Bitcoin Wallet Provider Blockchain.info Suffers DNS Hack Attack
Blockchain.info suffered a domain name system (DNS) hacking yesterday that sent users to the wrong servers, exposing bitcoin users’ passwords. Blockchain.info took its website offline for several hours to restore its service. The problem has been corrected and the website is now functioning.
The hack occurred around 11:00 GMT as the DNS information switched from Cloudfare to a cheap host provider in Tulsa, Okla. in the United States.
Blockchain Advises Users
Blockchain tweeted that it was researching a DNS issue and looking into it at 6:26 a.m. and tweeted several updates until 2:01 p.m., when it noted the services were restored and running normally.
Blockchain also confirmed the attack on Reddit and stated it would be several hours before service would be fully restored.
One Reddit post noted that with such an attack, funds are at risk, and that API requests and logins could have ended up being redirected to a server hosted by another party.
DNS hacks can allow an attacker to direct a site’s visitors to the wrong IPs. An attacker can collect login credentials for every user authenticating on the false portal.
Password Protection Urged
Users accessing Blockchain during the attack were advised to change wallet passwords immediately, Softpedia noted. Users of desktop and mobile apps who use the Blockchain API, which queries the same DNS server, should do the same thing.
Blockchain regained access to its DNS records at about 21:00 GMT and issued a statement, noting they took immediate action to resolve the issue. The statement said they were waiting for the DNS to propagate universally across the web before restoring services. Once the DNS propagated, service would be restored as soon as possible. Blockchain.info apologized for the inconvenience.
Softpedia confirmed late yesterday that the Blockchain website was functional and its DNS records pointed to the proper servers.
Blockchain, Softpedia noted, was served from two IPs, 22.214.171.124 and 126.96.36.199, and loaded from the following DNS servers:
Name Server: DED88057-1.HOSTWINDSDNS.COM
Name Server: DED88057-2.HOSTWINDSDNS.COM
DNSStream (1.2). and OpenDNS also detected the attack.
Images from Shutterstock.