$400,000 stolen in Lumens BlackWallet theft
Unknown threat actors have compromised the BlackWallet application and stolen $400,000 in user funds.
Security
Over the weekend, as reported by Bleeping Computer, a DNS server connected to the domain of browser-based wallet application BlackWallet was compromised.
The Stellar Lumen (XLM) cryptocurrency was the target of the attack and by redirecting the DNS server to a server controlled by the attacker, close to 670,000 Lumens was stolen.
When the theft took place, over $400,000 was contained in the attacker's wallet. At the time of writing, roughly $48,000 in funds has been left following a number of transfers taking place over the past two days.
According to security researcher Kevin Beaumont, the exploit used was a code injection. If over 20 Lumens was held by users, the funds were automatically transferred over to the attackers' wallet.
Alerts and warnings were quickly posted over the weekend in a vain attempt to warn users and prevent them from logging into the domain, which triggered the exploit.
However, it seems the warning did not come quickly enough for many victims.
"If you used BlackWallet in the past then use your Secret Key and login to Stellar Account Viewer to use them. If you don't login in the BlackWallet website your XLM is safe," the warning reads. "Lumens are not stored in the wallets, Lumens are ALWAYS stored in the network, you just use wallets to have access to the network. If you use BlackWallet with your Secret Key then the script will steal your Secret Key and then your Lumens."
After the theft, the funds began to vanish into cryptocurrency exchange Bittrex. BlackWallet has attempted to communicate with the exchange to have the wallet blocked -- but this appears to be to no avail.
In a statement, the creator of BlackWallet said that an unknown individual had managed to access their hosting provider account, leading to the DNS changes and compromise of user funds.
See also: Venezuela asks other countries to adopt oil-backed cryptocurrency
"I am sincerely sorry about this and hope that we will get the funds back," the BlackWallet creator said. "I am in talks with my hosting provider to get as much information about the hacker and will see what can be done with it."
"Please note however that BlackWallet was only an account viewer and that no keys were stored on the server!" the operator added.
If you have entered your key recently on BlackWallet, you may want to move your funds to a new wallet. As the main website is still not operational at the time of writing, you should use the Stellar Account Viewer instead.