It is not the first time someone has managed to steal Ethereum. Unfortunately, such incidents have only become more apparent and gotten worse over time. It seems MyEtherWallet has fallen victim to yet another hack, even though the platform itself was apparently not to blame. Instead, the platform’s SSL certificate was “targeted” in an attack.
Whenever a popular online service is involved with financial transactions of any kind, it will attract unwanted attention from various criminals. In the case of MyEtherWallet, there have been some hiccups along the way. This latest incident, however, is a lot more worrisome than some of the previous incidents. Some of the platform’s servers used an unsigned SSL certificate and redirected visitors to a server in Russia.
Anyone falling victim to this redirection saw their wallet emptied in short order. Several thousands of dollars have been stolen already, although it remains to be seen if that is the final tally. It took all but two hours to shut down this attack, but a lot of money was stolen regardless due to the popularity of the MyEtherWallet service.
At the time of writing, the MyEtherWallet team was conducting an investigation to determine which servers were targeted. Users are always advised to run a local offline copy of MyEtherWallet rather than connect to the online platform. This latter option remains more popular because most cryptocurrency users will always prefer convenience over security. In some cases, they will pay the price for it.
It is important to note this hijack has nothing to do with compromising MyEtherWallet itself. Instead, the attackers intercepted DNS requests for the website. It seems this was a direct result of using Google’s DNS service, combined with a forged communication through Amazon’s system. It seems an upstream ISP was compromised to announce a subset of Route 53 IP addresses to networks peered with this ISP. It was a very elaborate attack, albeit one that was seemingly pulled off with relative ease.
Although such blatant attacks are rather uncommon, they will not necessarily become less popular. This type of attack highlights a massive flaw in a cornerstone of the internet’s infrastructure and has not been properly addressed ever since it first became popular many years ago. It remains unclear if the ongoing investigation will dig up any other affected services.
Whether or not MyEtherWallet will reimburse users affected by this heist remains to be seen. It is evident the stolen money has to be recovered somehow. Since no one knows who the culprit is or where they are located, the traditional method appears to be out of the question completely. It’s a very troublesome story well worth keeping an eye on, and one that highlights the need for improved internet security in general.
The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…
Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…
The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…
The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…
Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…
While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…