Hacker swindles £290,000 off cryptocurrency firm BlackWallet using malicious code

Hacker swindles £290,000 off cryptocurrency firm BlackWallet using malicious code

BitGrail goes bust after losing $170 million to large-scale theft

A suspected hacker stole approximately £290,000 in cryptocurrency from digital wallet provider BlackWallet by injecting a malicious code into the firm's DNS server.

A malicious code injected by the hacker into BlackWallet transferred all deposits in excess of 20 or more Stellar lumens into another wallet owned by the hacker.

First revealed by security researcher Kevin Beaumont on Twitter, the latest cryptocurrency hack reminds us of a recent hacking episode that involved a hacker infiltrating trading platform CoinDash's website during an Initial Coin Offering (ICO) and replacing the link where investors could send their funds with a new one, thereby pocketing $7.4 million in no time.

The latest BlackWallet hack involves the same methodology- hacking into a cryptocurrency wallet provider's server and injecting a code to ensure all deposits are transferred to a separate wallet. The hacker behind the latest operation emptied his wallet before researchers could track him down. According to Bleeping Computer, the hacker managed to steal nearly 670,000 lumens before the operation was busted.

Following the revelation, a Reddit user named orbit84, who called himself the 'creator of BlackWallet', confirmed the breach and said that he took some steps to minimise its impact, including asking the host provider to disable his account and websites, tracing the hacker's wallet address and asking both SDF and Bittrex to block the bittrex's account of the hacker. It remains to be seen if BlackWallet will be able to recover the funds lost to the hack.

Commenting on the latest hack, David Kennerley, Director of Threat Research at Webroot, says that it demonstrates how virtual currency has become a new business model for cyber criminals.

'We’re still exploring the blockchain space and wallet security is more important than ever. The multi-sig wallets in question are popular among companies because they have multiple key-holders and require a majority to sign off on transactions, making it trickier for fraudulent payments to be made.

'With more and more coins are appearing and alternative uses for blockchain being discovered it’s going to continue to be a high-profile target for cyber criminals. It’s not just financial transactions like Bitcoin using blockchain, but also decentralised apps and cloud storage have already been developing in the space. Without a doubt blockchain technologies will be a big part of the future, but it will take some years for the disruption of contemporary tech to take place,' he adds.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles