- MyEtherWallet (MEW) is currently a victim of DNS hack.
- More than $150k worth of Ether has been stolen.
EtherScan report has revealed that more than $150k worth of Ether has been stolen from MyEtherWallet (MEW) in a DNS hack. Starting from 07:17 on Tuesday 24th April, 179 inbound transactions, which total 216.06 Ether were sent from MyEtherWallet (MEW) to Ether address 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29. And at 10:15, the hacker sent 215 Ether to 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83.
A MEW customer on Reddit described how he lost 0.9 Ether when their connection was intercepted as they logged in:
“Woke up today, Put my computer on, went on to myetherwallet and saw that myetherwallet had an invalid connection certificate in the corner. I thought this was odd. https://i.imgur.com/2x9d7bR.png . So I double checked the URL address, triple checked it, went on google, got the URL. Used EAL to confirm it wasn’t a phishing site. And even though every part of my body told me not to try and log in, I did. As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet, “0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29.”
MyEtherWallet (MEW) crypto wallet sends a warning in a tweet that a “couple” of its DNS servers have been hacked and customers are at risk of being redirected to a phishing site today 24th April. MEW is now making verification as to which of its servers was targeted and MEW is making moves to resolve the hack “asap.”
Anxious MEW customers have been very active on Reddit as well as on other platforms all day as they wait for more details from the MyEtherWallet team, with many of the customers deciding not to log in to MyEtherWallet site at all to avoid security risks. Other customers have begun advising each other to run MEW offline, or at the very least to double check that the SSL connection is always green when interacting with a site.
The hack, which has been confirmed by MyEtherWallet itself, recalls the allegations of a DNS hack aimed at MEW in Jan. by the developers of BLUE – Altcoin Ethereum Blue, which was categorically dismissed at that time by MEW as “a stupid lie.”
An angry customer, raising the threat of Jan., quipped:
Took you long enough. Remember when @Blue_Protocol said this happened a few months ago but you called them liars to save your reputation? That was pretty lame. Now people losing lots of their wealth all because of your greed. Congrats pic.twitter.com/h85jsKyXxy
— Love (@hannahmontaanaa) April 24, 2018
A recent update on Reddit revealed that Google’s Public DNS has appeared to be resolved now to the correct ISP, however, MyEtherWallet developers have not yet officially given a green light that the DNS attack has been resolved.