Classic Ether Wallet Compromised via Social Engineering

Developers of Classic Ether Wallet said an attacker managed to hijack the domain for the wallet via social engineering late Thursday evening.

Classic Ether Wallet, an open source wallet for the public, blockchain-based cryptocurrency platform Ethereum Classic (ETC) was compromised late last week. Developers of the decentralized platform said an attacker managed to hijack the domain for the wallet via social engineering late Thursday evening.

According to a tweet sent by developers with Ethereum Classic, a hacker called the domain’s registry and impersonated the owner of the service in order to gain control of the site.

https://twitter.com/eth_classic/status/880597604559720448

https://twitter.com/eth_classic/status/880606006291689472

Ethereum is a distributed public blockchain network used to mine Ether, a decentralized cryptocurrency considered by some as a rival to Bitcoin. As of Monday, according to coinmarketcap.com, one Ethereum Classic, or ETC, is equal to roughly $18.

After securing access to the domain, the hacker switched the site’s settings to direct the domain, and in turn funds, to their own malicious server. According to the service, the hijacked version of the site used “code to copy private key which is typed in by user and sends it to the hacker.”

Entrance to the site was blocked by a phishing warning from Cloudflare briefly on Thursday and unreachable for most of Monday morning. When the site could be reached, a notice that the domain had been registered via hosting provider 1&1 was displayed.

It’s unclear exactly what the attacker was able to say in order to trick the Germany-based 1&1 into handing over access to the domain. A request for comment was not immediately returned from 1&1 on Monday.

https://twitter.com/eth_classic/status/880636061474541569

While the cryptocurrency in users’ wallets is safe, users who used the wallet to make a transaction while the site had been hijacked likely had their tokens sent to the hacker, instead of the designated recipient.

https://twitter.com/eth_classic/status/880621572901531648

Until the site is back up administrators are encouraging users to use a secure version of the wallet at a site hosted at Github or myetherwallet.com and its $ETC node.

Victims on Reddit claim to have lost thousands through the scam, including one user who pointed to a series of Ethereum Classic blockchain transactions that signal a loss of 1001 ETC, roughly $18,000 USD.

Bitcoin and other cryptocurrencies have proved to be an alluring target for phishing attacks over the years.

Last summer, researchers with Cyren and OpenDNS helped ferret out an attack designed to siphon money from legitimate Bitcoin wallets. Attackers tricked users into visiting sites, a spoofed version of Blockchain.info in particular, in hopes they’d enter their actual username and password. By doing so the victims would have been handing their Blockchain credentials over to the attackers.

This article was updated at 5:35 p.m. to clarify that one Ethereum Classic, or ETC, was worth $18. One Ethereum, or ETH, equals $278.

Suggested articles