An unidentified thief has reportedly stolen more than $400,000 in Stellar lumens after hacking the digital wallet provider BlackWallet.
According to cybersecurity reearcher Kevin Beaumont, the attacker hijacked BlackWallet’s domain name system (DNS) server over the weekend, adding a piece of code which transferred any deposits of 20 or more lumens into another wallet.
Bleeping Computer reported that the attacker secured nearly 670,000 lumens, worth about $444,000 at press time.
Shortly after stealing the lumens, the hackers began moving the funds out of the wallet they were being stored in. Just under 100 lumens remained in the wallet as of 7:30 p.m. UTC Monday.
A reddit user claiming to be Blackwallet’s creator said in a statement that his hosting provider account had been compromised, which led to the hack. He went on to say he had contacted his provider and asked for the site to be taken down.
As of press time, BlackWallet was inaccessible.
The site’s creator said a large amount of the stolen funds were sent to an account at the cryptocurrency exchange Bittrex. While he tried to contact the exchange, it is unclear whether Bittrex has frozen the stolen funds.
In the statement, the creator said:
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.