On Saturday 13 January 2018, an unknown hacker (or hackers) managed to take over the DNS server for BlackWallet.co, a web-based wallet application used for the Stellar Lumen cryptocurrency (XLM), and stole $400,000 from users’ accounts. The hackers managed to hijack the DNS entry of the BlackWallet.co domain and redirected it to their own server, according to a report by Bleeping Computers.
The domain for BlackWallet was changed to redirect to the hackers’ website, with any amounts of 20 Lumens or more sent to the hacker’s wallet after user credentials were collected.
The attackers’ wallet is located at the “GBH4TZYZ4IRCPO44CBOLFUHULU2WGALXTAVESQA6432MBJMABBB4GIYI” address.
The Bleeping Computers report stated that the attacker collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate.
The attackers then started to move funds from the XLM account to Bittrex, a cryptocurrency exchange, where they’re most likely to convert the stolen funds into another digital currency to hide their tracks.
According to the BlackWallet admin, the incident took place after someone accessed his hosting provider account.
Stellar Lumen ranks today as the eight most popular cryptocurrency by market cap.