MyEtherWallet Servers compromised in DNS attack

Hackers have come up with innovative methods to gain access to crypto wallets and siphon off the funds. Governments, institutions and other agencies are looking for ways to tackle this menace.

In spite of all the efforts, hackers are still able to do the dirty job. It has been reported that Ethereum wallet MyEtherWallet has been the victim of a phishing attack on its Google Public DNS. 

How was the attack detected?

A Reddit user on r/myetherwallet, u/rotistain alerted other community members about the attack on the morning of 24th of April. The user got suspicious when he/she tried to access myetherwallet.com and noticed that the link had an invalid connection certificate and the site was labeled as not secure. However, when the user used a private key to log in, he witnessed “a countdown for about 10 seconds and A tx [that sent] the available money [he] had on the wallet to another wallet.” 

Afterward, a number of posts on r/cryptocurrency, r/ethereum, and r/ethtrader came up that warned other users of the security breach. Dent’s Twitter account had also issued a warning that Google’s DNS was returning the wrong IP for the website as well as displaying an invalid SSL. 

The tweet read as follows:

Hmm, Google’s DNS server 8.8.8.8 is returning the wrong IP for www. myetherwallet .com and the SSL certificate returned is invalid, BE CAREFUL OUT THERE! @myetherwallet can you please check whats happening! #dentcoin #btc #eth #blockchain #ethereum #bitcoin #gsma 

MyEtherWallet(MEW)

MEW is widely used to send money to crypto sales, to buy Cryptokitties and also to conduct more day-to-day transactions with the help of ether or ERC20 tokens. Although the platform does not hold any funds, it still runs the risks of its DNS being hacked and thus getting user data exposed. 

MEW also tweeted to confirm the hack. 

Mycrypto, which was launched as a direct competitor after Myetherwallet founders had an acrimonious split, said,

“Lots of anti-phishing folks in the community and on our team are attempting to collect information about what happened to MEW, as well as attempting to get in touch with their team to assist in any way we can. Moral of the story: use a hardware wallet or run offline.”

It is unclear how the hackers managed to gain access to the DNS of MEW. How these types of attacks have also taken place in the past. 

As a result of this hack, about 515 ETH or $360,500 has been lost. The coins that have been stolen have been transferred into a wallet that contains more than 4 17 million in ETH and which has previously been linked to phishing scams. 

It is believed that users who accessed the fraudulent website using a hardware wallet such as Trezor were protected from this attack. Although, it may be possible that the malicious website used for the attack may have replaced the address to which they were attempting to send the coins with another one that was controlled by the hacker. 

Previous ArticleNext Article