A suspected hacker stole approximately £290,000 in cryptocurrency from digital wallet provider BlackWallet by injecting a malicious code into the firm’s DNS server.
A malicious code injected by the hacker into BlackWallet transferred all deposits in excess of 20 or more Stellar lumens into another wallet owned by the hacker.
First revealed by security researcher Kevin Beaumont on Twitter, the latest cryptocurrency hack reminds us of a recent hacking episode that involved a hacker infiltrating trading platform CoinDash’s website during an Initial Coin Offering (ICO) and replacing the link where investors could send their funds with a new one, thereby pocketing $7.4 million in no time.
The latest BlackWallet hack involves the same methodology- hacking into a cryptocurrency wallet provider’s server and injecting a code to ensure all deposits are transferred to a separate wallet. The hacker behind the latest operation emptied his wallet before researchers could track him down. According to Bleeping Computer, the hacker managed to steal nearly 670,000 lumens before the operation was busted.
Following the revelation, a Reddit user named orbit84, who called himself the ‘creator of BlackWallet’, confirmed the breach and said that he took some steps to minimise its impact, including asking the host provider to disable his account and websites, tracing the hacker’s wallet address and asking both SDF and Bittrex to block the bittrex’s account of the hacker. It remains to be seen if BlackWallet will be able to recover the funds lost to the hack.
Commenting on the latest hack, David Kennerley, Director of Threat Research at Webroot, says that it demonstrates how virtual currency has become a new business model for cyber criminals.
‘We’re still exploring the blockchain space and wallet security is more important than ever. The multi-sig wallets in question are popular among companies because they have multiple key-holders and require a majority to sign off on transactions, making it trickier for fraudulent payments to be made.
‘With more and more coins are appearing and alternative uses for blockchain being discovered it’s going to continue to be a high-profile target for cyber criminals. It’s not just financial transactions like Bitcoin using blockchain, but also decentralised apps and cloud storage have already been developing in the space. Without a doubt blockchain technologies will be a big part of the future, but it will take some years for the disruption of contemporary tech to take place,’ he adds.