Ethereum Wallet Client MyEtherWallet Succumbs to DNS Hijacking Attack

April 24, 2018 5:43 PM UTC

Popular Ethereum wallet interface MyEtherWallet has succumbed to a DNS hijacking attack that allowed a hacker to redirect users to a malicious version of the website and phish their private keys.

The incident was first reported on social media by users claiming to have been affected by th

e breach, and MyEtherWallet later confirmed it on Twitter.

“Couple of DNS servers were hijacked to resolve users to be redirected to a phishing site,” the company said. “This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.”

It’s unclear how the hackers were able to gain control of MyEtherWallet’s Domain Name System (DNS), but this type of attack has exploited cryptocurrency-related websites on multiple occasions.

As in previous cases, the malicious website phished user’s private keys when they entered them into the fraudulent MyEtherWallet client.

It appears that the hacker obtained about 215 ETH (~$150,000) from the attack, which lasted several hours. One unfortunate user lost more than 85 ETH, worth nearly $60,000.

Coins stolen as part of the attack have been funneled into this wallet, which contains more than $17 million in ETH and has been linked to previous phishing scams.

Users who accessed the fraudulent website using a hardware wallet such as Trezor were protected from the private key exploit, though it’s possible that the malicious website could have replaced the address to which they were attempting to send their coins with a false one controlled by the hacker.

For added security, it’s a wise idea to download a browser extension that maintains a blacklist of malicious websites. EtherAddressLookup and MetaMask are two popular options for Chrome users. These tools will not guarantee protection from phishing scams, but they provide an extra layer of protection.

Finally, MyEtherWallet users can also download a copy of the website from Github and run the client on an offline computer, further increasing their security.

Last modified: May 20, 2020 8:51 PM UTC


Josiah is the U.S. Editor at, where he focuses on financial markets. His work has also been featured on Yahoo Finance and He lives in rural Virginia. Connect with him on LinkedIn or Muck Rack. Email him directly at josiah.wilmoth(at) Josiah Wilmoth is a Trusted Journalist.