coincentral-main-menu-search-eyeglass
Hamburger X.

My Ether Wallet Suffers Phishing Attack After Hackers Hijack Google Public DNS

phish 2

Google Public DNS Hijacked, MEW Users Lose Funds

On April 24, 2018 the popular Ethereum wallet MyEtherWallet suffered a phishing attack on its Google Public DNS.  Some 515 ETH ($360,500) has been stolen as a result of the hack.

One Reddit user on r/myetherwallet, u/rotistain, alerted other community members of the hack this morning.  Upon waking up, rotistain accessed myetherallet.com only to notice that the link had an invalid connection certificate, labeling the site as not secure.  Proceeding anyway, rotistain used a private key to log in and was greeted with “a countdown for about 10 seconds and A tx [that sent] the available money [he] had on the wallet to another wallet.” 

Soon after this post, a handful of posts on r/cryptocurrency, r/ethereum, and r/ethtrader surfaced to warn other users of the security breach. Before the initial post on r/myetherwallet, Dent’s Twitter account tweeted a warning that Google’s DNS was returning the wrong IP for the website, as well as displaying the same invalid SSL that rotistain mentioned.

According to the multitude of Reddit posts, the faulty IP address and name server are Russian in origin. Users also tracked the filched funds back to two wallet addresses, one of which the MyEtherWallet team has labelled as Fake_Phishing899 in response to the attack.  At press time, funds have been moved from these addresses, split up, and scattered through a variety of fresh wallets to obscure their allocation.

While they have yet to corroborate the origin of the hack, the MyEtherWallet team did confirm on Twitter that a “[couple] of DNS servers were hijacked.”  The team claims that the security breach was not a result of vulnerabilities on myetherwallet.com and that they are working on resolving the issue immediately.

As with past phishing attacks that have targeted Ethereum-powered wallets or exchanges, the hacker(s) could only compromise accounts whose users entered their private keys on the fake website. As such, if you attempted to access MyEtherWallet at the time of the attack with a hardware wallet or MetaMask, your funds would be safe. Additionally, as the phishing attack hijacked the wallet service’s Google Public DNS, some users who accessed myetherwallet.com from another one of its domain name server hosts wouldn’t have run into issues.

NEWSLETTER

Newsletter (Sidebar)

  • This field is for validation purposes and should be left unchanged.

RELATED ARTICLES

blockchain entertainment industry

The Entertainment Industry and Blockchain Create New Possibilities

Blockchain may well provide the entertainment industry with an effective way to protect the digital rights of artists and provide them proper compensation.

Read More
gamble

Win or Lose: The Gamble Some Are Taking to Become Bitcoin Billionaires

Recently, we looked at a few stories about how some people became bitcoin millionaires. While this feat is impressive, there are a few people who are vying to become part of an even more elusive group of bitcoin billionaires. In…

Read More
Blockchain Logistics Feature Image

Blockchain Logistics – Changing the World or Just Marketing Hype?

Supply chain and logistics are industries in need of real change. Blockchain startups have continued to pop up over the last few years to challenge existing companies with their mostly inefficient logistical practices. Cryptocurrency projects like VeChain Thor and Waltonchain are leading…

Read More

NEXT ARTICLE

Getting Started Gold Bars.

NEXT ARTICLE

The Entertainment Industry and Blockchain Create New Possibilities

Blockchain may well provide the entertainment industry with an effective way to protect the digital rights of artists and provide them proper compensation.

ABOUT THE AUTHOR

Getting Started Gold Bars.

ABOUT THE AUTHOR

Colin is a freelance writer and crypto-enthusiast based in Nashville, TN. When he’s not speculating crypto futures, he’s probably letting his hair down and/or heading to a music festival–because stereotypes exist for a reason.