Hackers Steal Ethereum from MyEtherWallet by Hijacking DNS Servers
Man hands using a keyboard

Hackers Steal Ethereum from MyEtherWallet by Hijacking DNS Servers

Apr 26, 2018, 3:29PM
Hacks & Frauds 1 min, 49 sec READ
by Tom Nyarunda

Hackers used the man-in-the-middle attack to gain access to a DNS server to steal $150,000 in Ethereum from MyEtherWallet.com users.

Leading web-based Ethereum wallet, MyEtherWallet (MEW), became the latest victim of a DNS hack at midnight on April 24, 2018. Users accessing the service were redirected to a counterfeit version of the website. The hackers stole over $150 K using the stolen private keys to numerous wallets.  

Missing Funds from Users Wallets    

The incident began to come to light when a MEW user smelled a rat on the MEW interface. The suspicious user reported on Reddit r/rotistain that they had become a hacking victim. The user had logged into the MEW website and after 'confirming' the apparent authenticity of the site, and despite knowing better, logged onto the phishing site and lost the 0.09 ETH in their wallet. 

MyEtherWallet (MEW) confirmed the hacking incident on Twitter saying its Domain Name System (DNS) servers had been attacked and users had been redirected to a server in Russia. After accessing the affected users' private keys, the hackers siphoned at least 215 ETH coins worth over $150,000. During the attack, which lasted four hours, one victim lost over 85 Ethereum coins worth $60,000.  

MEW asserted that the breach did not occur on their side but on the public DNS servers and that they were in the process of verifying which servers were affected. Meanwhile, they advised users to run an offline copy of their digital wallet to prevent further losses. 

MEW founder and CEO Kosala Hemachandra said:"all the DNS servers are resolving back to correct addresses." He said attackers were "large enough to do a DNS poisoning attack on Google public DNS servers, which made it cache a malicious IP address for myetherwallet.com." But, he said Google fixed the issue "in a short time."

RELATED ARTICLES

DNS hijackings like this one are becoming more prevalent. In early January 2018, BlackWallet.com suffered a similar attack with the hackers stealing over $400,000 worth of XLM. EtherDelta and Etherparty suffered similar hijackings. Such attacks show that, despite precautions taken by users, web-based exchanges still present a potential centralized point of failure.   

 

 

Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.