MyEtherWallet DNS Servers Hijacked in Phishing Scheme, Resolved

All News All News Except Press Releases Crypto

MyEtherWallet has reported that their DNS servers were hacked, according to a tweet. The hijack resulted in traffic being redirected to a phishing website, and MyEtherWallet has made it clear that this was not on their side, and that they verified which servers it did effect, and that it has been resolved.

According to MyEtherWallet, their Google Domain Name System (DNS) registration servers were hacked at 12pm UTC on April 24. This is an old hacking technique, designed to route traffic from its intended location to another, usually to defraud people or to steal their login information.

MyEtherWallet clarified that the hack was not due to any lack of security on the MEW platform, but rather due to vulnerabilities on the DNS servers. They also emphasized that they do not store any personal details or private keys. Assuming this is true, the hack will only affect people who have entered their private credentials into the hackers’ landing page. Additionally, it would not have appeared unless users chose to ignore the SSL warning pop-up. In their series of tweets, MEW gave some advice to their users. This included looking for the green address bar, and using a hardware wallet.

DNS hijacking is nothing new, and MEW was not the only victim on April 24th. Amazon’s DNS servers were also hijacked, rerouting web traffic for two hours between 11am and 1pm UTC. In this case, the attackers used BGP to reroute traffic designated for websites hosted on Amazon’s Route 53 service, a cloud provider that hosts Twitter and other websites. Using a man-in-the-middle attack, they rerouted this DNS traffic from Amazon’s servers to a server in Chicago.

The MyEtherWallet traffic was redirected to a server hosted in Russia to dupe customers out of their private information and crypto assets. Although little was taken from MEW customers, the funds were directed to a wallet with a known balance of over £20m, indicating that the attackers have been successful at this scheme in the past. Granted, it would be wise for the hackers to move those funds to other wallets. If the past is any indicator, the most popular exchanges will likely (and hopefully) blacklist this particular wallet, and those directly connected to it.

Hacking attempts and phishing scams are never going away. Responsible providers like MEW will continue to improve their security measures, and to provide transparency to customers when attacks happen. The beauty of cryptocurrencies however, is that they offer another layer of protection against such attacks. The most important thing to remember is to keep your private key close to the vest. Before you enter your private credentials on any website, doublecheck that the website shown in the address bar is the website you expect it to be. Make sure that the SSL certificate is valid, and pay close attention to any warning messages you receive. This goes for any website that gives people access to valuable assets or information. Online bank accounts have been the subject of such attacks, too, as have email providers and others. With a bit of common sense, you can protect your assets across all platforms, including your digital assets.

Facebook Comments