Stellar stolen in online wallet hack

Cryptocurrencies by their nature are secure and encrypted however the vehicles we use to store them are still very vulnerable.  Users of digital wallet provider BlackWallet found this out the hard way at the weekend when the web server was hacked resulting in the theft of their stash.

BlackWallet is used to store Stellar Lumens, the 9th most popular cryptocurrency at the moment. Over $450,000 in the altcoin was lifted from wallets on the server in a domain name service attack. The hackers stole almost 670,000 Lumens by spoofing the domain name and redirecting users to their own site. This could then inject code into wallets containing more than 20 XLM to send the tokens to the attacker’s wallet.

The coin was then removed from the BlackWallet website and sent to Bittrex where it was converted into another cryptocurrency and probably moved again. The attack shows how vulnerable web hosts are and that although the wallets themselves remained cryptographically secure, they were still compromised.

The BlackWallet team and other holders of Stellar Lumens took to social media to warn users not to enter their credentials into the rogue domain at blackwallet.co. However for many it was too late and empty wallets were they only thing they found. The owner of the website took to Reddit to post the following message and apology;

“I am the creator of Blackwallet. Blackwallet was compromised today, after someone accessed my hosting provider account. He then changed the dns settings to those of its fraudulent website (which was a copy of blackwallet). I’ve contacted both SDF and Bittrex to ask them to block the bittrex’s account of the hacker. I’ve contacted my hosting provider to disable my account and my websites. I am sincerely sorry about this and hope that we will get the funds back. I am in talks with my hosting provider to get as much information about the hacker and will see what can be done with it.”

Stellar Lumens is a payments based blockchain infrastructure that exists to facilitate cross-asset transfers of value. It is currently trading at $0.54 after a peak of $0.92 a couple of weeks ago. XLM has been touted as one to watch in 2018 providing you don’t store it at BlackWallet. Hacks and crypto thefts only emphasize the importance of security and storing your coins on hardware wallets.