Hacker Hijacks BlackWallet DNS Server And Successfully Steals $400,000
Cyber News 404 - An unknown hacker has hijacked the BlackWallet DNS server. BlackWallet is a web-based wallet application for Stellar Lumen cryptocurrency (XLM), and the hacker is claimed to have stolen more than $ 400,000 from a user account.
The attack took place on January 13, Saturday night (UTC time zone), when the hacker broke into DNS from the BlackWallet domain then redirected it back to the attack server.
The DNS hijack of Blackwallet injected code, if you had over 20 Lumens it pushes them to a different wallet. pic.twitter.com/Eiwb8UR1Nn— Kevin Beaumont (@GossiTheDog) 14 Januari 2018
"This DNS hijack is injecting code into the Blackwallet site," said Kevin Beaumont, a security researcher who analyzed the code before the BlackWallet team regained access to their domain and lowered the site.
Hacker Successfully Steals Nearly 670,000 XLM
Attacker wallet tracked at address "GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI".
According to the calculations of security researchers, the attacker collected 669,920 Lumens, which is about $ 400.192 at the current XML / USD exchange rate.
The BlackWallet team and other XLM owners have tried to alert users via warnings on Reddit, Twitter, GitHub, Stellar Community and GalacticTalk forums, but to no avail, as users continue to log in to fake BlackWallet domains, users enter their credentials, and then view funds in mysteriously vanished from their wallet account.
Hackers Begin Wash Stolen Funds To Hide Their Traces
Some time ago, the attackers began to move their funds from XLM account to Bittrex, a cryptocurrency exchange, which they most likely turned the stolen funds into another digital currency to hide their tracks.
The BlackWallet Admin is now trying to collaborate and attract Bittrex's attention to block the hacker account. According to the BlackWallet admin, the incident occurred after a hacker accessed and logged into his hosting provider's account.
"I'm in talks with my hosting provider to get as much information as possible about the hacker and will see what can be done with it," Said the BlackWallet admin.Hello @BittrexExchange , please block the account with MEMO XLM 27f9a3e4d954449da04, he hacked https://t.co/ooPMtN2HV4 and is now sending all the funds to your exchange! This is URGENT! A lot of money is involved (>$300,000) https://t.co/nH1MnpPeyw https://t.co/3NlQ01m1yV— orbit84 (@orbit0x54) 14 Januari 2018
Stellar Lumen was ranked the eighth most popular crypto, according to CoinMarketCap.
BlackWallet was previously hacked in July 2017 [1, 2], but until now cannot find any details about the incident. EtherDelta experienced a similar DNS hijacking incident before Christmas 2017, but to this day still, do not know how much money the hacker managed to steal. Wallet Ether Classic and ICO Etherparty sites have also experienced DNS hijacking in the past.
0 Response to "Hacker Hijacks BlackWallet DNS Server And Successfully Steals $400,000"
Post a Comment