A DNS attack against popular online Ether storage solution MyEtherWallet (MEW) has seen the wallets of many users emptied. The security breach occurred at around 12PM UTC. The identity of the attacker or attackers is still unknown.
Many MEW Wallet Users Affected by DNS Redirect
According to an official statement from the MEW team on Reddit, the breach occurred because of a hijacking of their Domain Name System servers. This caused visitors to MEW to be redirected to phishing sites. Their statement read:
“It is our understanding that a couple of Domain Name System registration servers were hijacked at 12PM UTC to redirect myetherwallet[dot]com users to a phishing site.”
MEW were quick to highlight that the security issue was not down to themselves. They stated that DNS servers getting redirected can happen ‘to any organisation including large banks.’
Apparently, most of those who had been affected by the breach were using Google DNS servers. MEW recommended in their statement that users switch to Cloudflare DNS servers. According to a post on MyEtherWallet’s official Twitter, the issue has now been dealt with. This was accompanied by a guide to staying safe from online scammers.
It seems that everything is now back to normal, BUT PLEASE STAY SAFE and read/share this guide: https://t.co/uBlsJ8IoNw
— MyEtherWallet.com (@myetherwallet) April 24, 2018
Some users who were affected by the DNS hijacking traced the transaction that cleared their wallet. So far, it appears that at least two wallets were used to funnel money from phished wallets. One of these has received just over 308ETH today, and a second 215ETH. Both of these wallets have since been completely emptied into a third wallet. This contains almost 25,000ETH ($17,116,289 at the time of writing). However, all these transactions have not come from the same incident as the earliest are from over two months ago.
The wallet that the funds associated with today’s DNS redirect have been funnelled into receives a constant stream of transactions making it difficult to see exactly how much has been taken from victims of today’s DNS redirect attack. There could be additional wallets that have been used as intermediaries that are yet to be reported.
Today’s breach highlights the perils of using a hot wallet such as MEW. Those wanting to secure their funds properly are much better advised to invest in a hardware wallet. Despite some high-level security issues that have been identified (and since fixed), hardware wallets are designed to protect against many threats to cryptocurrency users. Paper wallets are also much more secure than online wallets – such as those found at exchanges or services such as MyEtherWallet. However, experts recommend hardware wallets over paper wallets since creating paper wallets in a completely secure way is incredibly tough even for experienced computer users.