A popular wallet system for storing the Ethereum Classic (ETC) cryptocurrency has been hacked, and users are urged to refrain from using the service for now.
At about 11pm BST on Thursday 29 June, Classic Ether Wallet was hijacked by a hacker who used social engineering to trick the wallet service’s web host into giving them access. The hacker called German web host 1and1’s customer support, pretending to be the owner of the domain.
The hacker convinced 1and1 to give them gain access to the site’s domain registration, then changed the domain’s settings to point the domain at their own hostile server.
This means that if the wallet is used to make any transactions, instead of sending the cryptocurrency to the recipient, the hacker can steal the coins instead – an attack known as a phishing scam.
The hack was discovered by Ethereum Classic’s core developers at 3am BST on Friday 30 June. The team immediately started warning users over Twitter to stop using the service, and eventually managed to get distributed denial of service (DDoS) prevention technology providers Cloudflare to place a phishing warning that will appear to anyone that tries to access the Classic Ether Wallet website.
Users are advised that all the cryptocurrency they have stored in their wallets is safe, as long as they do not visit the website and paste in their private key, or use it to make transactions. All addresses and keys that were created before Thursday 29 June are also safe, it is just unsafe to use the website at present.
Ethereum Classic has confirmed that the back-up site located on GitHub is working and is safe to use. Users are advised to make transactions using another service called My Ether Wallet, and connect it to the ETC node.
“The best advice is to sit tight. As long as users do not use the website right now, their wallet is okay and secure. There was nothing wrong with the code of Classic Ether Wallet. It was a social engineering attack. Many bitcoin have been stolen the same way,”
“We’re [currently] waiting for 1and1 domain registrar’s customer service to allow the rightful owner of the URL to take back control.”