Blockchain.info, one of the most popular online Bitcoin wallet services in the world, was forced to take its service offline this week (12 October) after suffering a DNS hijack that left its 8 million-strong userbase vulnerable to cyberattack.
The digital currency service claims to power up to 100,000 Bitcoin transactions in a single day, so it was of little surprise that reports of the DNS attack quickly spread to messageboard websites such as Reddit and social media platforms.
Upon analysis, Blockchain.info administrators found the website’s Domain Name Resolution (DNS) information had been altered to re-direct anyone visiting the website to a potentially-malicious website URL, a cheap hosting provider located in the US.
After finding the security flaw, the team was forced to take down the site. Notifying concerned users on Reddit, the team wrote: “Our DNS provider was targeted. It’s going to be several hours before our services are fully restored. The CloudFlare DNS is propagating now.”
During the attack, users were left particularly at risk of bitcoin theft or malware infections. DNS attacks can typically consist of an attacker redirecting unsuspecting users to a malicious web page to steal personal details or financial information.
Luckily for users, the correct domain was re-established less than 24 hours after discovery of the incident. In a statement, the team said: “Earlier today, we discovered our DNS registrar had been compromised. We took immediate action to resolve the issue.”
It continued: “To be abundantly cautious, we’re waiting for the DNS to propagate universally across the web before bringing our services back. Once DNS has propagated, we expect to restore services ASAP. Our sincerest apologies for any inconvenience.”
In a blog post, Artsiom Holub, a security researcher at OpenDNS, wrote that hijacking attacks of this nature are an increasingly popular and “effective” technique now used by cybercriminals.
‘Treat your bitcoin wallet as your real one’
“Bitcoins and blockchain technology might replace traditional banking, but first it is the community who have to solve a lot of security problems,” he said. “Bitcoin wallets and companies are being targeted by criminals more and more as they face easier schemes to launder stolen funds.
“Traditional banks have controls to detect and prevent laundering schemes but in the crypto currency world we face bitcoin mixers that make the tracking of stolen funds a complicated challenge.
“In this case no damage or hack was done to the servers of the targeted companies, but attackers were able to change DNS records to redirect users to a totally different set of machines. Controlling a domain name allows attackers to potentially gather credentials of the wallets. So treat your bitcoin wallet as your real one, and be aware of the ongoing malicious campaigns.”
At the time of writing, the Blockchain.info website has regained functionality. “All services have been restored and are running normally,” the team wrote on Twitter. “We apologise for the long wait, and we’ll continue to monitor things closely.”