An unknown attacker has gained control over the web domain of Classic Ether Wallet, a client-side wallet system for the Ethereum Classic (ETC) cryptocurrency.
According to a Reddit thread, the attack took place around midnight between Thursday, June 29, and Friday, June 30, when the unknown hacker convinced the support staff at web hosting provider 1on1 to concede control over the official domain from its real owner.
Hacker phished credentials, redirected transactions
The hacker immediately redirected the wallet’s main domain to his own server, and altered transactions in order to redirect funds to his accounts.
The hack came to light a few hours later, when developers behind the Ethereum Classic cyrptocurrency warned users to stop using the service for the time being.
With no way of quickly regaining access over the domain, some users proposed a desperate solution of launching DDoS attacks on the site to force it offline and prevent other users from falling victims and losing their funds.
A few hours later, the ETC team with the help of other cryptocurrency experts had the domain blacklisted on Cloudflare. Users accessing the site were greeted by a phishing alert like the one below.
At the time of writing, the site has been taken down. Users who visited the site and logged into their accounts on June 30 have exposed their wallet’s private keys, which the hacker used to steal funds from their accounts. Users that made transactions saw their money reach another person’s wallet.
Hacker stole nearly $300,000
On this Reddit thread, affected users shared some of the ETC addresses where their funds were redirected. One user reported having lost 800 ETC ($14,500) while another one lost 201 ETC ($3,600).
Based on reported cases, the hacker might have siphoned off nearly $300,000 worth of ETC funds from hacked accounts.
ETC funds were transferred in small transactions to numerous other accounts, a clue that the attacker might have used a “tumbler” service to hide his tracks.