Categories: News

Phishing Attack on MyEtherWallet Steals $150,000 From Wallet Users

MyEtherWallet users are in an uproar after approximately 250 ETH, around $150,000 worth, went missing since a Domain Name System (DNS) server attack began Tuesday at noon, redirecting visitors to a phishing site.

Kosala Hemachandra, Founder and CEO of MyEtherWallet, released this comment fifteen minutes after the attack:

This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system. It can happen to any organization, including large banks. This is not due to a lack of security on the @myetherwallet platform. It is due to hackers finding vulnerabilities in public-facing DNS servers.

A majority of those affected were using Google DNS servers. Affected users are likely to have clicked the “ignore” button on an SSL warning that pops up when visiting a malicious site imitating MEW. We recommend all our users to switch to Cloudflare DNS servers in the meantime.

Phishing and MEW

While this is a common hacking trick and not a reflection on MEW’s coding, it’s still costing users thousands of dollars and creating a great deal of panic. Reddit, GitHub, and Twitter have all been active with news from within the community.

DNS phishing attacks work by redirecting visitors from a legitimate website with SSL encryption to an untrusted, but often virtually identical, site where hackers ask for your private data in order to steal your funds.

While we don’t know where funds are being ultimately transferred to, the address 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29 has received nearly 180 transactions since this morning, sending 250 Ether to the address 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83. The image below shows a total of 250 Ether moving in and out of the Ethereum address linked to the phishing heist, and Etherscan has also flagged this additional address – now showing a zero balance – for its role in the heist.

The community has been quick to investigate the source of the attack. A Discord user quickly found the Google DNS responsible.

Related Post

Another community member investigating the hack, Mohammed Jabir, tracked down the stolen ETH for sale on an Arabic crypto forum and translated it in his Twitter post shown below. MEW has issued steps for making sure one’s wallet is safe, including the suggestion to run it offline from a GitHub download straight from the MEW team.

When these kinds of security breaches happen, they greatly reduce trust, even when they aren’t because of something the wallet site has done. Though there’s a great deal of evidence that the community has banded together to help one another avoid these situations, many are soliciting advice for other wallet storage options aside from MEW.

Just a week ago, Kosala Hemachandra announced exciting plans for the MEW team in our exclusive interview. Today, the burden is on them to show a thoughtful response that will eliminate these types of security risks to users.

In the wake of all this controversy, many are wondering if the attackers will also target other sites.

Cloudflare posted an excellent summary of the day’s events and the parties which are all partially responsible for this scam:

Events like these are a reminder that cryptocurrency still has many elements of the Wild West and that hackers are lured by this setup, pushing us to seek greater security wherever possible. Always remember to check for anything out of the ordinary, whether it’s a certificate missing or a domain name that’s slightly off.

Leslie Ankney

Leslie Ankney is a cryptocurrency investor, writer, and digital nomad. Follow her adventures on Twitter and Instagram at @CryptoLeslie

Share
Published by
Leslie Ankney

Recent Posts

Ethereum Down While Bitcoin, Solana, and JetBolt Skyrocket In End November 2024

Ethereum stumbles as Bitcoin surges past $97K, Solana eyes new highs, and JetBolt’s presale shakes…

1 hour ago

Top 5 Best Crypto Presales to Grab Now: Don’t Miss These December Week 1 Gems

The crypto market is a buzz with promising presales as 2024 draws the curtains. With…

2 hours ago

Cheems Surge On BSC Network: A Rising Star With Growing Market Value

The Cheems token on the Binance Smart Chain (BSC) is gaining significant momentum, surging by…

10 hours ago

Lester Token Crashes 40% Following Official Announcement

The value of $LESTER plummeted by 40% in the past 24 hours, leaving its market…

10 hours ago

From $30K To Millions: The Wild Journey Of $Quant And Xiaohaige’s Memecoin Stunts

In a bizarre turn of events, a young live-streamer known as Xiaohaige created the memecoin…

10 hours ago

Whale “convexcuck.eth” Makes Bold $CVX Move, Nets Significant Profit Amid Price Surge

The crypto whale known as "convexcuck.eth" has made waves in the DeFi world, spending $2…

10 hours ago