Update 4/25: Cloudflare has published an article on the security incident that led to the MyEtherWallet theft. The firm explains that the attack was the result of a BGP leak, not a simple DNS hijack.
MyEtherWallet, a widely-used client-side Ethereum web wallet interface, fell prey to a DNS server hijacking scheme.
The attack occurred on Tuesday when a hacker hijacked MyEtherWallet’s domain name registration server and redirected MyEtherWallet.com visitors to a malicious copy of the website, which phished user’s private keys when they entered them into the system.
The wallet associated with the incident appears to have collected more than 215 ETH — worth approximately $150,000 at the present exchange rate — from the exploit. However, these funds have been transferred into another wallet that contains nearly 24,100 ETH (~$17 million), and this wallet has been linked to other Ethereum-related phishing scams in the past.
In a statement, MyEtherWallet stressed that DNS hijacking is a common exploit and that these attacks are not the fault of the affected organizations.
“This is not due to a lack of security on the @myetherwallet platform,” the company said on Reddit. “It is due to hackers finding vulnerabilities in public facing DNS servers.”
“A majority of the affected users were using Google DNS servers. We recommend all our users to switch to Cloudflare DNS servers in the meantime,” the statement added.
MyEtherWallet is not the first cryptocurrency website to be the victim of a DNS hijacking scheme. Both BlackWallet — which stores stellar lumens — and decentralized ERC20 token exchange EtherDelta have been hit with similar attacks in recent months.
Notably, users who were directed to the malicious website were safe if they accessed the site using a hardware wallet, as private keys never leave these devices.
To avoid future phishing scams, MyEtherWallet advised users to take several steps to protect themselves from phishing scams.
In addition to storing funds in a hardware wallet, they said that users should download and run an offline copy of MyEtherWallet, which can be obtained from the company’s code repository on GitHub.
It’s also a wise idea to install a browser extension that will block web addresses that are known to be malicious. Many Chrome users choose MetaMask, which doubles as an Ethereum wallet.
Featured Image from Pixabay