On Tuesday, April 24, dozens of users wallet Myetherwallet (MEW) began report suspicious activity. MEW is the most popular web wallet from the client for conducting transactions in ETH or ERC20-tokens. The platform does not hold the funds of users, but, like all sites, there is a risk of hacking of DNS servers and obtain the data of those who work with the service. Shortly after the rumors began to spread on the network, MEW published a tweet in which he admitted the existence of problems:
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet.com (@myetherwallet) April 24, 2018
Multiple DNS servers was intercepted for perenapravlenie users http://myetherwallet.com a phishing site. It is not on the side @myetherwallet, we zanimaetsya test servers to solve the problem as soon as possible.
Later, representatives of the MEW announced in a series of tweets that the DNS servers were intercepted method known for ten years. According to them, it can happen to any organization and was not due to the lack of security on the platform, MEW, and due to the fact that hackers have found vulnerabilities in DNS servers with open access, and the platform itself does not store any personal user data, including keys.
MEW users are advised to run a local (offline) copy of the MEW platform, the use of hardware wallets to store cryptocurrency, and also to ignore any tweets and posts in which MEW reimburse the air.
MEW representatives argue that the safety of the users for them has always been a top priority. On the other hand, according to Maximus, an independent security researcher and author of the blog securityz.net that breaking is not surprising, because MEW didn’t react to reported vulnerabilities. In his Telegram channel he claims to have sent the developers the details of the XSS vulnerability on MEW, but 4 months no one has fixed the bug. The vulnerability was fixed only when he found a similar problem on Mycrypto pointed out in the report that MEW is also vulnerable.
The first reports that with MEW is something wrong, appeared on Reddit, where a user created a thread called “I Think I was the victim of a fraud/phishing/hacking”. He saw the following notice when you visit the site:
In the thread he wrote:
Although every cell in my brain told me not to log in, I still did it. After login it took about 10 seconds, and are all available in my wallet funds were sent to another wallet.
The address to which was sent the funds, now showing on Etherscan with a warning about his possible participation in same MEW. Wallet 215 is withdrawn ETH. It is reported that a phishing site that directs people to the MEW, serving provider from Russia.