Myetherwallet Servers Are Hijacked in DNS Attack

Myetherwallet (MEW), the web’s most popular client-side ethereum wallet, has been compromised by a DNS attack. Numerous users are reporting missing funds and Mycrypto, a sister site which spun off from MEW earlier this year, has confirmed as much. The incident highlights the dangers of relying on a centralized interface, even when the funds are held by the individual, and exposes the inherent weaknesses of the Domain Name System.

Also read: 16 Regulated Crypto Exchanges Unveil Plans to Restore Public Trust in Japan

Myetherwallet Users Report Missing Funds

On April 24, scores of Myetherwallet users began to report suspicious activity when trying to access the web-based ethereum interface. As the web’s most popular client-side ethereum wallet, MEW is widely used for sending money to crowdsales, buying Cryptokitties, and conducting many more day-to-day transactions that involve sending ether or ERC20 tokens. The platform does not hold user funds, but like all websites it is still at risk of being hacked by having its DNS servers taken over, exposing the data of anyone who interacts with the service. Shortly after rumors began to circulate, MEW issued a tweet to confirm their veracity:

The first signs that something was wrong emanated from the Myetherwallet Reddit, where a user posted a thread entitled “Think I got scammed/phished/hacked”. They had twigged that something was amiss after seeing the following notice when visiting the site:

They explained: “Even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet.” The address the funds have been sent to currently displays on Etherscan with a warning noting that it may have been involved in a MEW scam. It has conducted 180 transactions, and claimed a total of 215 ETH. It’s been reported that MEW were redirected to an isp based in Russia.

Mycrypto Reveals More

Earlier this year, rival site Mycrypto launched as a direct competitor after the Myetherwallet founders went through an acrimonious split. While the Mycrypto team would not wish misfortune on any members of the ethereum community, there may have been a touch of schadenfreude evident in their willingness to frankly disclose the nature of the predicament MEW has found itself in, writing:

My crypto also wrote: “Lots of anti-phishing folks in the community and on our team are attempting to collect information about what happened to MEW, as well as attempting to get in touch with their team to assist in any way we can. Moral of the story: use a hardware wallet or run offline.” Services such as Myetherwallet and Mycrypto can be used in desktop versions by downloading the software, which eliminates the risk of DNS attack.

DNS attacks are becoming more prevalent. In December, another ethereum-based platform, Etherdelta, was hit by a similar attack to the one that has affected MEW, with users also reporting stolen funds. Myetherwallet is not the only crypto site to have had DNS issues today either. Earlier, Binance tweeted to say that Google’s DNS were down, preventing some users from accessing the exchange. Incidents such as today’s MEW attack demonstrate that for all the precautions a user may take, websites still present a single, centralized point of failure.

What do you think can be done to prevent DNS attacks from occurring? Let us know in the comments section below.

Images courtesy of Shutterstock, and Twitter.

Need to calculate your bitcoin holdings? Check our tools section.