Unknown hackers broke into the DNS server of the BlackWallet.co service, which provides Web-wallets for the Stellar Lumen (XLM) cryptocurrency. They stole more than $400,000 from users' accounts.
The attack occurred on January 13, when the attackers managed to intercept the DNS record of the domain BlackWallet.co and redirect it to their own server. According to the administrator of BlackWallet, the incident occurred after someone got access to the account of the hosting provider.
According to security researcher Kevin Beaumont, who was investigating the incident, malicious code was introduced during the hacking to the site, that automatically sent users money to the criminals wallet if there were more than 20 XLM on their account.According to preliminary estimates, criminals managed to steal about 669 thousand XLS or about $400 thousand at the rate on January 15, 2018. Soon after the hacking, the administration suspended the site.
The BlackWallet team and XLM cryptocurrency owners tried to warn users on Reddit, Twitter, GitHub, Stellar Community and GalacticTalk, but many users continued to register on the BlackWallet.co domain and enter their credentials.
On January 14, the attackers began to transfer funds from their XLM account to the Bittrex Cryptocurrency Exchange. Probably, in this way, hackers tried to clean up the mess by exchanging XLM for another cryptocurrency. Currently, BlackWallet administrators are negotiating with Bittrex about blocking an account of intruders.
I also negotiate with my hosting provider to get as much information as possible about the hackers. Let's see what can be done.
- added a representative of the administration of BlackWallet.
Users were advised to move their funds from BlackWallet to another wallet using the Stellar Account Viewer service.
Information Source: Coindesk