Another Attack on Crypto

Another Attack on Crypto
This time is on Stellar Lumen, $400,000 worth of stellar in a black wallet hacked.
In a statement sent out today by the founder open source online Stellar wallet (black wallet) has claimed to have been hacked. Posting on Reddit, and orbit84 posted that a hacker gained access to his hosting provider account and changed the DNS settings to his own hosted version of BlackWallet. The attackers’ wallet, which the author posted link to, appears to have amassed around $400,000 USD worth of cryptocurrency Stellar which has seen its market capitalization apply almost 3 fold over the past month.
Malicious code identified by Kevin Beaumont on BlackWallet.co after the DNS hijacking took place.
Security research was able to identify a piece of code which checked if a user had over 20 lumens and if they did moved them to a hardcoded wallet address. The attack comes after a series of social engineering attacks targeting the ever-growing crypto market.
Much like the EtherDelta attack, the attacker appears to have been laundering money to his bittrex address which likely exchanged it for other tokens and further obscured the identity of the attacker.
What possible manners the hacker used:
The attack appears to have been a phishing attack aimed at the blackwallet.co’s hosting provider. Although the poster refused to disclose any more information say “I cannot disclose more information now to prevent another hack” and promising to post more when he deemed it safe, a DNS lookup appears to have identified the host to be 1&1 Hosting. They could not be reached immediately for comment.
Although we are unable to completely verify what happened, Reddit and Twitter users along with the security research community seem to believe they know what happened. They theorize likely happened is someone claiming to be the owner of the website contacted the hosting provider and through social engineering was able to gain access to the account. From there, it was easy to transfer the DNS records over to a website hosted by the attacker.
While it’s clear to members of the community that the host is likely at fault here, the developer of BlackWallet made this attack much easier by open sourcing his creation, which is openly available in github. Anyone with a slight amount of technical knowledge can clone it and setup an instance for themselves modifying the code as they wish.
Further angering users is the use of 1&1 as opposed to a hosting provider with more stringent security measures aimed at enterprise customers such as AWS, Google Cloud Platform, or Microsoft Azure. 1&1 has also been a target of angry users who lost money claiming that 1&1 should have done more in the way of social engineering training. The poster has rebuffed these claims asking users to “Please do not spread rumors about 1&1″.
Future Prevention
Frequent attacks like this have made it abundantly clear to some that WebWallet’s are unsafe, and have led to the emergence of client-side only wallets such as my eth wallet. These wallets, while still vulnerable to a DNS hijacking attack like the one that took place today on Black Wallet go so far as to force users to go through a slideshow detailing the prevention of phishing scams.
This type of slideshow would’ve likely prevented some victims of the BlackWallet attack by instructing them to check the SSL certificate which would’ve helped to identify the DNS hijacking attack.
Unfortunately, as the price of crypto continue to increase, these attacks seem to be becoming more common. Luckily, the introduction of standard enterprise security procedures to exchanges and wallets will mitigate the damage they can do to the community. Coinbase, for instance, has published a case study on their cloud architecture and operational security practices inside of AWS an industry recognized secure hosting provider.
This a piece of information from a crypto news site to alert all steemian to take extra precaution this time that crypto is ever increasing in market cap…this is telling them more money to still.
The most recent last year was EtherDelta, now is Stellar Lumen, Who is the next?