Hackers stole $400,00 in Lumens after compromising a website

$400,000 Worth of Stellar Lumens Stolen After Hackers Hijack BlackWallet’s DNS Server

Unknown hackers recently managed to hack the DNS server of BlackWallet.co, a web-based application for Stellar Lumens (XLM). According to Bleeping Computer, the attackers managed to steal the equivalent of over $400,000 from unsuspecting users.

BlackWallet’s DNS server was hijacked on January 13, and started redirecting users to the hackers’ server. This meant users were sent to a copy of BlackWallet that gave hackers access to their funds once they entered their credentials. In a statement on Reddit, BlackWallet’s creator confirmed the hack did occur, and revealed the attackers’ wallet.

Security researcher Kevin Beaumont managed to analyze the code before the BlackWallet team regained access to the domain and took down the fake website. According to him, “the DNS hijack of Blackwallet injected code.” The code, in turn, stole funds from users who had over 20 Lumens in their wallets.

In its statement on Reddit, BlackWallet’s creator added that those who have entered their key on the website may want to move their funds to another wallet to keep them safe, using the stellar account viewer. He noted, however, that “blackwallet was only an account viewer” and that no keys were stored on its servers.

The team behind the website and other XLM owners attempted to warn users of the risks of accessing BlackWallet. Warnings were visible Twitter, Reddit, Github, and even on GalacticTalk forums.  Users, however, continued to enter their credentials on the rogue website, and saw their funds get stolen.

According to reports, the attacker managed to steal 669,920 Lumens. At press time these are worth over $416,000. One Lumens is currently trading at $0.621 and is up by 1.2% in the last 24-hour period, according to Cryptocompare.

Hackers are laundering stolen Lumens

Researchers further noted the attackers cleaned up their wallet and sent the funds to cryptocurrency exchange Bittrex. Using the exchange they’ll be able to sell their Lumens for privacy-centric cryptocurrencies to hide their tracks.

However, if their account is verified on Bittrex, or if they misstep using while using the platform, their identity or IP address may be revealed. The Stellar community is now attempting to contact Bittrex before it is too late.

BlackWallet admins are also in contact with their hosting provider, to gain information to see if something can be done. Notably, BlackWallet was also hacked last year, according to a thread on GalacticTalk.