What was proving out to be a good week for Cryptocurrency, suddenly turned into something horrible as users were duped of their money at MEW (MyEtherWallet).

The users due to a recent breach at MEW reportedly incurred a loss in tunes of $1, 50,000. Some DNS servers were hacked at around 12 PM UTC 24 April. The DNS servers directed the users to a phishing site where as soon as the user punched in their Private keys their tokens were transferred to the attacker’s account.

As per Coindesk, around 216 Ether or $150,000 amounts of tokens were stolen.

Was this a mistake on MEW part or user’s part? Actually, it was none. According to MyEtherWallet normal users were not able to differentiate the phishing website from the genuine MEW website.

Right after the hack, the funds were shuffled around and divided into small amounts according to the data provided by Etherscan.

How did it happen?

To understand how it happened first we need to understand how DNS works. DNS or Domain Name Servers essentially converts the user friendly website URL that user enters into the web browser and resolves it into the IP address for the appropriate web server. As explained on howstuffworksthe user does not have to keep a database of IP addresses. Instead, the request to visit a website from the user’s computer reaches the configured DNS servers, which then converts the URL and maps it to respective IP addresses.

Hackers using DNS spoofing and exploit vulnerabilities in domain name system to redirect the internet traffic from legitimate servers to the ones that impersonate the genuine ones. So, all the requests from the users to access MEW will necessarily be transferred to their own servers and will help hackers steal their private keys.

Ironically, there was nothing that MEW & team could have done in this case as they had little control over the situation. The problem was then resolved by the companies that provide DNS services to the MEW.

How can I avoid being Phished?

Hackers are very manipulative and will go any distance to hack a website. DNS spoofing is a very basic yet powerful and hence devastating attack. Fortunately, one does not have to learn codes or download additional softwares to keep them safe from DNS or Phishing attacks. Just being resilient and little aware will do. Please keep the following points in mind when using MEW:

Please check if there is a green bar SSL certificate like below that says "MyEtherWallet Inc." before accessing your MEW wallet.

Always check if there is an HTTPS:// before the URL:

Bookmark https://www.myetherwallet.com/ - again do checks mentioned in steps 1 and 2 before accessing the website.

You can run a local copy of MEW to be extremely sure and safe. Please scan the offline computer using antivirus and make sure that it does not have any malwares and Trojans before you run local copy MEW. Here is an excellent article MEW GitHub on how to do it.

The widely growing market of Cryptocurrency brings growing security concerns as well. With hackers getting more active and involved in Crypto world the security of user’s valuable information remains largely in their own hands.

Please hit like and forward if you found the article good, so that more people know about this.

My Steemit: https://steemit.com/@altcocollector