The bitcoin community’s most widely used wallet platform Blockchain fell victim to a Domain Name System (DNS) hijack, which allowed attackers to compromise the platform’s DNS registrar and forced the Blockchain development team to shut down the entire website for a substantial period of time.
Users of all 8 million bitcoin wallet accounts on the Blockchain platform were unable to access their funds as the firm’s development team suspended all activities for several hours.
According to Blockchain CEO & co-founder Peter Smith, an anonymous group of attackers altered the site’s DNS servers by penetrating its DNS registrar, which redirected site traffic to external phishing URLs. Fortunately, most modern browsers recognized the suspicious activity due to the attacker’s utilization of a self-signed SLL certificate.
The Blockchain development team’s intuitive response to the DNS attack recovered the platform within 8 hours since the initial configuration of its DNS servers.
“Due to the quick response of our team, the attacker’s DNS changes were allowed only to propagate partially across the Internet. We were also able to locate the owners of the compromised machine being used by the attackers and have it shut down,” stated Smith.
Despite Blockchain’s high security measures and unprecedented performance levels, 8 hours of bitcoin wallet service suspension could have caused incredible discomfort for users that may be in urgent need of their funds.
While Smith noted that the DNS servers of Blockchain “goes beyond industry standard protections against configuration changes,” DNS hijacking is a common form of configuration attack and if such compromisations continue to happen in the future, it will highly likely cause significant effect to its infrastructure’s overall stability.
In February, prominent Internet security services provider CloudFlare introduced new security-focused DNS registrars to prevent configuration attacks and redirecting of malicious URLs in large enterprise-grade platforms like Blockchain.
CloudFlare CEO Matthew Prince emphasized that the CloudFlare Registrar was built for particularly large organizations like Blockchain that would suffer from significant losses in an event of a security breach or a hacking attack.
“CloudFlare Registrar isn’t for the masses, it’s for organizations that would make a front-page story if they lost their domains,” said Prince. “There are plenty of great mass-market registrars available today, but now high-profile organizations don’t need to settle for a one-size-fits-most security approach when it comes to their online brands.”
However, In an online bitcoin community, Blockchain stated that its DNS provider CloudFlare is propagating, to resolve the configuration issues with the platform. Based on the firm’s comment, Blockchain is most likely utilizing CloudFlare’s Registrar system, which seemed to have been targeted by attackers.
As the largest bitcoin wallet service provider in the industry, Blockchain responded responsibly, recovering the platform quickly and mitigating potentially negative damages to the network. Still, it is of utmost importance for both Blockchain and CloudFlare to ensure that such configurations don’t reoccur in the future.