Early this morning, servers providing domain name system (DNS) service to MyEtherWallet (MEW), the client-side software interface for interacting with the Ethereum blockchain, fell victim to a hack that utilized DNS cache poisoning (or spoofing) – a means of hijacking Border Gateway Protocol (BGP).
Couple of DNS servers were hijacked to resolve http://myetherwallet.com users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
MyEtherWallet.com: Your Key to Ethereum
Free, open-source, client-side Ethereum wallet. Enabling you to interact with the blockchain easily & securely.
Some users logging into MyEtherWallet during this brief timeframe earlier today – hours at most – fell prey to a phishing scam that tricked users into surrendering their wallet keys before transferring their cryptocurrency into what can only be assumed to be the hacker(s) associated digital wallet. It’s being reported that the attacker made off with 215 Ether, the equivalent of $160,000 at the time of the transaction.
Founder of MyEtherWallet Kosala Hemachandra told ETHNews:
“It was a DNS poisoning attack on myeitherwallet.com. We suspect that Google DNS cached it and a lot of other DNS servers cached it as well. It wasn’t on our end. Our hands were tied.”
DNS spoofing is a type of IP address hijacking that has particular venom when utilized against financial services because of the exposure those platforms have to their customers’ personal and corporate finances. This kind of hack is particularly dangerous because of how easily it can propagate from one server to another.
Hackers utilize attack vectors that exploit weakness in the internet’s domain name system to redirect internet traffic away from legitimate servers or websites to fraudulent ones that often resemble their genuine doppelganger or mimic their functionality.
Notably – while this issue was tragic for MEW and its affected users –the company had little control over or means to prevent the situation, which was resolved by server providers not MEW.
MEW concluded its announcement to the ecosystem with a set of reminders that should be taken as paramount for users:
“PLEASE ENSURE there is a green bar SSL certificate that says “MyEtherWallet Inc” before using MEW.
We advise users to run a local (offline) copy of the MEW (MyEtherwallet).
We urge users to use hardware wallets to store their cryptocurrencies.”
Like so much of the emerging security concerns surrounding cryptocurrency, safety remains largely in user hands. Bad actors will likely continue to target human error through social engineering more often than via technical hacks. MyEtherWallet users were also the focus of an email phishing scam last October and a counterfeit of the wallet’s app appeared in the Apple App store in December.