Hackers Hijack DNS For Lumens Cryptocurrency Site 'BlackWallet', Steal $400,000

An anonymous reader quotes BleepingComputer: Unknown hackers (or hacker) have hijacked the DNS server for BlackWallet.co, a web-based wallet application for the Stellar Lumen cryptocurrency (XLM), and have stolen over $400,000 from users' accounts. The attack happened late Saturday afternoon (UTC timezone), January 13, when the attackers hijacked the DNS entry of the BlackWallet.co domain and redirected it to their own server. "The DNS hijack of Blackwallet injected code," said Kevin Beaumont, a security researcher who analyzed the code before the BlackWallet team regained access over their domain and took down the site. "If you had over 20 Lumens it pushes them to a different wallet," Beaumont added...

According to Bleeping Computer's calculations, as of writing, the attacker collected 669,920 Lumens, which is about $400,192 at the current XML/USD exchange rate. The BlackWallet team and other XLM owners have tried to warn users via alerts on Reddit, Twitter, GitHub, the Stellar Community and GalacticTalk forums, but to no avail, as users continued to log into the rogue BlackWallet.co domain, enter their credentials, and then see funds mysteriously vanish from their wallets.

Whither HTTPS?

This is exactly the sort of thing HTTPS/SSL is supposed to prevent.

Did all the users who lost money ignore the scary browser warnings, or what?

Any bets?

[cold+fjord]

Any bets this is who is behind it?

Kim Digs for Cybercrime Coin Sanctions Can’t Snatch

And is that leading to this?

South Korea plans to ban cryptocurrency trading, rattles market

Re:Who the fuck modded up the parent?!

You clearly have no idea what you're talking about, so please refrain from subjecting us to your utter bullshit.

Neither do you, professor. Strict transport security combined with public key pinning would have mitigated the attack, for the most part at least.