$15 000 USD

OCTOBER 2017

GLOBAL

MYETHERWALLET

DESCRIPTION OF EVENTS

"MEW (MyEtherWallet) is a free, client-side interface helping you interact with the Ethereum blockchain. Our easy-to-use, open-source platform allows you to generate wallets, interact with smart contracts, and so much more."

 

"Taylor Manahan and Kosala Hemachandra founded MEW (MyEtherWallet) back in 2015, not long after Ethereum was created."

 

"The domain xn--myetherwalle-9me.com is a Unicode domain which makes it hard to discern from the real domain. The Unicode trick is used in order to make it difficult to distinguish, as shown below. Never played around with the Unicode trick, so had issues to see the differences myself."

 

"Behind the phishing domain, a myetherwallet.com clone is present (note the weird “t” with a T-comma underneath the letter, my humble respect for the Unicode trick! To bad they use it in a malicious way)."

 

"On the 24th, security researcher, Wesley Neelen revealed that he was one of the recipients of the phishing email, claiming that the wallet provider was implementing a hard fork update, urging the victims to unlock their accounts using their Keystore Files or private keys, synchronize their wallets and verify their ETH and token balances. By doing all that, one could have exposed their private keys along with providing information on the hackers about his or her wallet balance."

 

"Received a MyEtherWallet phishing e-mail on a e-mail address only submitted to a @kin_foundation mailinglist."

 

"We have pushed an update that allows smooth sailing for all the MyEtherWallet users in the process of the upcoming hard fork. To make use of this update we request all users to sign in to their MyEtherWallet accounts and synchronize their wallets for continuous undisturbed use of our services."

 

"Unlock your account by using your Keystore File (UTC / JSON) or simply use your private key. Only do this using the official MyEtherWallet site!" (Link to their phishing site.)

 

"The webpage is a one-on-one clone of the real MyEtherWallet.com website. Also, HTTPS was implemented using the free Let’s Encrypt service."

 

"After analyzing the live log, it became clear that one of the victims wallets lost 42.50 ETH. 42 ETH was equal to $12,577.63 around the time of the phishing attack."

 

"This morning, the attackers sent 3 times 16.5 ETH ($4,847.37) to 3 different ETH addresses. In other words: the attackers were able to obtain my e-mail address from the Kin Foundation mailing list in some way, performed a very well setup phishing attack and were able to obtain about $15.000 in 2 hours. I contacted the domain register of the Unicode domain. However, this is “bulletproof” hosting provider, not sure whether they will take it offline. Next to this we contacted appropriate authorities to initialize a notice and take down."

MyEtherWallet is a popular and widely used cryptocurrency wallet service. A realistic email update was sent out, providing users with a link to download a new version of the wallet, which was intended to handle an upcoming hard fork.

 

Those users who clicked the link in the email received would have been redirected to a fake version of the site on a URL which looks extremely similar. Thousands of dollars worth of cryptocurrency (at least $15,000) were stolen in the attack.

HOW COULD THIS HAVE BEEN PREVENTED?

Cryptocurrency users need to always make sure that they are accessing any downloads directly on the official website. Unless infeasible, it's safer to transfer only a small wallet to any newly downloaded software, and wait prior to moving any significant sums over. (Malicious wallet developers typically sweep funds soon after any deposit is made.) Most blockchain updates are backwards compatible. It's a good idea to always ask trusted friends if you receive news of an update. Never make a rushed decision to download any new wallet software. Store most of your funds offline on a hardware wallet or paper copy, with a backup seed phrase, and set up a multi-sig if you have the technical knowledge to do so properly.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.