Following a recent hijack of BlackWallet’s DNS server, hackers have allegedly stolen almost 670,000 Lumens from users’ wallets, estimated to be worth around $400,000.
BlackWallet.co is a web-based wallet application that lets users manage their Stellar Lumen Cryptocurrency (XLM). The DNS hijack allowed cybercriminals to redirect victims to an attacker-controlled server, from which they could manipulate transactions. If users had more than 20 Lumens in their wallet, the funds would automatically be transfered to the attacker’s wallet.
“If you used BlackWallet in the past then use your Secret Key and login to Stellar Account Viewer to use them. If you don’t login in the BlackWallet website your XLM is safe,” reads a warning. “Lumens are not stored in the wallets, Lumens are ALWAYS stored in the network, you just use wallets to have access to the network. If you use BlackWallet with your Secret Key then the script will steal your Secret Key and then your Lumens.”
Although the warning was posted on social media and microblogging platforms, it does seem that around $400,000 worth of cryptocurrency was stolen. In the following hours, attackers started making transactions using the stolen XLMs, effectively laundering the stolen funds and hiding their tracks.
“I am the creator of Blackwallet. Blackwallet was compromised today, after someone accessed my hosting provider account,” wrote the creator of BlackWallet. I am sincerely sorry about this and hope that we will get the funds back. I am in talks with my hosting provider to get as much information about the hacker and will see what can be done with it.”
This is not the first time hackers have made off with cryptocurrencies, and it definitely won’t be the last. Everyone who recently visited BlackWallet is strongly encouraged to move their funds to a new wallet – if any still remain.