CYBER NEWS

BlackWallet App Compromised, 400,000 USD In Lumens Stolen

The BlackWallet browser-based wallet application has been compromised and 400,000 USD in user funds (in the Stellar Lumen cryptocurrency) were stolen from it. It’s still unknown who is behind this attack. To perform the attacks, hackers hijacked the DNS servers of the application. More particularly, a DNS server connected to the domain of BlackWallet was compromised.

The creator of the BlackWallet app confirmed in a statement that an unknown individual had succeeded to access their hosting provider account, which led to the DNS changes and the theft of user funds.

Related Story: Bitcoin Owners, Crypto Exchanges: Hackers’ New Favorite Targets

More about the Attack on BlackWallet

Attackers were targeting the Stellar Lumen (XLM) cryptocurrency. They succeeded in stealing approximately 670,000 Lumens which amounts to 400,000 USD.

The attack took place on Saturday (January 13) in the afternoon (UTC timezone). This is when the attackers successfully hijacked the DNS entry of BlackWallet.co, and redirected it to their hacker-controlled server. Kevin Beaumont, the researcher who analyzed the code, said that “the DNS hijack of Blackwallet injected code” and that “if you had over 20 Lumens it pushes them to a different wallet”.

Alerts were quickly propagated during the weekend after the attack happened, in an attempt to warn users and prevent them from logging into the domain. However, the alerts didn’t do much work as users continued logging. Here’s what the warning said:

If you used BlackWallet in the past then use your Secret Key and login to Stellar Account Viewer to use them. If you don’t login in the BlackWallet website your XLM is safe. Lumens are not stored in the wallets, Lumens are ALWAYS stored in the network, you just use wallets to have access to the network. If you use BlackWallet with your Secret Key then the script will steal your Secret Key and then your Lumens.

Once the theft was finalized, the stolen funds started to vanish into the Bittrex cryptocurrency exchange, reports reveal. BlackWallet made several attempts to contact the exchange so that the corresponding wallet is blocked. However, these attempts have seen no results.

The BlackWallet creator apologized for the unfortunate event and said that he is in talks with the hosting provider to get as much information as possible about the hacker. He also highlighted that BlackWallet was only an account viewer meaning that no keys were stored on the server. Nonetheless, it’s highly advisable for users that have recently entered their keys on the application, to move their funds as quickly as possible.

Related Story: Bitcoin, Ethereum Exchange Bithumb Hacked, Millions Stolen

Keep in mind that if the main website of the application doesn’t function, the Stellar Account Viewer can be used instead.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...