BlackWallet Hack: $400K In Stellar Stolen, Hosting Provider Possibly At Fault

[abdmuiz]

A DNS hijack has led to hackers withdrawing $400,000 worth of Stellar Lumen (ftp://Lumen) (XLM)
coins from wallets hosted by Blackwallet.co without users’ permission

As multiple sources report, on Saturday, Jan.13,attackers took control of BlackWallet’s hosting server, changing
settings to allow code to run which automatically sent customer balances over 20XLM to an address under the hackers’ control

Almost 670,000 tokens are currently missing as a result of the attack, likely explaining XLM’s
almost 23 percent dive over the past 48 hours
On social media, desperate efforts to contain the threat before the service was taken offline saw
BlackWallet’s developer caution users to move their funds elsewhere if they had entered their wallet
information since Saturday

The developer, known as u/orbit84 (ftp://u/orbit84) on Reddit, wrote:

I am sincerely sorry about this and hope that we will get the funds back. I am in talks with my hosting provider
to get as much information about the hacker and will see what can be done with it. If you ever entered your
key on blackwallet, you may want to move your funds to a new wallet using the stellar account viewer

A Reddit user u/nuclearping has apparently managed to identify the hosting provider which services BlackWallet as 1&1

If that is the case, the event would be the second such incident involving 1&1. In August last year, hackers persuaded a customer service representative at the company to cede control of Classic Ether Wallet’s domain from its original owner

The result was mass losses of funds and sensitive user information being stolen, sources reported at the time

The BlackWallet developer meanwhile added an edit to his original Reddit post asking community members not
to“spread rumors”about the German hosting provider