MyEtherWallet Warns That A “Couple” Of Its DNS Servers Have Been Hacked

MyEtherWallet tweets a warning that a “couple” of its DNS servers have been hacked, and users are being redirected to a phishing site.
MyEtherWallet tweets a warning that a “couple” of its DNS servers have been hacked, and users are being redirected to a phishing site.

Update: Data from EtherScan shows that over $150k worth of ETH has been stolen in the DNS hack. Starting from 07:17 this morning, 179 inbound transactions totaling 216.06 ETH were sent to ETH address 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29. At 10:15, the attacker sent 215 ETH to 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83.

One MEW user on Reddit explained how they lost 0.9 ETH when their connection was intercepted as they logged in:

Woke up today, Put my computer on, went on to myetherwallet and saw that myetherwallet had a invalid connection certificate in the corner. I thought this was odd. https://i.imgur.com/2x9d7bR.png . So I double checked the url address, triple checked it, went on google, got the url . Used EAL to confirm it wasn't a phishing site.  And even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet, "0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29."

Cryptocurrency wallet MyEtherWallet (MEW) tweeted a warning that a “couple” of its DNS servers have been hacked and users risk being redirected to a phishing site this morning, April 24. MEW is now in the process of verifying which servers have been targeted and is working to resolve the hack “asap,” they added.

Alarmed MEW users have been active all day on Reddit and other platforms as they await further details from the MEW team, with many deciding not to log in at all to avoid security risks. Others are advising each other to run MEW offline, or at the very least to double check that the SSL connection is always green when interacting with a site.

The hack, which this time has been confirmed by MEW themselves, recalls the allegations of a DNS hack levelled at MEW in January by the developers of altcoin Ethereum Blue (BLUE), categorically dismissed at the time by MEW as “a stupid lie.”

An outraged user, raising the spectre of January, quipped:

According to recent updates on Reddit, Google’s Public DNS appears to now be resolving to the correct ISP, but MEW developers have not officially given a green light that the DNS attack has been solved.