< All articles

$150K Stolen In MyEtherWallet DNS Server Hijack

By Niels
Published over 2 years ago

On tuesday april 24th, MyEtherWallet, an online ethereum exchange, experienced a DNS Server Hijack that made the users of the platform lose around $152,000 worth of ether.


MyEtherWaller was quick to alert users to the danger on twitter, tweeting a warning at 7:29 a.m. EDT, within 15 minutes of when the hack began. But users were quick the report that they were losing funds.


As of the time of the publication of this article, the affected funds are being shuffled around and broken into smaller increments, according to data from blockchain information provider Etherscan.


Initially, the Etherscan block explorer showed 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29 as having received 179 inbound transactions starting from 7:17 a.m. and totaling 216.06 ether, or nearly $152,000 at the time of writing.


The attacker sent 215 ether to another address, 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83, at 10:15 a.m. Since then, the funds have been split further, with increments being divided between multiple wallet addresses.


According to MyEtherWallet CEO Kosala Hemachandra, "all the DNS servers are resolving back to correct addresses."


"But I want to wait another [hour] or so," he added during a conversation on Skype.


Hemachandra said that the hackers were apparently "large enough to do a DNS poisoning attack on Google public DNS servers, which made it cache a malicious IP address for myetherwallet.com." Google fixed the issue "in a very short time," he went on to say.


"It is really unfortunate, we live in a world where even the most secured websites are prone to this kind of attacks," Hemachandra told CoinDesk. "I am sad about this and I hope MEW team will be able to educate users and convince them [to] use hardware wallets and local versions of MEW."


Google's press office did not immediately respond to a request for comment.


Source: https://www.coindesk.com/150k-stolen-myetherwallet-users-dns-server-hijacking/