Hamburger X.

My Ether Wallet Suffers Phishing Attack After Hackers Hijack Google Public DNS

phish 2

Google Public DNS Hijacked, MEW Users Lose Funds

On April 24, 2018 the popular Ethereum wallet MyEtherWallet suffered a phishing attack on its Google Public DNS.  Some 515 ETH ($360,500) has been stolen as a result of the hack.

One Reddit user on r/myetherwallet, u/rotistain, alerted other community members of the hack this morning.  Upon waking up, rotistain accessed only to notice that the link had an invalid connection certificate, labeling the site as not secure.  Proceeding anyway, rotistain used a private key to log in and was greeted with “a countdown for about 10 seconds and A tx [that sent] the available money [he] had on the wallet to another wallet.” 

Soon after this post, a handful of posts on r/cryptocurrency, r/ethereum, and r/ethtrader surfaced to warn other users of the security breach. Before the initial post on r/myetherwallet, Dent’s Twitter account tweeted a warning that Google’s DNS was returning the wrong IP for the website, as well as displaying the same invalid SSL that rotistain mentioned.

According to the multitude of Reddit posts, the faulty IP address and name server are Russian in origin. Users also tracked the filched funds back to two wallet addresses, one of which the MyEtherWallet team has labelled as Fake_Phishing899 in response to the attack.  At press time, funds have been moved from these addresses, split up, and scattered through a variety of fresh wallets to obscure their allocation.

While they have yet to corroborate the origin of the hack, the MyEtherWallet team did confirm on Twitter that a “[couple] of DNS servers were hijacked.”  The team claims that the security breach was not a result of vulnerabilities on and that they are working on resolving the issue immediately.

As with past phishing attacks that have targeted Ethereum-powered wallets or exchanges, the hacker(s) could only compromise accounts whose users entered their private keys on the fake website. As such, if you attempted to access MyEtherWallet at the time of the attack with a hardware wallet or MetaMask, your funds would be safe. Additionally, as the phishing attack hijacked the wallet service’s Google Public DNS, some users who accessed from another one of its domain name server hosts wouldn’t have run into issues.


Newsletter (Sidebar)

  • This field is for validation purposes and should be left unchanged.



Getting Started Gold Bars.


3Commas Sees an Automated Trading Cryptocurrency Future

As the cryptocurrency market continues to entice new and old traders, teams are building projects to facilitate the process of buying and selling digital assets. One such company, called 3Commas,…


Getting Started Gold Bars.


Colin is a freelance writer and crypto-enthusiast based in Nashville, TN. When he’s not speculating crypto futures, he’s probably letting his hair down and/or heading to a music festival–because stereotypes exist for a reason.