It is not the first time someone has managed to steal Ethereum. Unfortunately, such incidents have only become more apparent and gotten worse over time. It seems MyEtherWallet has fallen victim to yet another hack, even though the platform itself was apparently not to blame. Instead, the platform’s SSL certificate was “targeted” in an attack.
Another MyEtherWallet Incident Takes Place
Whenever a popular online service is involved with financial transactions of any kind, it will attract unwanted attention from various criminals. In the case of MyEtherWallet, there have been some hiccups along the way. This latest incident, however, is a lot more worrisome than some of the previous incidents. Some of the platform’s servers used an unsigned SSL certificate and redirected visitors to a server in Russia.
Anyone falling victim to this redirection saw their wallet emptied in short order. Several thousands of dollars have been stolen already, although it remains to be seen if that is the final tally. It took all but two hours to shut down this attack, but a lot of money was stolen regardless due to the popularity of the MyEtherWallet service.
At the time of writing, the MyEtherWallet team was conducting an investigation to determine which servers were targeted. Users are always advised to run a local offline copy of MyEtherWallet rather than connect to the online platform. This latter option remains more popular because most cryptocurrency users will always prefer convenience over security. In some cases, they will pay the price for it.
It is important to note this hijack has nothing to do with compromising MyEtherWallet itself. Instead, the attackers intercepted DNS requests for the website. It seems this was a direct result of using Google’s DNS service, combined with a forged communication through Amazon’s system. It seems an upstream ISP was compromised to announce a subset of Route 53 IP addresses to networks peered with this ISP. It was a very elaborate attack, albeit one that was seemingly pulled off with relative ease.
Although such blatant attacks are rather uncommon, they will not necessarily become less popular. This type of attack highlights a massive flaw in a cornerstone of the internet’s infrastructure and has not been properly addressed ever since it first became popular many years ago. It remains unclear if the ongoing investigation will dig up any other affected services.
Whether or not MyEtherWallet will reimburse users affected by this heist remains to be seen. It is evident the stolen money has to be recovered somehow. Since no one knows who the culprit is or where they are located, the traditional method appears to be out of the question completely. It’s a very troublesome story well worth keeping an eye on, and one that highlights the need for improved internet security in general.