MyEtherWallet Hacked

[maeusi]

Thank you for the replies.

Ethereum seems to be plagued by ponzi schemes, ripoffs, hacks, phishing, etc. Anything I do with ETH will be very low-cost, no more than small fractions of 1 ETH.

I really, truly do not think I clicked a phishing URL. I have been in the practice of typing in URL's directly, and more recently, doing cut and paste. I do the right-click for cut and paste, and make sure that the URL is correct when the site it joined. I am going through my links and making

Yes, Slack is a joke, in my opinion. Absolutely riddled with scams. Plus, the fact that they openly display their scam URL's, in bold type, no less, is quite interesting. If I had clicked on one of those, my sanity needs to be checked.

The positives to take away are that: 1.) I will avoid ETH as much as possible. And, 2.) I will do a hardware wallet for cold storage of any crypto.

And, I still think that using a Private Key for log in is strange, at the very least. I would still say it is dangerous.

Many pishing sites, especially myetherwallet are built up on spelling mistakes (f.e. missing letters). Saw one, that I need to read three times, before I recognized the mistake.

[1714819403]

1714819403

[1714819403]

1714819403

[1714819403]

1714819403

[1714819403]

1714819403

[spngebob]

Is MyEtherWallet that vulnerable to hacking?

No, but there are lots of phishing sites and you probably clicked on one of them.
Or you got keyloger which steal your private keys.
Other explanation can be - someone typed random private key and succeed to enter your wallet - but this is too long shot and not to mention almost impossible.

[millerfilm]

I am using MyEtherWallet for some time now and I believe that for normal uses and purposes they are practically completely safe. To the best of my knowledge all the cases of missing funds from MEW wallets has been due to user error. I know it sounds harsh but I consider all successful phishing attacks as user errors.

That being said next time I check my wallet I will probably find it empty :=)

Few tips which cannot hurt:
1. Private keys are private. Don't share them ever!!!
2. Use at least 2 wallets. One for access to airdrops and day trading and the other as cold storage.
3. Please don't use PC with cracked versions of windows or other software for wallet creation. Use some well known and tested linux distribution or original clean installation of windows.

Harsh is fine. But, as I have said many times, using your Private Key for login is dangerous. Private Keys should be locked away. It's like having root access floating around.

There should be a fully user-controllable way to access MEW. Username/password and Google Authenticator is what almost everyone else uses.

The Ethereum platform has lost my business for good. If they want to promote MEW as the way to use ETH, they need to provide users with the same level of controlled access that other online wallets do.

[millerfilm]

Sorry for your loss, one of my friend also got his 30k $ stolen. There is a warning on mew website, should it be about it ? Because I've been hearing a lot about this lately.

Thank you for your comment.

I am using the EtherAddressLookup Google Extension. But, you have to be careful with that.

1.) It doesn't track everything, including URL's that are clearly fraudulent. I purposefully tried a phishing URL and, when it wasn't recognized as fraudulent, submitted it to their reporting.

2.) It doesn't always recognize an URL as scam/phishing/etc. the first time. You NEED to reload the site you clicked/keyed in to make sure that you get a good reading on it.

Regardless, the tools that MEW suggest are only one step in preventing problems.

I would suggest doing what I do: save the URL for the site you are wanting to access, like https://www.myetherwallet.com with your Username/Password. So, when you want to access it, it reminds you to cut and paste the URL into a New Tab in your browser. Once you load the page, make sure the address is correct. And, make sure it is secured. Fraudulent sites will have the wrong URL and are often not secured.

[leea-1334]

Even though I am not a fan of Ethereum at all, we should not avoid ETH just because a lot of scams happen on it. That is like avoiding Bitcoin or fiat because drug dealers and child pornography use them as payment. The reason so many scams happen on ETH is just that it is so easy to create an ERC20 token. You have people now just selling services, to create a token, whitepaper, logo, signatures and all that in a week.

[millerfilm]

Sorry for your loss dude. Shitty things always happen anytime. Next time, avoid to using private key to login if not very urgent. Just check it you balance using another web explorer like https://ethplorer.io/ or etherscan.

That is a good tip. I have learned to use those. But, transactions will still need access. I use Keystore/Password to access now. But, I am guessing a fraudulent site could get those from you and access your wallet just as easily.

