Monday, 13 July 2020

MyEtherWallet has been hacked

Over $150k worth of ETH has been stolen
Data from EtherScan shows that over $150k worth of ETH has been stolen in the DNS hack. Starting from 07:17 this morning, 179 inbound transactions totaling 216.06 ETH were sent to ETH address 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29. At 10:15, the attacker sent 215 ETH to 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83.
One MEW user on Reddit explained how they lost 0.9 ETH when their connection was intercepted as they logged in:
Woke up today, Put my computer on, went on to myetherwallet and saw that myetherwallet had a invalid connection certificate in the corner. I thought this was odd. screenshot . So I double checked the url address, triple checked it, went on google, got the url . Used EAL to confirm it wasn't a phishing site. And even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet, "0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29.

Cryptocurrency wallet MyEtherWallet (MEW) tweeted a warning that a “couple” of its DNS servers have been hacked and users risk being redirected to a phishing site this morning, April 24. MEW is now in the process of verifying which servers have been targeted and is working to resolve the hack “asap,” they added.

Alarmed MEW users have been active all day on Reddit and other platforms as they await further details from the MEW team, with many deciding not to log in at all to avoid security risks. Others are advising each other to run MEW offline, or at the very least to double check that the SSL connection is always green when interacting with a site.

The hack, which this time has been confirmed by MEW themselves, recalls the allegations of a DNS hack levelled at MEW in January by the developers of altcoin Ethereum Blue (BLUE), categorically dismissed at the time by MEW as “a stupid lie.”

Official statement:

More technical stuff can be found here.

The security vulnerabilities in BGP and DNS are well known, and have been attacked before. This is the largest scale attack I have seen which combines both, and it underscores the fragility of internet security.
It also highlights how almost nobody noticed until the attack stopped. There is a blind spot.

source: cointelegraph 
Legal disclaimer: The insight, recommendations and analysis presented here are based on corporate filings, current events, interviews, corporate press releases, and what we've learned as financial journalists. They are presented for the purposes of general information only, and all the information belongs to the original publishers. These may contain errors and we make no promises as to the accuracy or usefulness of the information we present. You should not make any investment decision based solely on what you read here.

Creamcoin Marketcap