$150K Stolen From MyEtherWallet Users in DNS Server Hijacking

Published on by Coindesk | Published on

Users of MyEtherWallet, a web app for storing and sending ether and ethereum-based tokens, experienced an attack Tuesday that saw users of the service lose around $152,000 worth of ether.

Couple of DNS servers were hijacked to resolve https://t.

Co/xwxRJ4H4i8 users to be redirected to a phishing site.

Users took to social media to report that they were losing funds.

Micky Socaci, lead developer at BlockBits.io, explained the attack in a post to the ethereum subreddit.

"Do not use myetherwallet.com if you're using Google Public DNS at this moment," he wrote, adding: "It seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!".

Domain Name System servers resolve website URLs to the appropriate IP addresses.

The attacker sent 215 ether to another address, 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83, at 10:15 a.m. Since then, the funds have been split further, with increments being divided between multiple wallet addresses.

According to MyEtherWallet CEO Kosala Hemachandra, "All the DNS servers are resolving back to correct addresses."

Hemachandra said that the hackers were apparently "Large enough to do a DNS poisoning attack on Google public DNS servers, which made it cache a malicious IP address for myetherwallet.com." Google fixed the issue "In a very short time," he went on to say.

x