Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Cybercriminals Target Blockchain in DNS Attack

Blockchain, the developer of the world’s most popular Bitcoin wallet, suffered an outage this week after malicious actors breached the systems of its registrar and changed its DNS servers.

The company reported on Wednesday that it had detected a DNS issue. It later learned that attackers had compromised its DNS registrar.

Blockchain, the developer of the world’s most popular Bitcoin wallet, suffered an outage this week after malicious actors breached the systems of its registrar and changed its DNS servers.

The company reported on Wednesday that it had detected a DNS issue. It later learned that attackers had compromised its DNS registrar.

In a blog post detailing the attack, Blockchain CEO and co-founder Peter Smith said the attackers changed the Blockchain.info DNS servers in an effort to direct users to a phishing website.

Fortunately, Blockchain and the compromised registrar acted quickly and the DNS changes propagated only partially across the Web. The company decided to shut down its entire platform to analyze the incident, but the investigation revealed that the cybercriminals had only gained access to the registrar’s systems.

The DNS settings were reverted and the platform was restored within roughly 8 hours. Blockchain says it has implemented additional controls to prevent such incidents in the future.

According to Smith, the phishing website leveraged a self-signed SSL certificate, which should have prevented people using modern browsers from being exposed. The phishing page was shut down after Blockchain notified the owner of the machine abused in the attack. However, it’s still possible that some users entered their credentials on the fake site.

Users reported on Reddit that the hackers changed Blockchain’s name servers from CloudFlare to Hostwinds, which claims to offer the cheapest website hosting in the industry.

Bitcoin’s high value has made it a tempting target for cybercriminals and many exchanges have reported being breached over the past months, including Bitfinex, Cavirtex, Bitstamp, Bter and BTC-E.

Bitcoin-related websites are targeted not only by profit-driven cybercriminals. In August, Bitcoin.org, the organization that oversees Bitcoin software development, warned users of possible state-sponsored attacks.

Related Reading: Microsoft Teams with Bank of America on ‘Blockchain’

Related Reading: Ransomware Uses Blockchains to Transmit Decryption Keys

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...