A popular wallet system for storing the Ethereum Classic (ETC) cryptocurrency has been hacked, and users are urged to refrain from using the service for now.
At about 11pm BST on Thursday 29 June, Classic Ether Wallet was hijacked by a hacker who used social engineering to trick the wallet service’s web host into giving them access. The hacker called German web host 1and1’s customer support, pretending to be the owner of the domain.
The hacker convinced 1and1 to give them gain access to the site’s domain registration, then changed the domain’s settings to point the domain at their own hostile server.
This means that if the wallet is used to make any transactions, instead of sending the cryptocurrency to the recipient, the hacker can steal the coins instead – an attack known as a phishing scam.
The hack was discovered by Ethereum Classic’s core developers at 3am BST on Friday 30 June. The team immediately started warning users over Twitter to stop using the service, and eventually managed to get distributed denial of service (DDoS) prevention technology providers Cloudflare to place a phishing warning that will appear to anyone that tries to access the Classic Ether Wallet website.
Ethereum Classic has confirmed that the back-up site located on GitHub is working and is safe to use. Users are advised to make transactions using another service called My Ether Wallet, and connect it to the ETC node.
“The best advice is to sit tight. As long as users do not use the website right now, their wallet is okay and secure. There was nothing wrong with the code of Classic Ether Wallet. It was a social engineering attack. Many bitcoin have been stolen the same way,” the cryptocurrency’s founders told IBTimes UK.
IBTimes UK has contacted 1and1 to ask how the social engineering attack occurred and find out how long it will take to restore access to the rightful domain owner.