Slashdot Mirror
Hackers Hijack DNS For Lumens Cryptocurrency Site 'BlackWallet', Steal $400,000 (bleepingcomputer.com)
An anonymous reader quotes BleepingComputer:
Unknown hackers (or hacker) have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and have stolen over $400,000 from users' accounts. The attack happened late Saturday afternoon (UTC timezone), January 13, when the attackers hijacked the DNS entry of the BlackWallet.co domain and redirected it to their own server. "The DNS hijack of Blackwallet injected code," said Kevin Beaumont, a security researcher who analyzed the code before the BlackWallet team regained access over their domain and took down the site. "If you had over 20 Lumens it pushes them to a different wallet," Beaumont added...
According to Bleeping Computer's calculations, as of writing, the attacker collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate. The BlackWallet team and other XLM owners have tried to warn users via alerts on Reddit, Twitter, GitHub, the Stellar Community and GalacticTalk forums, but to no avail, as users continued to log into the rogue BlackWallet.co domain, enter their credentials, and then see funds mysteriously vanish from their wallets.
According to Bleeping Computer's calculations, as of writing, the attacker collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate. The BlackWallet team and other XLM owners have tried to warn users via alerts on Reddit, Twitter, GitHub, the Stellar Community and GalacticTalk forums, but to no avail, as users continued to log into the rogue BlackWallet.co domain, enter their credentials, and then see funds mysteriously vanish from their wallets.
Who the fuck modded up the parent comment?! It's a perfect example of how dumbed-down Slashdot has become lately, and how this dumbing down results in fucking idiotic comments, like the parent comment, getting incorrectly modded up.
DNS and TLS are separate, independent technologies.
One or more DNS requests will be made prior to a HTTP connection, encrypted or not, being made to a web server.
HTTPS certificates and encrypted HTTP connections can't do a damn thing about a DNS server returning an incorrect result, regardless of whether this is done maliciously or not.
In fact, some certificate authorities treat control over the DNS records for a web site as being sufficient proof of ownership to grant a certificate for that web site.
So an attacker who controls the DNS records of a web site could potentially obtain a certificate that browsers would treat as valid.
You clearly have no idea what you're talking about, so please refrain from subjecting us to your utter bullshit.