The DNS server of a web-based application named ‘BlackWallet.co’ which is a Stellar Lumen cryptocurrency (XLM) have been hijacked by the criminal hackers that has stolen more than 4 Million USD from the account of affected users. This vicious attack was reported in the late afternoon of Saturday (January 13th, 2018) when some unknown hackers hijacked the DNS server of a domain ‘BlackWallet.co’ and diverted visitors to their own malicious server. According to the malware researcher ‘Kevin Beaumont’ who analyzed the code of ‘BlackWallet.co’ website before the expert team of this domain regained access to their site and then took it down said that if a user had more than 20 Lumens, then malicious server controlled by threat actors pushed them to a different wallet.
The wallet address of the criminal hackers behind this harmful attack is located at the wallet address to ‘GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI’. At the time of writing this security article, researchers from different security firm have analyzed that cyber crooks gathered almost 670,000 Lumens which is approximately equivalent to 4 Million USD, based on the current exchange rate of XML or USD. After this vicious attack, the security team of BlackWallet and other owners of XML immediately started to warn the users through various mediums like GitHub, Twitter, GalacticTalk, Stellar and Reddit community forums.
However, without taking advantage of these alerts, users continued to login their accounts into the phishing BlackWallet website, feed their confidential data and then they noticed that their funds were stolen from their wallet mysteriously. There after, the hackers behind this attack started moving the stolen funds from XLM account to Bittrex. Here, it is important for you to understand that Bittrex is yet cryptocurrency exchange where the crooks convert their funds to other digital cryptocurrency in order to remain anonymous. After getting this report, the administrators of BlackWallet tried to contact the admins of Bittrex in order to block the account operated by cyber criminals.
According to the statement released by the official of BlackWallet, this hijack took place after someone accessed the hosting provider account of BlackWallet.co domain. They also said that they were in contact with the hosting provider to collect as much information as possible about the con artists to take a proper action against this attack. Although, you may wish to move your funds to a new wallet with the help Stellar account viewer, in case, if you have ever entered credentials on BlackWallet.co website. Based on the report published by CoinMarketCap, Stellar Lumen is one of eight most popular cryptocurrency among the others that are available over the Internet. Similarly, EtherDelta suffered from same attack i.e. DNS hijacking that took place in Christmas 2017. So, it might be possible that the same hackers were responsible for such and similar attacks.