet.co before redirecting requests to their own server. The ensuing theft saw 669,920 Lumens from users’ accounts. Stellar Lumen is among the top ten cryptocurrencies in the world by market cap, valued above $11.5 billion.

In a Reddit post, the creator of Blackwallet wrote:

I am the creator of Blackwallet. Blackwallet was compromised today, after someone accessed my hosting provider account.He then changed the dns settings to those of its fraudulent website (which was a copy of blackwallet).

Hacker wallet is: https://stellarchain.io/address/GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI

As Bleeping Computer reports, BlackWallet attempted to warn users about the attack via online forums. However, many users continued to pile in and unwittingly lose money. After hackers stole nearly 670,000 Lumens, approximately $400,000 at press time, they started moving funds from the XLM account to cryptocurrency exchange Bittrex in their attempts to convert the stolen funds into another digital currency.

Blackwallet’s creator added:

I’ve contacted both SDF and Bittrex to ask them to block the bittrex’s account of the hacker. I’ve contacted my hosting provider to disable my account and my websites.

Stellar was built as an open-source payments network on a blockchain to reduce poverty in the developing world. Lumens, its digital token, makes cross-border transactions faster, cheaper and more reliable, Lumens developers say.

The hack is yet another instance of an online centralized cryptocurrency exchange or wallet provider being increasingly targeted by hackers to make siphon cryptocurrencies.

Image credit: Pixabay.