Popular Ethereum wallet interface MyEtherWallet has succumbed to a DNS hijacking attack that allowed a hacker to redirect users to a malicious version of the website and phish their private keys.
The incident was first on social media by users claiming to have been affected by th
e breach, and MyEtherWallet later confirmed it on .
“Couple of DNS servers were hijacked to resolve myetherwallet.com users to be redirected to a phishing site,” the company said. “This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.”
It’s unclear how the hackers were able to gain control of MyEtherWallet’s Domain Name System (DNS), but this type of attack has on multiple occasions.
As in previous cases, the malicious website phished user’s private keys when they entered them into the fraudulent MyEtherWallet client.
It appears that the hacker obtained about (~$150,000) from the attack, which lasted several hours. One unfortunate user lost more than 85 ETH, worth nearly $60,000.
Coins stolen as part of the attack have been funneled into , which contains more than $17 million in ETH and has been linked to previous phishing scams.
Users who accessed the fraudulent website using a hardware wallet such as were protected from the private key exploit, though it’s possible that the malicious website could have replaced the address to which they were attempting to send their coins with a false one controlled by the hacker.
Your private keys never leave the TREZOR device, so even this DNS hijack does not endanger your funds. However, it is possible that the fraudulent site might replace your addresses. Always verify the address on your TREZOR screen when sending and receiving.
— TREZOR (@TREZOR)
For added security, it’s a wise idea to download a browser extension that maintains a blacklist of malicious websites. and are two popular options for Chrome users. These tools will not guarantee protection from phishing scams, but they provide an extra layer of protection.
Finally, MyEtherWallet users can also download a copy of the website from Github and , further increasing their security.
Follow us on .
Advertisement
Published at Tue, 24 Apr 2018 16:43:18 +0000
Ethereum News
![The one thing in crypto that nobody is saying [cryptocurrency perspective]](https://ohiobitcoin.com/storage/2019/01/kbBTbr.jpg "The one thing in crypto that nobody is saying [cryptocurrency perspective]")
