coincentral-main-menu-search-eyeglass
Hamburger X.

My Ether Wallet Suffers Phishing Attack After Hackers Hijack Google Public DNS

phish 2

Google Public DNS Hijacked, MEW Users Lose Funds

On April 24, 2018 the popular Ethereum wallet MyEtherWallet suffered a phishing attack on its Google Public DNS.  Some 515 ETH ($360,500) has been stolen as a result of the hack.

One Reddit user on r/myetherwallet, u/rotistain, alerted other community members of the hack this morning.  Upon waking up, rotistain accessed myetherallet.com only to notice that the link had an invalid connection certificate, labeling the site as not secure.  Proceeding anyway, rotistain used a private key to log in and was greeted with “a countdown for about 10 seconds and A tx [that sent] the available money [he] had on the wallet to another wallet.” 

Soon after this post, a handful of posts on r/cryptocurrency, r/ethereum, and r/ethtrader surfaced to warn other users of the security breach. Before the initial post on r/myetherwallet, Dent’s Twitter account tweeted a warning that Google’s DNS was returning the wrong IP for the website, as well as displaying the same invalid SSL that rotistain mentioned.

According to the multitude of Reddit posts, the faulty IP address and name server are Russian in origin. Users also tracked the filched funds back to two wallet addresses, one of which the MyEtherWallet team has labelled as Fake_Phishing899 in response to the attack.  At press time, funds have been moved from these addresses, split up, and scattered through a variety of fresh wallets to obscure their allocation.

While they have yet to corroborate the origin of the hack, the MyEtherWallet team did confirm on Twitter that a “[couple] of DNS servers were hijacked.”  The team claims that the security breach was not a result of vulnerabilities on myetherwallet.com and that they are working on resolving the issue immediately.

As with past phishing attacks that have targeted Ethereum-powered wallets or exchanges, the hacker(s) could only compromise accounts whose users entered their private keys on the fake website. As such, if you attempted to access MyEtherWallet at the time of the attack with a hardware wallet or MetaMask, your funds would be safe. Additionally, as the phishing attack hijacked the wallet service’s Google Public DNS, some users who accessed myetherwallet.com from another one of its domain name server hosts wouldn’t have run into issues.

Cryptocurrency Tool Kit for only $7

NEWSLETTER

Newsletter (Sidebar)

  • This field is for validation purposes and should be left unchanged.

RELATED ARTICLES

tezos

What is Tezos (XTZ)? | A Beginner’s Guide to the Controversial Coin

Tezos is the world’s first self-evolving blockchain. Let’s take a look under the hood in this beginner...

Read More
what is minergate

What Is Minergate? | Making Mining from Your Laptop Possible Again

Minergate was the first company to provide Cryptonote mining pool services to the public. Learn more here...

Read More
Bitcoin lightning network

An Introduction to Lightning Network Apps (LAPPs): Scaling Bitcoin

Unbeknownst to a majority of crypto-enthusiasts, one of the most exciting features of the recently-implemented Lightning Network...

Read More

NEXT ARTICLE

Getting Started Gold Bars.

NEXT ARTICLE

What Is Minergate? | Making Mining from Your Laptop Possible Again

Minergate was the first company to provide Cryptonote mining pool services to the public. Learn more here and decide if the mining pool is right for you.

ABOUT THE AUTHOR

Getting Started Gold Bars.

ABOUT THE AUTHOR

Colin is a freelance writer and crypto-enthusiast based in Nashville, TN. When he’s not speculating crypto futures, he’s probably letting his hair down and/or heading to a music festival–because stereotypes exist for a reason.