Get yourself a crypto tee or surprise a crypto enthusiast in your life with our festive Coin Bureau Merch!
Blackwallet DNS Hack Stellar Lumens
3 min read

Hackers Manage to Hijack Servers of BlackWallet – Steal $418,000

By Editorial Team

Another day, another hack. This time, the unfortunate victims are those who have been using the Stellar Lumens (XLM) web-based wallet application, Blackwallet.co.

This was a DNS server hack which means that the attackers were able to commandeer the blackwallet DNS servers. This meant that they were able to successfully drive the users to a malicious server which hoovered up their details.

The hack occurred on Saturday afternoon January the 13th. According to a security researcher, the hackers were able to inject code that took all the funds from Stellar addresses that had over 20 XLM in them.

Familiar MO

The DNS server hack is not a new attack vector. In fact, this happened just last month in the large EtherDelta DNS hack. In that case the hackers was able to infiltrate the domain servers and steal a considerable amount of ETH.

You can see exactly how much Stellar the hacker was able to steal by observing his address on the Stellar Blockchain. According to the research by Bleeping Computer he was able to make away with about 670,000 XLM. Given the current exchange rate, that makes the loot worth $418,013.

The moment that the hack occurred, the BlackWallet team and other users tried to spread the word as quickly as possible. They reached out on Github, Reddit and Twitter among others. Unfortunately, users continued to access blackwallet and hence were redirected to the rouge server.

The “Wash” Commenced

Once the hackers were able to get a hold of the funds, they wasted no time in trying to cover their tracks. They started moving the coins to an account on the Bittrex cryptocurrency exchange.

They would most likely have bought another Altcoin such as Monero (XMR) or Zcash (ZEC) in order to “clean” the funds and move them away from the exchange without being traced.

The developer behind BlackWallet tried to desperately get the attention of staff at the Bittrex exchange. The hope was that they would be able to block funds coming from the wallet before they were sent out. Below is the tweet.

It is unlikely that they were able to effectively stop the funds coming through given the speed with which the hacker was able to move. Today the developer behind blackwallet said that he was in discussions with his hosting provider to see if they could get any digital fingerprints on the hacker.

He also stressed that blackwallet was an account viewer site and that they did not store private key information on their server. Hence, you would only have been susceptible if you entered your key on blackwallet during the time the hack was taking place.

Cursory Lessons

This is no doubt another unfortunate tale in the risks that cryptocurrency wallets and exchanges face when they have a central point of failure. In this case, it is the centralised DNS server.

There are many that are looking to decentralised name server solutions such as the Ethereum Name Service as the decentralised answer to the existing network architecture.

While it can be quite hard to know whether a site’s DNS server has been hacked, it no doubt a wise decision to make use of a hardware wallet that stores your private keys offline.

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Related Posts

FTX Exchange
Withdrawals not Halted at FTX: Instead Binance will Buy FTX
FTX Exchange

Withdrawals not Halted at FTX: Instead Binance will Buy FTX

November 9th, 2022 3 min read
OKX invests in WAX
OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX
OKX invests in WAX

OKX Blockdream Ventures Invests Millions in GameFi and NFT Development on WAX

June 3, 2022 2 min read
Binance partners with the weekend
Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour
Binance partners with the weekend

Binance Partners with The Weekend to Provide First-Ever Web 3 Enhanced World Tour

June 3, 2022 2 min read
21Shares Releases Sixth State of Crypto Report
21Shares Releases Sixth State of Crypto Report: Summary
21Shares Releases Sixth State of Crypto Report

21Shares Releases Sixth State of Crypto Report: Summary

June 2, 2022 3 min read
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand
Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

Algorand and MakerX Commit 1M Algo to Migrate Terra Users to Algorand

June 2, 2022 2 min read
Regulators are “Not Allowing” Banks to Engage with Crypto
Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto
Regulators are “Not Allowing” Banks to Engage with Crypto

Bank of America CEO: Regulators are “Not Allowing” Banks to Engage with Crypto

June 1, 2022 2 min read
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution
US Conference of Mayors Introduces Blockchain Resolution

US Conference of Mayors Introduces Blockchain Resolution

June 1, 2022 2 min read