$361 000 USD

APRIL 2018

GLOBAL

MYETHERWALLET

DESCRIPTION OF EVENTS

"MEW (MyEtherWallet) is a free, client-side interface helping you interact with the Ethereum blockchain. Our easy-to-use, open-source platform allows you to generate wallets, interact with smart contracts, and so much more."

 

"Taylor Manahan and Kosala Hemachandra founded MEW (MyEtherWallet) back in 2015, not long after Ethereum was created."

 

"On April 24, 2018 the popular Ethereum wallet MyEtherWallet suffered a phishing attack on its Google Public DNS."

 

"According to the multitude of Reddit posts, the faulty IP address and name server are Russian in origin. Users also tracked the filched funds back to two wallet addresses, one of which the MyEtherWallet team has labelled as Fake_Phishing899 in response to the attack. At press time, funds have been moved from these addresses, split up, and scattered through a variety of fresh wallets to obscure their allocation."

 

"While they have yet to corroborate the origin of the hack, the MyEtherWallet team did confirm on Twitter that a “[couple] of DNS servers were hijacked.” The team claims that the security breach was not a result of vulnerabilities on myetherwallet.com and that they are working on resolving the issue immediately."

 

"Couple of DNS servers were hijacked to resolve http://myetherwallet.com users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap."

 

"As with past phishing attacks that have targeted Ethereum-powered wallets or exchanges, the hacker(s) could only compromise accounts whose users entered their private keys on the fake website. As such, if you attempted to access MyEtherWallet at the time of the attack with a hardware wallet or MetaMask, your funds would be safe. Additionally, as the phishing attack hijacked the wallet service’s Google Public DNS, some users who accessed myetherwallet.com from another one of its domain name server hosts wouldn’t have run into issues."

 

"Hmm, Google's DNS server 8.8.8.8 is returning wrong IP for www. myetherwallet .com and the SSL certificate returned is invalid , BE CAREFUL OUT THERE!"

 

"PSA: DON'T LOGIN to check if all of your crypto is gone, because then it will for sure be gone! This is exactly what the malicious entities would want you to do!"

 

"Some 515 ETH ($360,500) has been stolen as a result of the hack."

MyEtherWallet suffered from their DNS being rerouted to an attack website, hosted in Russia. The attackers managed to compromise a number of people's accounts, who attempted to use the site at this time. 515 ETH were stolen. There is no evidence of any recovery.

HOW COULD THIS HAVE BEEN PREVENTED?

The website popped up with an SSL certificate warning. Do not proceed to enter sensitive information if such occurs. The way to prevent the incident more thoroughly is to never use online tools to store funds. Always store private keys and sign transactions offline, on a device such as a hardware wallet. Keep most of your funds in a cold storage wallet, and withdraw only what you need.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.