Users popular Ethereum-wallet MyEtherWallet (MEW) was under attack yesterday as a result of breaking “pairs of DNS servers” was stolen, 216 esters in the amount of $152 000.
“A couple of DNS servers has been hacked to forward users myetherwallet.com a phishing site. It was not on the side @myetherwallet, we are in the process of validation of any servers involved to tackle the problem,” wrote the developers on Twitter 15 minutes after the start of the attack.
Meanwhile, many users have taken to social media to share how they lost money.
“Opened my myetherwallet and saw that myetherwallet invalid certificate, connection,” wrote a Reddit user with the nickname rotistain.
Once rotistain logged in “and a countdown of about 10 seconds” after which start sending available funds “on the purse 0x1d50588C0aa11959A5c28831ce3DC5f1d3120d29”.
Some of the users were able to quickly explain the reason is a leading developer of BlockBits.io Sossi Mickey (Micky Socaci) on the portal Reddit explained that the incident is a handiwork of hackers.
“Do not open myetherwallet.com if you use Google Public DNS (188.8.131.52 / 184.108.40.206) at the moment. It seems these DNS servers redirect the domain to the bad servers that CAN steal your keys!” — he wrote.
His explanation fits with the statement MyEtherWallet that the problem was not a vulnerability in the purse — DNS servers redirect website URL to an IP address from St. Petersburg.
According Etherscan, subsequently, the stolen funds were mixed and split into smaller parts. It was originally recorded 179 incoming transactions for address 0x1d50588C0aa11959A5c28831ce3DC5f1d3120d29 in the amount of 216,06 ethers, or about $152 000.
Then the hacker sent 215 esters to another address 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83, the funds were again divided into parts, divided among the lots of purses.
According to the CEO of MyEtherWallet Kosala Hemchandra (Kosala Hemachandra), a group of hackers, apparently, was “large enough to mount an attack targeting DNS to public DNS servers of Google, which forced them to cache the malicious IP address for myetherwallet.com”. He added that Google fix the problem quickly.
“It’s really bad, we live in a world where even the most protected websites are prone to this kind of attacks… I’m sorry that this is so, and I hope the team MEW will be able to educate users and convince them to use hardware wallets and a local version of MEW,” said Hemchandra.
It should be noted that the press service of Google has not given their comments.