Tech 25 April 2018

Dan Taylor

MyEtherWallet falls victim to DNS attack

Client-facing Ethereum wallet MyEtherWallet has become the latest victim of a DNS attack. Users of the service reported missing funds, which have been confirmed by third party sources, as a result of the hijacking of their servers—a factor security experts have attributed to the risks of providing access to funds from a centralised source.

Initial reports began emerging on Tuesday, with users reporting suspicious behaviour around their MyEtherWallet accounts. The platform does not hold any cryptocurrency itself, but by providing a centralised interface for users, it is subject to the same risks that affect any website—the risk of a hack to the DNS servers, which can compromise the website and the details of those who have interacted with it.

While initial reports were confirmed by MyEtherWallet, panic only started to properly set in with the emergence of a post on Reddit. According to the user affected, who was confronted with an error when logging on to the site, his gut feeling was that something was amiss.

“Even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet.”

According to third party services, the wallet address linked to the scam has already conducted some 180 scam transactions, totalling as many as 215 ETH worth over $134,000 based on current trading prices. After several hours, MyEtherWallet announced that “everything is now back to normal.”

In a statement on Reddit, the MyEtherWallet team said the attack was not due to a lack of security on the platform, but “hackers finding vulnerabilities in public facing DNS servers.”

“This redirecting of DNS servers is a decade-old hacking technique that aims to undermine the Internet’s routing system. It can happen to any organization, including large banks,” the statement read.

According to analysts at rival firm MyCrypto, the only way to protect against this type of hack is to use a hardware wallet, or to run this type of platform in the offline environment, thus preventing the risk of a DNS hijack.

“Lots of anti-phishing folks in the community and on our team are attempting to collect information about what happened to MEW, as well as attempting to get in touch with their team to assist in any way we can. Moral of the story: use a hardware wallet or run offline,” MyCrypto tweeted.

The news will be concerning for any user of the MyEtherWallet service, with those who have logged in over the last couple of days at the most significant risk of being compromised.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

China’s e-commerce firm JD.com has applied for 200 blockchain patents

Tech 22 May 2019

China’s e-commerce firm JD.com has applied for 200 blockchain patents

JD.com, also known as Jingdong and formerly as 360Buy, is one of the leading blockchain patents applicants in the world, and is leading the way in Chinese blockchain patents.

Read More
ABN AMRO ditches BTC wallet, but eyes blockchain trade inventory system

Tech 22 May 2019

ABN AMRO ditches BTC wallet, but eyes blockchain trade inventory system

ABN AMRO got the message that nobody wanted their BTC custodial wallet, so they’ll be working on a blockchain inventory instead.

Read More
Calastone debuts world’s largest blockchain financial services system

Tech 22 May 2019

Calastone debuts world’s largest blockchain financial services system

Calastone has launched what they claim is the biggest blockchain for financial service organizations.

Read More
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]