Ethereum Wallet Hit by DNS Hack Attack, USD 150,000 Stolen

Users of MyEtherWallet lose funds to phishing scam

by Maya Bogdanova
25 April • 2 min
In News

Ethereum (ETH) wallet interface MyEtherWallet has suffered a domain name system (DNS) hack attack that saw users of the service lose around USD 150,000 worth of ETH.

The attack occurred on Tuesday morning and lasted several hours. The hacker(s) hijacked MyEtherWallet’s DNS server and redirected MyEtherWallet.com visitors to a malicious copy of the website, which phished private keys when users entered them into the system.

The wallet associated with the incident appears to have stolen more than 215 ETH — worth approximately USD 150,000 at the present exchange rate. The funds have been transferred into the attacker(s)’ wallet, which already contains more than USD 17 million in ETH, supposedly collected through other phishing scams in the past.

The incident was first reported on social media by users claiming to have been affected by the breach. MyEtherWallet later confirmed the news, stressing that DNS hijacking is a common exploit and that these attacks are not the fault of the affected organizations.

“It is our understanding that a couple of Domain Name System registration servers were hijacked at 12 PM UTC to redirect myetherwallet[dot]com users to a phishing site,” MyEtherWallet said in a Reddit post. The company added that it is currently in the process of verifying which servers were targeted to resolve this issue.

MyEtherWallet concluded its statement with a set of reminders for users: "PLEASE ENSURE there is a green bar SSL certificate that says "MyEtherWallet Inc" before using MEW. We advise users to run a local (offline) copy of the MEW (MyEtherwallet).We urge users to use hardware wallets to store their cryptocurrencies."

cyber-attack

DNS hijacking or redirecting is a popular and well-known hacking technique that undermines the routing system, misleading users to a malicious clone of the original website where their login credentials are being collected by the attacker.

The MyEtherWallet incident is not the first DNS hijacking attack against a cryptocurrency-related domain in recent months. Hackers hijacked the servers of BlackWallet.com in January, stealing over USD 400,000 of Stellar Lumen (XLM) funds. EtherDelta suffered a similar breach in December, but the amount of coins stolen remains unknown. Classic Ether Wallet and the Etherparty ICO websites have also fallen victims to DNS hijacking scams.