Attackers have made off with up to $400,000 (£290,000) in cryptocurrency after an ingenious attack on Stellar Lumen (XLM) wallet, BlackWallet.
In the latest cryptocurrency security incident, hackers managed to compromise the server hosting popular web-based wallet BlackWallet and change the DNS records to point to a replica BlackWallet site.
When XLM holders logged into the new site, a script ran that transferred their balances to the hacker's wallet - if they held more than 20 XLM.
A poster on Reddit claiming to be the admin said: “BlackWallet was compromised today, after someone accessed my hosting provider account. I am sincerely sorry about this and hope that we will get the funds back. I am in talks with my hosting provider to get as much information about the hacker and will see what can be done with it. If you ever entered your key on blackwallet, you may want to move your funds to a new wallet using the stellar account viewer . Please note however that BlackWallet was only an account viewer and that no keys were stored on the server!”
The DNS hijack of Blackwallet injected code, if you had over 20 Lumens it pushes them to a different wallet. pic.twitter.com/Eiwb8UR1Nn
— Kevin Beaumont (@GossiTheDog) January 14, 2018
Thomas Fischer, threat researcher & global security advocate at Digital Guardian told SC Media UK: "The BlackWallet incident is actually an interesting and quite clever application of DNS hijacking, which can in itself be a relatively simple technique. Using social engineering techniques to access the login for the hosting provider account gave the attacker a very straightforward way to re-direct traffic to the malicious site.
“The malware that was injected into the site to move the customers' cryptocoins is the more interesting part, in that it targeted specific wallet sizes. The lesson to learn here is that web asset security is a multi-faceted thing and businesses often neglect to monitor all the important components. It's essential to have visibility into changes across the whole web infrastructure – including services like the DNS – in addition to just the web and application servers.”
Cryptocurrency Stellar Lumen (XLM) has seen considerable increased interest of late, moving from a value of $0.027 per XLM 04 November 2017 to a 04 Jan high of $0.89 (£0.64) - an increase of 229 percent. Stellar Lumen is ranked as the world's ninth largest cryptocurrency, according to coinmarketcap.
