A DNS hijack resulted in hackers withdrawing $ 400,000 worth of Stellar Lumen (XLM) coins from wallets hosted by Blackwallet.co without user permission.
Several sources reported that on Saturday, January 13th, attackers took control of BlackWallet’s hosting server and changed the settings to allow execution of code that automatically sent customer balances via 20XLM to an address under the control of the hackers sent.
As a result of the attack, nearly 670,000 tokens are currently missing, which likely explains the nearly 23 percent decline in XLM over the past 48 hours.
On social media, in desperate efforts to contain the threat before taking the service offline, BlackWallet’s developers warned users against moving their money elsewhere if they had entered their wallet information since Saturday.
The developer, known as u / orbit84 on Reddit, wrote:
“I’m really sorry and I hope we get the money back. I’m in talks with my hosting provider to get as much information as possible about the hacker and see what can be done with it. If you’ve ever entered your key on Blackwallet, you may want to move your money to a new wallet using the stellar account viewer … “
A Reddit user u / nuclearping has apparently succeeded in identifying the hosting provider that operates BlackWallet as 1 & 1.
In this case it would be the second incident of this type with 1 & 1. In August last year, hackers persuaded a company customer service representative to give up control of the Classic Ether Wallet domain to the original owner.
The result was massive loss of funds and the theft of sensitive user information, sources reported at the time.
The BlackWallet developer added an edit to his original Reddit post in which he asked community members not to spread “rumors” about the German hosting provider.
Comments are closed.