Getting your Trinity Audio player ready... |
Client-facing Ethereum wallet MyEtherWallet has become the latest victim of a DNS attack. Users of the service reported missing funds, which have been confirmed by third party sources, as a result of the hijacking of their servers—a factor security experts have attributed to the risks of providing access to funds from a centralised source.
Initial reports began emerging on Tuesday, with users reporting suspicious behaviour around their MyEtherWallet accounts. The platform does not hold any cryptocurrency itself, but by providing a centralised interface for users, it is subject to the same risks that affect any website—the risk of a hack to the DNS servers, which can compromise the website and the details of those who have interacted with it.
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet | MEW (@myetherwallet) April 24, 2018
While initial reports were confirmed by MyEtherWallet, panic only started to properly set in with the emergence of a post on Reddit. According to the user affected, who was confronted with an error when logging on to the site, his gut feeling was that something was amiss.
“Even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet.”
According to third party services, the wallet address linked to the scam has already conducted some 180 scam transactions, totalling as many as 215 ETH worth over $134,000 based on current trading prices. After several hours, MyEtherWallet announced that “everything is now back to normal.”
It seems that everything is now back to normal, BUT PLEASE STAY SAFE and read/share this guide: https://t.co/uBlsJ8IoNw
— MyEtherWallet | MEW (@myetherwallet) April 24, 2018
In a statement on Reddit, the MyEtherWallet team said the attack was not due to a lack of security on the platform, but “hackers finding vulnerabilities in public facing DNS servers.”
“This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system. It can happen to any organization, including large banks,” the statement read.
According to analysts at rival firm MyCrypto, the only way to protect against this type of hack is to use a hardware wallet, or to run this type of platform in the offline environment, thus preventing the risk of a DNS hijack.
“Lots of anti-phishing folks in the community and on our team are attempting to collect information about what happened to MEW, as well as attempting to get in touch with their team to assist in any way we can. Moral of the story: use a hardware wallet or run offline,” MyCrypto tweeted.
The news will be concerning for any user of the MyEtherWallet service, with those who have logged in over the last couple of days at the most significant risk of being compromised.