Cyber Incident Victim: Classic Ether Wallet

The Classic Ether Wallet domain takeover incident occurred between June 29 and June 30, 2017, when an unidentified attacker compromised the official ClassicEtherWallet.com website by socially engineering the domain registrar's support staff. The hacker convinced representatives at web hosting provider 1on1 to transfer control of the domain away from its legitimate owners. Upon gaining control, the attacker redirected the domain to a malicious server under their operation. This server intercepted user interactions with the wallet interface, specifically targeting login attempts and transaction requests. Users who accessed the compromised website during this period and entered their private keys unknowingly exposed their credentials to the attacker. The malicious infrastructure also altered transaction details in real-time, redirecting Ethereum Classic (ETC) funds to wallets controlled by the hacker instead of the intended recipients.

Affected users began reporting unauthorized fund transfers on June 30, with losses documented on Reddit threads showing individual thefts including 800 ETC ($14,500) and 201 ETC ($3,600). Cumulative reported losses suggested approximately $300,000 in stolen funds, with the attacker employing small transactions to evade detection. The cryptocurrency community responded organically by proposing distributed denial-of-service (DDoS) attacks against the fraudulent site to disrupt operations and prevent further victimization. Within hours, the Ethereum Classic development team collaborated with cybersecurity experts to implement technical countermeasures, resulting in Cloudflare blacklisting the malicious domain. This containment action prevented additional users from accessing the compromised service but did not recover stolen assets. The incident exclusively impacted users who interacted with the hijacked domain during the 24-hour attack window, with no evidence of backend system breaches or wallet protocol vulnerabilities exploited.