An unknown attacker gained access to Blockchain.info’s DNS accounts yesterday, the company has confirmed. The attack, now resolved, caused Blockchain to go offline for several hours.
Also read: Satoshi Forest Permit Application Denied by Government Officials Again
Attacker Controlled DNS, Posted Phishing Site
In a blog post, the company stated an attacker was able to change Blockchain.info‘s DNS servers. The breach, it said, occurred after a “highly sophisticated” attack on its DNS registrar’s infrastructure and not Blockchain’s own.
“Control over our DNS servers is highly restricted and goes beyond industry standard protections against configuration changes. We were able to access our administrative accounts with our registrar and regain control. Unfortunately, it became clear the attackers gained access to our accounts through breaching the systems of our DNS registrar.”
The attack began at 5:42am EST. Blockchain shut down its entire platform for several hours while employees investigated the incident. It eventually went back online at 1:20pm.
While Blockchain and its registrar worked to reassert control over the DNS, however, the attacker used their advantage to publish a malicious phishing site to fool wallet users.
Most Users Not Affected
Blockchain CEO Peter Smith said he was not aware of any users losing funds from the incident. The blog post added that the attacker used a self-signed SSL certificate. This meant that modern browsers prevented most users from accessing the phishing site anyway.
The investigating team also managed to locate the specific machine the attackers compromised, and shut it down. Due to the prompt response at both ends, the phishing site propagated only partly across the internet.
According to WhoIs, Blockchain.com and .info are registered with eNom. One early report suggested the attacker used social engineering techniques to gain access to the servers. However Blockchain could not confirm or deny this.
Both companies have now “implemented additional manual, offline controls” to reduce the risk of such an attack reoccurring.
Blockchain also said access to its DNS services “is highly restricted and goes beyond industry standard protections against configuration changes.”
According to Blockchain’s own data, there are now 9,179,974 wallet accounts on its platform. That’s roughly double the wallet numbers from the same time last year. The site, together with its mobile apps, remains one of the most popular Bitcoin wallet options.
Are you a Blockchain user? Were you inconvenienced by the outage at all? Let us know in the comments.
Note: Bitcoin.com owner Roger Ver is also an investor in Blockchain.info.
Images via Shutterstock, Blockchain
Did you know you can earn small amounts of bitcoin simply by re-tweeting people on Twitter? You can. Head over to Birds.bitcoin.com and see what’s on offer — sign in and re-tweet any of the posts you see, and Birds will send the bitcoin your way.