The developer of globally accepted popular BitCoin wallet, BlockChain, suffered a blackout this week after malicious attackers breached its core registrar systems and changed its DNS servers.
On Wednesday, the company reported that it had identified a DNS issue. Later, it found out that the attackers had infiltrated its DNS registrar.
Detailing the issue in a blog post, BlockChain Co-founder and CEO Peter Smith said the malicious attackers changed the DNS servers of BlockChain.info in an attempt to redirect users to a phishing website.
Fortunately, compromised registrar and the company responded quickly and restored the DNS servers before it propagated much across the web. The company decided to shut down its entire website platform to further analyze the incident, but luckily the cyber criminals were only able to access the registrar’s system.
The DNS settings were restored and the platform went back online within 8 hours. The company has now placed additional controls to prevent future incidents.
According to Smith, the redirected phishing website took advantage from a self-signed SSL certificate, that prevented modern web browsers from exposing the website. The phishing website page shut down after BlockChain reported it to the owner of the machine used in the attack. However, it is still possible and is unknown whether some users entered their credentials on that fake site.
