Popular Ethereum wallet interface MyEtherWallet has succumbed to a DNS hijacking attack that allowed a hacker to redirect users to a malicious version of the website and phish their private keys.
The incident was first reported on social media by users claiming to have been affected by th
e breach, and MyEtherWallet later confirmed it on Twitter.
Join CCN for $9.99 per month and get an ad-free version of CCN including discounts for future events and services. Support our journalists today. Click here to sign up.
“Couple of DNS servers were hijacked to resolve myetherwallet.com users to be redirected to a phishing site,” the company said. “This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.”
It’s unclear how the hackers were able to gain control of MyEtherWallet’s Domain Name System (DNS), but this type of attack has exploited cryptocurrency-related websites on multiple occasions.
As in previous cases, the malicious website phished user’s private keys when they entered them into the fraudulent MyEtherWallet client.
It appears that the hacker obtained about 215 ETH (~$150,000) from the attack, which lasted several hours. One unfortunate user lost more than 85 ETH, worth nearly $60,000.
Coins stolen as part of the attack have been funneled into this wallet, which contains more than $17 million in ETH and has been linked to previous phishing scams.
Users who accessed the fraudulent website using a hardware wallet such as Trezor were protected from the private key exploit, though it’s possible that the malicious website could have replaced the address to which they were attempting to send their coins with a false one controlled by the hacker.
Your private keys never leave the TREZOR device, so even this DNS hijack does not endanger your funds. However, it is possible that the fraudulent site might replace your addresses. Always verify the address on your TREZOR screen when sending and receiving. https://t.co/nWyN7OqeB8
— Trezor (@Trezor) April 24, 2018
For added security, it’s a wise idea to download a browser extension that maintains a blacklist of malicious websites. EtherAddressLookup and MetaMask are two popular options for Chrome users. These tools will not guarantee protection from phishing scams, but they provide an extra layer of protection.
Finally, MyEtherWallet users can also download a copy of the website from Github and run the client on an offline computer, further increasing their security.