OpenLedger Domains Hijacked
OpenLedger has lost control of its .io and .info openledger domains to a malicious actor. According to the company, their GoDaddy account was compromised and their domains hijacked. The decentralized asset exchange (DEX) is not safe for use and should not be accessed via those websites. Bitsonline will keep our readers posted on any developments.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
OpenLedger Warns Users to Stay Away, Freezes Transactions
The Denmark-based DEX has warned users to avoid logging into their OpenLedger accounts until further notice. Their June 2nd advisory tweet, which oddly directs users to a subdomain of the compromised domains for updates, states:
Dear OpenLedger Users,
all deposits/withdrawals and https://t.co/jjE9yCMW0s domains are temporary closed, until circumstances are clarified.
Our technical department is working hard to open it as soon as possible.https://t.co/D8yzpHUXNZ
— OpenLedger (@OpenLedgerDEX) June 2, 2018
Their update of June 4th refers users to their Medium statement:
Pleas read carefully – the latest update from our team:
OpenLedger DEX Update: All OPEN.Asset Activities Suspended Until We Regain Access to Our GoDaddy’s Accounthttps://t.co/i3ZS0P7KpZ#OpenLedger #bitshares #security
— OpenLedger (@OpenLedgerDEX) June 4, 2018
The domains are currently under the control of actors who have created websites of the same appearance, hoping to phish user credentials. Per the company’s Medium statement:
“Our GoDaddy’s account was hacked and openledger.io and openledger.info domains are now controlled by malicious individuals. Attempting to obtain login credentials of OpenLedger DEX users, they used these domains to set up a phishing site with an interface extremely similar to the exchange’s original one… Please don’t use such email addresses to contact OpenLedger and don’t answer emails sent from these domains until the official acknowledgement that this is secure.”
GoDaddy Contacted, Users Diverted to BitShares
Trading on OpenLedger has been suspended. Deposits, withdrawals, trading, and transfers will remain suspended, according to the company, until the domains are back within its control. The company’s legal and tech teams are working with GoDaddy to regain access to the domains, but suspect the process may be complicated by GoDaddy procedures.
The exchange is advising customers to use the wallet.bitshares.org and market.rudex.org domains to access the exchange. BitShares remains unaffected by the hijacking, but advises users against making deposits or withdrawals.
OpenLedger users can safely log in to their account at https://t.co/IdFhRTUSAv but do not attempt deposits or withdrawals
— BitShares (@bitshares) June 2, 2018
Similarities With MEW
Users of MyEtherWallet may remember a similar hijacking on April 24th, which affected users who had logged in while the domain was under the control of malicious actors. This latest DNS hijack is another reminder to cryptocurrency traders to exercise caution when accessing their accounts.
Have your say. Have you been affected by the DEX hijacking?
Images via Wikimedia