ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Thursday May 24th 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

DNS Cache Poisoning Attack Affects MyEtherWallet Servers

By

Jordan

Daniell

WriterETHNews.com

MyEtherWallet DNS Servers were briefly hijacked and made to redirect users to a phishing site in a classic poisoning attack.

Early this morning, servers providing domain name system (DNS) service to MyEtherWallet (MEW), the client-side software interface for interacting with the Ethereum blockchain, fell victim to a hack that utilized DNS cache poisoning (or spoofing) – a means of hijacking Border Gateway Protocol (BGP). 

Some users logging into MyEtherWallet during this brief timeframe earlier today – hours at most – fell prey to a phishing scam that tricked users into surrendering their wallet keys before transferring their cryptocurrency into what can only be assumed to be the hacker(s) associated digital wallet. It's being reported that the attacker made off with 215 Ether, the equivalent of $160,000 at the time of the transaction.

Founder of MyEtherWallet Kosala Hemachandra told ETHNews:

"It was a DNS poisoning attack on myeitherwallet.com. We suspect that Google DNS cached it and a lot of other DNS servers cached it as well. It wasn't on our end. Our hands were tied."

DNS spoofing is a type of IP address hijacking that has particular venom when utilized against financial services because of the exposure those platforms have to their customers' personal and corporate finances. This kind of hack is particularly dangerous because of how easily it can propagate from one server to another.

Hackers utilize attack vectors that exploit weakness in the internet's domain name system to redirect internet traffic away from legitimate servers or websites to fraudulent ones that often resemble their genuine doppelganger or mimic their functionality.

Notably – while this issue was tragic for MEW and its affected users –the company had little control over or means to prevent the situation, which was resolved by server providers not MEW.

MEW concluded its announcement to the ecosystem with a set of reminders that should be taken as paramount for users:

"PLEASE ENSURE there is a green bar SSL certificate that says "MyEtherWallet Inc" before using MEW.

We advise users to run a local (offline) copy of the MEW (MyEtherwallet). 

We urge users to use hardware wallets to store their cryptocurrencies."

Like so much of the emerging security concerns surrounding cryptocurrency, safety remains largely in user hands. Bad actors will likely continue to target human error through social engineering more often than via technical hacks. MyEtherWallet users were also the focus of an email phishing scam last October and a counterfeit of the wallet's app appeared in the Apple App store in December.

Jordan Daniell

Jordan Daniell is a full-time staff writer for ETHNews with a passion for techno-social developments and cultural evolution. In his spare time, he enjoys astronomy, playing the bagpipes, and exploring southern California on foot. Jordan lives in Los Angeles and holds value in Ether.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest MyEtherWallet, MEW or other Ethereum wallets and exchanges news.