In a recent security update, Blockchain said that it encountered a DNS attack, whereby the attacker changed Blockchain.info’s DNS servers causing outage for several hours.
“At approximately 5:42 AM EST, the attacker changed Blockchain.info’s DNS servers”, Peter Smith CEO & Co-Founder, Blockchain, said in a blog post.
Blockchain’s internal systems alerted infrastructure team within minutes of the attack and they immediately started assessing the attack. It shut down its entire platform until it investigated the full extent of the attack. The investigation revealed that the attackers gained access to the accounts through breaching the systems of its DNS registrar.
“After making offline high-level contact with our registrar, we quickly determined that our registrar’s systems were breached by a highly sophisticated attack against the registrar’s infrastructure and not Blockchain’s infrastructure. Our registrar was able to manually regain control and revert the DNS changes”, the official announcement reads.
According to Blockchain’s own data, currently there are 9,182,939 wallet accounts on its platform. Smith said he was not aware of any users losing funds from the incident, Bitcoin.com reported.
The team investigated the malicious site to which the attacker had redirected traffic and found that as the attacker used a self-signed SSL certificate, users using modern browsers were prevented from being exposed to the phishing site. Smith said that quick response from its team ensured that the attacker’s DNS changes were allowed only to propagate partially across the Internet.
“We were also able to locate the owners of the compromised machine being used by the attackers and have it shut it down”, he said. “After a full check of our own systems and a complete propagation of the correct DNS servers, we brought our platform back online at 1:20 PM EST. To mitigate the attack vector at our registrar, we have implemented additional manual, offline controls.”