Cyberattack: MyEtherWallet Servers Hacked and $152,000 worth of Ethereum lost

MyEtherWallet hacked $152 thousand stolen ethereum

Popular web ethereum wallet MyEtherWallet (MEW) has suffered a cyber-attack on Tuesday 23rd of April. Users of the web app noticed an irregularity when login into the app. The attack saw clients of MyEtherWallet losing around $152,000 worth of ethereum.

Anybody who connected to the MEW services was confronted by an unsigned SSL certificate and a link for verification. Although this is unusual, it is not unheard of. Internet users usually click this kind of links without realizing the dangers.

Clicking on the link would direct the unsuspecting web user to a server in Russia. Fifteen minutes after the cyber-attack, MyEtherWallet quickly notified its users in a warning tweet detailing the dangers of the attack. The tweet revealed that the hackers redirected DNS lookups for its dot-com to a malicious website masquerading as the MEW website. Clients login in on the MyEtherWallet.com were been redirected to a malicious site where the login and payment details of the clients were been stolen. With this information, the hackers went further to empty the wallets of the affected clients.

SEE ALSO:   Why Bitcoin Going Down? Bitcoin (BTC) Price Analysis: Bitcoin BTC Suffers a Sharp Decline in Price to 6,000 USD Setting a New Low for 2018 (Bitcoin News Today)

On Reddit, MyEtherWallet made a statement in regards to the event saying that there were verifying which servers were targeted to help resolve this issue and advised users to run a local (offline) copy of the MyEtherWallet.

Among reactions on Reddit, Micky Socaci, the lead developer at BlockBits.io, explaining the attack advised users not to use myetherwallet.com if they were using Google Public DNS (8.8.8.8 / 8.8.4.4) at the time. “It seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!” he warned. 

Although the security breach was not a result of vulnerabilities on myetherwallet.com however, this latest incident highlights the dangers of relying on a centralized interface and also exposes the weakness in Domain Name Servers (DNS).

In another tweet posted, MEW disclosed that it was working on verifying which servers to get it resolved as soon as possible.

loading...

Legal Disclaimer: The content of this website (smartereum.com) is intended to convey general information only. This website does not provide legal, investment, tax, etc advice. You should not treat any information on smartereum.com as a call to make any particular decision regarding cryptocurrency usage, legal matters, investments, taxes, cryptocurrency mining, exchange usage, wallet usage, initial coin offerings (ICO), etc. We strongly suggest seeking advice from your own financial, investment, tax, or legal adviser. Neither smartereum.com nor its parent companies accept responsibility for any loss, damage, or inconvenience caused as a result of reliance on information published on, or linked to, from smartereum.com.

SEE ALSO:   Bitcoin (BTC) Vs. VeChain Thor (VEN): Which Should You Invest in This 2018? (VeChain Thor Price Prediction)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Smart About Crypto!


Promise we won’t spam you!

We Are Hiring

Click here if you would like to join one of the fastest growing blockchain news companies in the world!