Home / Tech News / Popular crypto wallet MEW hit by DNS attack that drained some users’ accounts

Popular crypto wallet MEW hit by DNS attack that drained some users’ accounts

There is concern, tears and misplaced cash on the planet of crypto as soon as once more after MyEtherWallet (MEW), one of the vital fashionable wallets on the web, was hit by a DNS hack that noticed some customers lose their cryptocurrency.

MEW said in a statement that “a couple of Domain Name System registration servers were hijacked around 12PM UTC 24 April to redirect users to a phishing site.” Not all guests to the location in the course of the hijack had been impacted, however MEW mentioned that “a majority” of those that had been had been utilizing Google’s DNS.

“We are currently in the process of verifying which servers were targeted to help resolve this issue as soon possible,” the corporate added, confirming that it has since secured its web site. The firm recommends those that had used Google DNS to modify to Cloudflare’s.

Wikipedia, country-specific versions of Microsoft, Google and PayPal and even banks have been hit by related assaults earlier than.

An incident like this doesn’t compromise the location immediately, however, within the case of MEW, it led some customers of the service to insecure web sites that aren’t MEW. From there, those that entered personal key info with out realizing they’d been phished risked having their information snagged by the attackers on the opposite aspect. With that info, the attackers might acquire entry to their account and drain its contents. (Note: it is a superb cause why individuals are suggested to by no means enter personal keys manually, and why safe {hardware} is very advisable.)

It’s laborious to quantify the affect of an assault like this as a result of MEW is such a well-used and trusted service, whereas MEW mentioned it’s nonetheless gathering info on precisely what occurred.

Coindesk reports that $150,000, or 216 Ether, was taken, however the determine is probably going increased. One fraud tracker recognized two wallets (here and here) used within the assault, and so they result in what appears like a holding pockets (here) that collected over 520 Ether at this time. That can be round $365,000 at at this time’s value of $700 per ETH.

The precise quantity taken might be increased nonetheless. The holding pockets results in a larger wallet which has a stability of over $17 million in Ether and a relentless stream of incoming transactions. That’s to not say that $17 million was stolen — that isn’t possible — however the attackers might be utilizing different wallets which haven’t but been tracked however ultimately result in this bigger one.

Beyond utilizing {hardware} like Trezor or Ledger, crypto pockets customers — nicely, web customers usually — ought to verify that the SSL of an internet site (proven to the left of the area identify within the browser bar) is safe when they’re coping with personal info.

That’s the message that MEW gave to its neighborhood.

“Users, PLEASE ENSURE there’s a inexperienced bar SSL certificates that claims “MyEtherWallet Inc” earlier than making any transactions. We advise customers to run a neighborhood (offline) copy of the MEW (MyEtherPockets). We urge customers to make use of {hardware} wallets to retailer their cryptocurrencies,” it mentioned in a Reddit assertion.

Those on the lookout for an alternative choice to MEW might flip to MyCrypto, which was started in February by a former MEW co-founder and offers a similar service. Neither website holds customers’ crypto or info, as a substitute they permit the checking of accounts and allow transactions to be despatched to the blockchain, after which they’re ferried on to the meant recipient.

Disclosure: The creator owns a small quantity of cryptocurrency. Enough to achieve an understanding, not sufficient to vary a life.

Source link

About Tech News Club

Leave a Reply

Your email address will not be published. Required fields are marked *