MyEtherWallet, a popular web app designed for storing and transferring ether and other ERC-20 tokens, succumbed to a DNS attack on Tuesday which redirected users to a phishing version of the website and steal their logins.
Smart users were quick to notice something unusual. As users connect to the server, they were faced with an insecure SSL certificate, a broken link in the website’s verification. Of course, only a few internet users would check before clicking.
Some affected users reported the incident on social media, and the company, after noticing the breach about 15 minutes into the attack, raised a red flag on Twitter to warn its users about the threat:
“Couple of DNS servers were hijacked to resolve users to be redirected to a phishing site. This is not on MyEtherWallet side; we are in the process of verifying which servers to get it resolved asap.”
The hackers seem to have stolen more than 215 ETH ($150,000) from the hack, which lasted for some hours. The funds were transferred to a wallet containing over $17 million worth of Ether and links to previous phishing operations.
The company confirmed the attack in a post on Reddit: “We are currently in the process of verifying which servers were targeted to help resolve this issue as soon possible,” MyEtherWallet told users. “We advise users to run a local (offline) copy of the MyEtherWallet.”
The hackers didn’t attack MyEtherWallet directly. Instead, they intercepted DNS requests for myetherwallet.com, using a technique known as BGP hijacking to make the server look like the real owner of the address.
So far, MyEtherWallet is the only confirmed victim of the attack, but a couple of other services were likely affected. Cryptocurrency wallet hack is on the rise and users should make it a good practice to always double check the SSL before they make any login attempt into any website. This would go a long way in reducing phishing risks.