On January 13, an unknown hacker(s) hijacked the DNS server for BlackWallet.co, a web-based wallet for the Stellar Lumens cryptocurrency, and redirected it to their own server.
Security researcher Kevin Beaumont, who analyzed the code, said, “The DNS hijack of Blackwallet injected code, if you had over 20 Lumens it pushes them to a different wallet.” It is estimated that nearly 700,000 Lumens (XLM) were stolen, with a current value of over $400,000.
Warnings and alerts not to log into the BlackWallet site have been sent out by the BlackWallet team and other XLM users via Stellar Community, Galactic Talk, Reddit, Twitter and GitHub. Unfortunately, users continued to log in for some time, and thus, saw their funds vanish from their wallets.
Following the address of the attacker, it is possible to track the movement of funds from BlackWallet to the Bittrex exchange, where they are likely to convert the funds and cover their tracks. BlackWallet has since messaged Bittrex in an effort to coordinate with the exchange to block the hacker’s account.
In a statement on Reddit, the BlackWallet admin is suggesting that people move their funds to a new wallet using the Stellar account viewer. At the time of this writing, the BlackWallet website is returning a 404 error. Bitcoin Magazine will update this story as it evolves.