Get trading recommendations and read the analysis on Hacked.com for only $ 39 a month
Important : If you had an account on BlackWallet, do not try to log in. Instead, please check the balance of your account through the official Stellar Account Viewer, found here,
In a statement sent today by his open source portfolio creator Stellar Online Black Wallet claimed to have been hacked. Posted on Reddit, the user orbit84 reported that a hacker had accessed his hosting provider account and had changed the DNS settings for his own hosted version of BlackWallet. The attackers' wallet, to which the author posted a link, appears to have raised around US $ 400,000 worth of Stellar cryptocurrency, whose market capitalization has almost tripled in the past month.
Search security Kevin Beaumont was able to identify a piece of code that checked if a user had more than 20 lumens and had moved them to a hard wallet address. The attack comes after a series of social engineering attacks targeting the growing encryption market.
Exchange EtherDelta suffered from a similar attack at the end of last year caused by a hijacking of DNS. This attack would have been weaker, with the attacker earning only $ 250,000 from Ether.
Just like the EtherDelta attack, the attacker seems to have laundered money at a bittrex address that probably traded it for other chips and further obscured the # 39; identity of the attacker.
How the attack took place
The attack appears to have been a phishing attack targeting the blackwallet.co hosting provider. Although the poster refused to disclose more information saying "I can not disclose more information now to prevent another hack" and promising to post more when he deems it safe, a DNS lookup seems to have identified the host as 1 & 1 Hosting. They could not be reached immediately for comment.
Although we are unable to fully verify what has happened, the users of Reddit and Twitter as well as the security research community seem to believe that they know what 's going on. happened. They theorize probably happened is someone who claims to be the owner of the website contacted the hosting provider and through social engineering was able to access the account. From there, it was easy to transfer the DNS records to a website hosted by the attacker.
Although it is clear to community members that the host is probably at fault here, the developer of BlackWallet has facilitated this attack by opening its source, which is openly available on Github. Anyone with a small amount of technical knowledge can clone it and configure an instance for itself by modifying the code as desired.
In addition, angry users use the use of 1 & 1 as opposed to a hosting provider with tighter security measures aimed at corporate customers such as AWS, Google Cloud Platform or Microsoft Azure. 1 & 1 was also the target of angry users who lost money by claiming that 1 & 1 should have done more social engineering training. The poster has rebuffed these claims asking users of " please do not spread rumors about 1 & 1".
Future prevention
Frequent attacks like this have made it clear to some that WebWallets are not safe, and have led to the emergence of client-only portfolios like My Ether Wallet. These portfolios, though still vulnerable to a DNS hijacking attack like the one that took place today on Black Wallet, go as far as forcing users to go through a slideshow detailing the prevention of phishing scams.
This type of slideshow would probably have prevented some victims of the BlackWallet attack by asking them to check the SSL certificate that would have identified the DNS hijacking attack.
Unfortunately, as the price of crypto continues to rise, these attacks seem to become more common. Fortunately, the introduction of standard business security procedures for exchanges and portfolios will mitigate the damage that they can cause to the community. Coinbase, for example, has published a case study on its cloud architecture and operational security practices within AWS, a secure hosting provider recognized by the industry.
Image from Shutterstock to photo
Follow us on Telegram.
Advertising
Original article and pictures take i0.wp.com site