Isn't the point of Google Authenticator that you have a unique code access for your account? And, the numeric code generated is also unique. So, if MEW offered Google Authenticator for access, even if a scammer had your keys, etc., it wouldn't matter, because they couldn't get past the authenticator. Is that correct?

Thank you for your advice!

[millerfilm]

Even though I am not a fan of Ethereum at all, we should not avoid ETH just because a lot of scams happen on it. That is like avoiding Bitcoin or fiat because drug dealers and child pornography use them as payment. The reason so many scams happen on ETH is just that it is so easy to create an ERC20 token. You have people now just selling services, to create a token, whitepaper, logo, signatures and all that in a week.

Well, if I make double the BTC equivalent in ETH from Bitcoin mining, I might consider ETH services again. But, I will always remember getting taken on the ETH platform. Many others certainly have been left with that feeling too.

It would be best for those who founded ETH to spend some of what they've made on coming up with a recognized coalition of technical and financial advisors who could review ICO's and certify the ones they find to be reliable on their whitepapers and claims. That would certainly help in giving more credence to ICO's.

[spngebob]

Even though I am not a fan of Ethereum at all, we should not avoid ETH just because a lot of scams happen on it. That is like avoiding Bitcoin or fiat because drug dealers and child pornography use them as payment. The reason so many scams happen on ETH is just that it is so easy to create an ERC20 token. You have people now just selling services, to create a token, whitepaper, logo, signatures and all that in a week.

What drug dealers and child pornography has to do with this topic?

OP said his wallet was hacked and it has nothing to do with erc20 tokens or scams.

[vlast01]

I have very serious concerns with the security, or the lack of security, of MyEtherWallet.

The only wallet I know of that will transact in ICO Tokens is MyEtherWallet. Every ICO I have ever come across says to use MyEtherWallet.

I have had problems using MyEtherWallet. I will access it with the information that only I have access to. There are times that my balance will not show. I have to come back later to access the wallet so I can see my balance.

Now, the 1.5 ETH and 3000 KICK Tokens I had in there look like they are gone. I have accessed Etherscan and both my ETH and my Tokens were withdrawn to this address: 0xF7860ea76a36Ee83abB7F88d3C773f0440e178be

Etherscan: https://etherscan.io/address/0x88404e743442886f04443c2624917df46d2deef5

Ethplorer: https://ethplorer.io/address/0x88404e743442886f04443c2624917df46d2deef5

You can see that whoever this person is, they have grabbed many KICK tokens from many addresses: https://etherscan.io/address/0xf7860ea76a36ee83abb7f88d3c773f0440e178be#tokentxns

Also, you can see that the address the KICK tokens were withdrawn to has taken in tons of other kinds of tokens:
https://etherscan.io/address/0xdee0cc222c5219ea79ca263beabdec5f9fc13dbc#tokentxns

And, yes, I don't know if I should be posting this transactional information on here, but what does it matter? Everything has been taken out of my wallet.

Questions:

Is MyEtherWallet that vulnerable to hacking?

I carefully safeguard my access information to MyEtherWallet. No one else has access to it. I only log on directly to http://www.myetherwallet.com. I subscribe to MalwareBytes, which is easily the most robust protection I have ever used. I do not click on third-party links or email links for financial sites.

But, still, my ETH and Tokens are gone to that address: 0xF7860ea76a36Ee83abB7F88d3C773f0440e178be And, I am guessing I have zero recourse. Is that correct? Can anybody just hack into something like MyEtherWallet and take your coin and tokens?

Thank you for your time and assistance with this. I appreciate it!

Youve lost your coins without knowing why, youve definitely scammed. Maybe you log in your pivate key into pishers site this phishers site are good in minicing and confussing users. Or if thats not the case then someone knows your private key.

[PANK21]

If your etherwallet is hacked , well you must create a new wallet and send all your remaining tokens in your new wallet as soon as possible because if you dont the hacker will definite drain all your tokens and all your effort will be wasted. You must very aware of phising site because that is one of the things why our etherwallet is hacked.

[millerfilm]

Many pishing sites, especially myetherwallet are built up on spelling mistakes (f.e. missing letters). Saw one, that I need to read three times, before I recognized the mistake.

The ACTUAL http://www.myetherwallet.com has its specific security tag in the address bar. Here, in the United States, it is: MYETHERWALLET LLC [US].

Make sure you have a secured website, and make sure that the security tag is correct before proceeding. This follows for any site where you are going to enter important information.

