VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
User orbit84 posted on Reddit that a hacker entered his hosting provider account and changed the DNS settings to his own hosted version of BlackWallet. The attacker's wallet seems to have accumulated about $400,000 worth of cryptocurrency, and its market value has almost tripled in the past month. In a statement, the founder of BlackWallet claimed that the open source online "star wallet" BlackWallet had been hacked. Attack method (per SlowMist): DNS hijacking. Reported loss: $ 400,000.
Primary source
https://www.reddit.com/r/Stellar/comments/7q9g31/statement_blackwallet_hacks_update/?ref_source=embed&ref=share ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- BlackWallet
- bug_class
- infrastructure
- date_occurred
- 2018-01-13
- loss_usd
- $400,000
- source_id
- sm:blackwallet::2018-01-13
Related — same bug class· infrastructure