MyEtherWallet Ransacked As Hackers Steal $150K In Ethereum Via DNS Hijacking
MyEtherWallet confirmed on Twitter that hackers hijacked its Domain Name System (DNS) servers and redirected users to a phishing site in Russia. By obtaining private keys from affected users, the hackers reportedly were able to swipe around 215 Ethereum coins (ETH) worth somewhere in the neighborhood of $150,000. The attack lasted for several hours, and one user in particular lost more than 85 ETH worth almost $60,000.
In the Twitter post, MyEtherWallet emphasized that the security breach did not take place on its side of the equation, and that it's currently in the process of verifying exactly which servers were hit so it can resolve the issue. In the meantime, MyEtherWallet is advising users to run a local (offline) copy of its digital wallet to prevent any further loss of ETH currency.
Amazon also deflected blame, telling The Verge its own DNS system was never breached.
"Neither Amazon Web Services nor Amazon Route 53 were hacked or compromised," Amazon said. "An upstream Internet Service Provider was compromised by a malicious actor who then used that provider to announce a subset of Route 53 IP addresses to other networks with whom this ISP was peered."
The digital coins that were stolen ended up deposited into a wallet that has been linked to previous phishing scams. Apparently the hackers have been pretty successful at this, as the wallet contains more than $17 million in ETH.
As part of this latest attack, duped users were redirected to a phishing website with a certificate error, as the fraudulent website was using an untrusted TLS/SSL certification. This is the sort of thing that unsuspecting users are quick to ignore, though in this case, doing so turned out to be a collectively costly mistake.
Image Source: Reddit via rotistain
"Woke up today, Put my computer on, went on to myetherwallet and saw that MyEtherWallet had a invalid connection certificate in the corner. I thought this was odd. So I double checked the URL address, triple checked it, went on Google, got the URL. Used EAL to confirm it wasn't a phishing site. And even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and a [transaction] was made sending the available money I had on the wallet to another wallet," one of the victims stated on Reddit.
It's an unfortunate situation, and also a cautionary tale. Surf safely, folks.