Hackers Steal Over $400,000 Worth of Stellar Lumen from BlackWallet Users' Accounts

It appears that the cryptocurrency hackers are at again, and this time the payoff was massive: a value of $400,000 of the Stellar Lumens virtual currency.

The security breach happened this past Saturday, and to pull off the heist, the group worked quickly to hijack the BlackWallet host server which stores lumens.

Be careful not to log in to just about any website with secret key, or without 2FA (two-factor authentication).... https://t.co/wKwwA43MyD

— Stellar Lumens (@StellarLumens) 16 Ocak 2018

Most troubling, and another sign of the frenzied, speculative nature of cryptocurrency trading, BlackWallet made several attempts to warn its users about the attack on its forums. Swept up in the euphoria, many of these warnings fell on deaf ears, as many continued to enter the web-based application, despite the obvious depletions which were occurring. In the end, a staggering 669,920 user accounts were stolen in one day. Given that by many accounts Stellar Lumens is the eighth most popular virtual currency globally, the impact is significant.

Within 48 hours the loot was transferred to Bittrex, where it will in all likelihood be converted to another form of cryptocurrency in order to hide the evidence. The BlackWallet creator shared in an official posting on Reddit that since the incident his hosting account, as well as websites, had been disabled: "I am sincerely sorry about this and hope that we will get the funds back,” the man who also goes by Orbit84 said. “I am in talks with my hosting provider to get as much information about the hacker and will see what can be done with it. If you ever entered your key on BlackWallet, you may want to move your funds to a new wallet.”

The Sticky Issue of Cryptocurrency Security

Cryptocurrency hacking operations have been on the rise, starting in 2017, which is no small coincidence given that this year was also marked by its unprecedented growth. In an act of defiance, resilience, or perhaps denial, after the hacks occur, many investors seem to simply shrug it off, accept it as a loss that's part of the risk they have taken, and move on to the next venture.

[see-also]

In a way, digital currency is more vulnerable than traditional money (after all, why rob the bank, arranging a getaway driver and map of the bank's interior when one can commit a robbery from the privacy of one's home?). Just as our understanding of the range of uses and possibilities associated with cryptocurrency will continue to evolve in the coming years, it is vital that the development of stronger and more effective security monitoring and information services continue to evolve as well.

Moran Cerf, professor of business and neuroscience at Northwestern University’s Kellogg School of Management (and former corporate hacker) explains the security challenges for virtual currencies: “[Bank robbers have] two problems: stealing the money and hiding the evidence,” he says. “Bitcoin solves the second one for you because everyone there is anonymous.” At present, this is an important, but necessary, growing pains period for global cryptocurrencies in which the stakes are higher than ever. If we can not stem the tide of hackers, the small-time investor, not the finance-savvy and seasoned professional, will ultimately pay the price.