Bitcoin Wallet Recovers from DNS Hijacking Attack

Share this…

At the time of writing, everything is back to normal., the largest web-based Bitcoin wallet, suffered a DNS hijacking attack today when users accessing the site were pointed to the wrong servers, exposing visitors to all sorts of attacks.

The incident took place around 11:00 GMT when the site’s DNS information changed from CloudFlare to a cheap hosting provider based in Tulsa, USA.

Paranoid Bitcoin users noticed the DNS hijacking right away and started warning each other on Reddit and Twitter. took their website offline as they fought to reclaim their website’s DNS records and point them to the right servers.

Blockchain users should change their passwords

DNS hijacks are extremely dangerous since an attacker can point a site’s visitors to his server where he runs a clone of the original website.

During the time DNS information led users to the wrong IPs, an attacker could have collected login credentials for everyone authenticating on the fake portal.


Users that accessed today should change their wallet passwords right away.

The same goes for users of mobile or desktop apps that use the API, which makes queries to the same DNS server.

Everything is OK in Bitcoinland, once again staff regained access to their DNS records around 21:00 GMT, when they issued the following statement:

  Earlier today, we discovered our DNS registrar had been compromised. We took immediate action to resolve the issue. To be abundantly cautious, we’re waiting for the DNS to propagate universally across the web before bringing our services back. Once DNS has propagated, we expect to restore services ASAP. Our sincerest apologies for any inconvenience.  

At the time of writing, the website is functional once again, and its DNS records point to the correct servers.


During the attack, was served from the following two IPs, and, loaded from the DNS servers below.

Name Server: DED88057-1.HOSTWINDSDNS.COM
Name Server: DED88057-2.HOSTWINDSDNS.COM