A web-based wallet service called BlackWallet was recently hacked, resulting in the loss of over 700,000 Stellar Lumens worth over $300,000.
According to an official statement released by BlackWallet’s creator, the site’s hosting provider account was hacked, and its DNS settings were changed by the hacker afterward.
The new settings redirected the original domain to a fraudulent website which was a copy of BlackWallet.
This action allowed the hacker to utilize those users’ details who had logged into their BlackWallet account after the hack.
The hacker then transferred these users’ Stellar Lumens to their own account.
According to the official statement, the hacker’s wallet was identified, and its address was shared by BlackWallet’s
creator publicly to increase awareness about it.
Furthermore, it was established that the hacker transferred the stolen Lumens to a Bittrex exchange account.
BlackWallet’s creator urged Bittrex to identify the account holder to recover the funds. The post also requested any BlackWallet users to move their funds to a new wallet using the Stellar Account Viewer. However, it was explained that since BlackWallet was only an account viewer, no keys had been stored on the server.
Due to this, another official post within the same Reddit thread, this time by a Stellar admin, warned users to not log in to their BlackWallet account, as that was causing the hacker to steal the funds. It was reported that a script was running on the BlackWallet website which would send the user’s XLM to the hacker’s account as soon as they log in to it.
The post by Stellar reassured its users that the problem was with BlackWallet users, and if they do not use that wallet, they would not need to worry.
However, it explained that since coins are stored on the blockchain network and not on the wallet itself, any Lumens in a BlackWallet user account can be easily transferred using the Stellar Account Viewer.
Similar Incidents have occurred in the past
Even though it is not as severe regarding the value of stolen coins as the Mt. Gox or YouBit hack, it just adds to the incidents of similar nature that have haunted the cryptocurrency industry as of late.
While these sites reportedly took all the security measures available to them, their downfall seemingly came to the fact of them being operated through a centralized mechanism and not with the added security of a blockchain network, even though they deal with digital assets that themselves could not have existed without blockchain technology.
This raises a question on the security of storing your cryptocurrency information with such wallets and exchanges. Even though they reportedly, employ the utmost functions regarding security, the fact remains that they are still operating through a centralized system which does not provide them with the level of security required in the midst of these increasing hacking attempts against the cryptocurrency industry.
While decentralized exchanges (DEX) are in the works and a few of them have also started operating along with decentralized apps (such as blockchain based wallets), it seems like it is high time for the cryptocurrency community to adopt blockchain as its core method of managing their digital assets to prevent such issues in the long run.