MyEtherWallet (MEW) DNS Website Attack Is Hijacking Funds & Stealing Keys

Updated: MyEtherWallet Responds***

Below is our original post and are now updating it will new facts and findings being discovered. For two hours (11am – 1pm UTC) a hijack of Amazon's internet domain service happened and rerouted website traffic using a key protocol known as BGP.

MEW is now reporting everything is back to normal and to ensure that the green HTTPS SSL certificate indicating a secure lock is at the top of the browser when using the service. While things might be back in order for now, please let this be a word to the wise and cause for caution when moving funds around in rapidly revolving crypto-world.

MyEtherWallet (MEW) DNS Hack: Initial Report

Recently MyEtherWallet has been feared of being hacked into- after reports of users having their IDs compromised- spread through the Crypto-verse like wildfire. The earliest reports of compromised IDs stemmed from the developers of the altcoin, Ethereum Blue. They sent out multiple tweets throughout the day warning users that their MyEtherWallet ID is unsafe and that the website has been hacked.

Many other users soon stated that their IDs have been hacked. All of their digital currency has been transferred to another address. This undoubtedly led to a panic in the hearts of the users of MyEtherWallet as they set to twitter frenzies; asking MyEtherWallet for confirmation about the hack. A Reddit user implied that about $44 million has been stolen. Others are reporting over $150,000 of ETH was sent to an address containing over $20 million worth of crypto in it.

MyEtherWallet’s Response

In a private interview, MyEtherWallet has denied all accusations and dismissed rumors about the hack. They also stated that this panic was probably caused by phishers in order to gain access to the IDs of worried but unsuspecting users. In their official tweets, the wallet provider has further assured its users that there was nothing to worry about. Employees of MyEtherWallet have also said that they have not heard of any hacks either.

My take on MyEtherWallet’s supposed hack

The crypto wallet company, MyEtherWallet has continuously dispelled rumors of their site being compromised. Furthermore, hacks like these can never be kept under the lid for long. MyEtherWallet’s employees have also reported nothing out of the ordinary.

Add that to the fact that it is very easy for possible phishers to report something like this on Reddit, and then saying something like, “check here to see if your ID is compromised.” And then giving a link to a fake website so that worried users try to check their IDs. After they type in their username and password on the fake website, the phishers can easily paste this information into the actual website and take all their money. This is what phishing is all about.

How to protect yourself from phishing scams

There are various ways to protect yourself from falling victim to phishing scams:

  1. Always check the URL;
  2. Look for that little green padlock sign with “Secure” written alongside it in the URL in the top-right corner of your browser;
  3. Check if the URL also has a green color. If it does, it is secure;
  4. Install AdBlocker;
  5. Install extensions to block malicious websites. A few examples of useful extensions are EAL or My Ether Wallet Chrome extension; and
  6. Always go directly to a site before entering your user information. Do not trust links in messages, posts, etc.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

10 + 20 =