Attackers Hijack DNS Entry of Stellar Lumen Wallet Application BlackWallet

With cryptocurrency prices on the rise, cybercriminals have started to expand beyond the better known currencies, such as bitcoin (BTC) and ether (ETH). In a recent incident, attackers targeted the Stellar Lumen (XLM) cryptocurrency by compromising the DNS server for, a web-based wallet application for XLM. According to reports, the attackers collected nearly 670,000 Lumens as of the time of publication, which equates to just over $400,000 based on the current XML/USD exchange rate.

Based on the analysis of Kevin Beaumont, the researcher who discovered the attack, the perpetrators injected code to hijack the DNS entry of the domain. Users with over 20 Lumens who accessed found themselves being redirected to a different wallet.

The attackers behind the incident have also started transferring funds from their account at BlackWallet to their account at another cryptocurrency exchange, Bittrex, where it is highly likely that laundering procedures will be made to hide the attacks.

The creator of BlackWallet, under the username orbit84, made a Reddit post in which he warned users of the incident, as well as advising them to move funds to a new wallet. He also said that he had contacted XLM’s creator, Stellar Development Foundation (SDF), and Bittrex about the attacks.

The rise of cryptocurrency attacks and how to mitigate them

2017 saw a large number of cryptocurrency attacks, no doubt fueled by the medium’s rising value and popularity. This year seems to be no different, with a number of cryptocurrency-related attacks already occurring in January.

While the lure is strong for many users looking into investing in the latest and greatest cryptocurrencies, security should still be one of the top priorities. This is especially important in light of the realization that many exchanges and wallets are small operations that may lack the necessary security measures to prevent attacks from occurring. For organizations involved in cryptocurrency operations, certain mitigation techniques can minimize the impact of code injection into their domains.

In addition, organizations can look into comprehensive security solutions that can block URLs and scripts that are known to be malicious or exhibit malicious behavior. Trend Micro™ Smart Protection Suites and Worry-Free™ Business Security protect end users and businesses by detecting these threats and all related URLs. Trend Micro™ Smart Protection Suites deliver capabilities, such as high-fidelity machine learning, web reputation services, behavior monitoring, and application control, that minimize the impact of these threats.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.