Security Update: Yesterday’s DNS Attack

Yesterday, Blockchain experienced an outage for several hours while under a DNS attack.

At approximately 5:42 AM EST, the attacker changed Blockchain.info’s DNS servers. Within minutes, our internal systems alerted our infrastructure team who immediately began to assess the attack.

Control over our DNS servers is highly restricted and goes beyond industry standard protections against configuration changes. We were able to access our administrative accounts with our registrar and regain control. Unfortunately, it became clear the attackers gained access to our accounts through breaching the systems of our DNS registrar.

In an abundance of caution, we shut down our entire platform until we investigated the full extent of the attack. After making offline high-level contact with our registrar, we quickly determined that our registrar’s systems were breached by a highly sophisticated attack against the registrar’s infrastructure and not Blockchain’s infrastructure. Our registrar was able to manually regain control and revert the DNS changes.

While we waited for the fix to propagate across the internet, we investigated the malicious site to which the attacker had redirected traffic. We determined that due to the attacker using a self-signed SSL certificate, users using modern browsers – which the wallet requires – were prevented from being exposed to the phishing site. Due to the quick response of our team, the attacker’s DNS changes were allowed only to propagate partially across the Internet. We were also able to locate the owners of the compromised machine being used by the attackers and have it shut down.

After a full check of our own systems and a complete propagation of the correct DNS servers, we brought our platform back online at 1:20 PM EST. To mitigate the attack vector at our registrar, we have implemented additional manual, offline controls.

Ultimately, any disruption in service is something we take seriously and we extend our sincere apologies. While we sometimes remain offline for longer than necessary, we do so out of an abundance of caution while we check to ensure all systems are fully protected and functional.

Thank you for your patience.

Peter Smith

CEO & Co-Founder, Blockchain

8 thoughts on “Security Update: Yesterday’s DNS Attack

  1. Thanks Blockchain.info for full disclosure of DNS hack. Good to see there was no breach at blochain.info HQ. Keep up the good work guys.

    1. Thanks for the positive feedback, Michael! It was extremely important that we get this information out as soon as possible.

  2. Thank you team blockchain on your relentless efforts to ensure the safety of our accounts and details, my concern is the frequency of attacks blockchain has encountered and its raising eyebrows. just some two weeks ago or there about,blockchain was shut down for several hours just to fix some issues, this inturn hindered alot from carrying out certian transactions via bitcoin wallet. i strongly believe the team will find a more lasting solutions to these attacks. i would also want to know how long this shut down will last before normalacy resumes. thanks once again for your dedicated efforts in keeping us safe,

  3. I tried to open my wallet. The system writes “Unknown wallet identifier. Click here if you need a reminder.
    Find the login link in your email, e.g. blockchain.info/wallet/1111-222-333… The series of numbers and dashes at the end of the link is your Login ID.”.
    Trying to restore – creates a new wallet. How do I restore my wallet № 1KZi5QmzkB1oBGxjaPWt5omhQrT3JzPYmv with my money?

    1. Hi Larysa! The Wallet ID you mention “1KZi5QmzkB1oBGxjaPWt5omhQrT3JzPYmv” is actually a bitcoin address, which is different from a wallet ID. If you’re unsure of what your wallet ID is, I recommend reaching out to our support team so we can assist you in recovering it.

Comments are closed.