April 24 MyEtherWallet, one of the most popular online purses of the Etherium, was attacked. Hacked DNS servers redirected users to a phishing site. At the time of this writing (21-30 Moscow time), one case is known of theft: 215 ETH (about $ 150,000) have been stolen. Users who visited myetherwallet.com via Google DNS (8.8.8.8./8.8.4.4) were redirected to an intruder server with an invalid certificate that could steal their private keys.
Apparently, Google resolved the problem at 20-30 MSK: the SSL connection indicator on the site shows that everything is in order (the name of the company is green and the lock symbol in the upper left corner of the address bar of the browser). However, there has been no official statement so far, so it can not be said with complete certainty that the problem has been eliminated.
A former employee of MyEtherWallet, and now a developer of the competing project MyCrypto in a post on Reddit gives users the following tips:
What to do in a similar situation
If you visited MEW within the last four hours, entered a private key or opened an account using a key file, or a sit-phrase - check the balance on etherscan.io to make sure that you did not become a victim.
Transfer funds to a new wallet, even if nothing has happened yet, but without going to the site. Create a MEW transaction offline, according to the instructions.
If you visited MEW within the last four hours via Metamask, Ledger Nano S or Trezor, your money is safe, because keys, key files and passwords were not sent to the network even when sending the transaction.
In any case, do not go to the MEW website until there is confirmation that the problem has been resolved.
As a result of the February conflict between the co-founders of MyEtherWallet, most of the team (according to some sources, 19 out of 20 people) moved to the MyCrypto project. It is possible that the hacking was a consequence of the fact that MEW has almost no developers left, although nothing can be said so far. So far only the unknown intruder can say what really happened.
Attacking DNS is not a new phenomenon. In the same way, the decentralized Exchange EtherDelta was hacked in December. It is interesting that even then, a DNS hacking with redirecting to a phishing site occurred against the background of a dark and still incomprehensible story with the sale of EtherDelta to unknown persons.
Apparently, Google resolved the problem at 20-30 MSK: the SSL connection indicator on the site shows that everything is in order (the name of the company is green and the lock symbol in the upper left corner of the address bar of the browser). However, there has been no official statement so far, so it can not be said with complete certainty that the problem has been eliminated.
A former employee of MyEtherWallet, and now a developer of the competing project MyCrypto in a post on Reddit gives users the following tips:
What to do in a similar situation
If you visited MEW within the last four hours, entered a private key or opened an account using a key file, or a sit-phrase - check the balance on etherscan.io to make sure that you did not become a victim.
Transfer funds to a new wallet, even if nothing has happened yet, but without going to the site. Create a MEW transaction offline, according to the instructions.
If you visited MEW within the last four hours via Metamask, Ledger Nano S or Trezor, your money is safe, because keys, key files and passwords were not sent to the network even when sending the transaction.
In any case, do not go to the MEW website until there is confirmation that the problem has been resolved.
As a result of the February conflict between the co-founders of MyEtherWallet, most of the team (according to some sources, 19 out of 20 people) moved to the MyCrypto project. It is possible that the hacking was a consequence of the fact that MEW has almost no developers left, although nothing can be said so far. So far only the unknown intruder can say what really happened.
Attacking DNS is not a new phenomenon. In the same way, the decentralized Exchange EtherDelta was hacked in December. It is interesting that even then, a DNS hacking with redirecting to a phishing site occurred against the background of a dark and still incomprehensible story with the sale of EtherDelta to unknown persons.
No comments:
Post a Comment