[millerfilm]

If your etherwallet is hacked , well you must create a new wallet and send all your remaining tokens in your new wallet as soon as possible because if you dont the hacker will definite drain all your tokens and all your effort will be wasted. You must very aware of phising site because that is one of the things why our etherwallet is hacked.

Well, they took everything except 1.6-something BRAT tokens. Once they have hacked it, you either aren't going to know it before it's too late, or it's simply going to be too late.

Putting your coins and tokens in a Hardware Wallet is the best way to go. Especially when it's MyEtherWallet and they don't want to use a reliable security device like Google Authenticator.

[boranes]

If your etherwallet is hacked , well you must create a new wallet and send all your remaining tokens in your new wallet as soon as possible because if you dont the hacker will definite drain all your tokens and all your effort will be wasted. You must very aware of phising site because that is one of the things why our etherwallet is hacked.

This is nice example of what I call a shitpost.
Not only it doesn't make sense, if his wallet has been hacked and all funds drained obviously he can't send any remaining tokens because there are no tokens left to send 

[Dasvino]

I think you don't login in any website ico that ask your private,I strongly believe that is phising and scam

[The_Dark_Knight]

I am using MyEtherWallet for some time now and I believe that for normal uses and purposes they are practically completely safe. To the best of my knowledge all the cases of missing funds from MEW wallets has been due to user error. I know it sounds harsh but I consider all successful phishing attacks as user errors.

That being said next time I check my wallet I will probably find it empty :=)

Few tips which cannot hurt:
1. Private keys are private. Don't share them ever!!!
2. Use at least 2 wallets. One for access to airdrops and day trading and the other as cold storage.
3. Please don't use PC with cracked versions of windows or other software for wallet creation. Use some well known and tested linux distribution or original clean installation of windows.

All of those are good points but in my opinion the third point is the one I cannot understand, why people keep using windows to store their bitcoin? Even if you had a legitimate copy of windows you are going to get hacked eventually especially if you have a good number of coins, install Linux and install a wallet there, you do not have to use it as your main OS, just store and access your tokens from there and you are going to be a lot more protected than any windows user could ever hope to be.

[KluFf]

No. Don't blame MyEtherWallet.
because MyEtherWallet always Warns you about to check the Spelling of the Website/Link/address
before inputing your private keys.
maybe you just accessed your private keys on a phishing Mew site.
it will really hack you..
always bookmark MyEtherWallet because you cannot Trust Google search Engine.
sometimes they give wrong Spelling MEW site..

[RedX]

No. Don't blame MyEtherWallet.
because MyEtherWallet always Warns you about to check the Spelling of the Website/Link/address
before inputing your private keys.
maybe you just accessed your private keys on a phishing Mew site.
it will really hack you..
always bookmark MyEtherWallet because you cannot Trust Google search Engine.
sometimes they give wrong Spelling MEW site..

You are right pal. With the thousand users of MEW everywhere, only a few like you complaining that it's site is hacked. For me, it's security is more than enough. If you have lost your tokens, it's your fault and don't blame the site because it hasn't done anything related to hacking.

[The_Dark_Knight]

Even though I am not a fan of Ethereum at all, we should not avoid ETH just because a lot of scams happen on it. That is like avoiding Bitcoin or fiat because drug dealers and child pornography use them as payment. The reason so many scams happen on ETH is just that it is so easy to create an ERC20 token. You have people now just selling services, to create a token, whitepaper, logo, signatures and all that in a week.

I had to reread the post one time to try to get it right, do you mean that now people are selling the equivalent of fake documents so scammers can create a fake project? Because if that is the case that is very serious issue, that means that hackers can create a fake website and create all that fake information just to lure in some unsuspecting investors, the imagination of scammers never ceases to amaze me.

[millerfilm]

No. Don't blame MyEtherWallet.
because MyEtherWallet always Warns you about to check the Spelling of the Website/Link/address
before inputing your private keys.
maybe you just accessed your private keys on a phishing Mew site.
it will really hack you..
always bookmark MyEtherWallet because you cannot Trust Google search Engine.
sometimes they give wrong Spelling MEW site..

Their "warnings" are more recent, and were not in place when I got hacked.

I still believe that ever using a Private Key to log in to anything online is very dangerous, and MyEtherWallet should know this. A Private Key is just that, private.

I continue to avoid Ether and ICO's. I believe everyone else should too.

[null-zero-sum]

Sounds like maybe a malicious link might has been spread to kick users?