[CAUTION] MyEtherWallet(MEW) hijacked (April 24, 2018)

[cryptosec.info]

Update: looks like the hacker stole 216 Ether in total.
Here's a screenshot link as newbies cant post images   : https://i.imgur.com/7fueK5v.png


Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!

Invalid certificate: https://imgur.com/a/bh6p4DQ

Code:

root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42

;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62

root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42

;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62

Always make sure your connection is secure "green" in your browser!

LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29

Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.

Again, please make sure the SSL Connection is always green when you interact with any website.


Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/

[rodney0404]

Thanks for the warning man, I'll inform my friends about this and please spreed this news to your friends ASAP.

[makishart]

Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!

Invalid certificate: https://imgur.com/a/bh6p4DQ

Code:

root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42

;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62

root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42

;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62

Always make sure your connection is secure "green" in your browser!

LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29

Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.

Again, please make sure the SSL Connection is always green when you interact with any website.


Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/

There is an update in the MEW twitter regarding this problem and the team was working on it. It will be resolved asap. But i just found another thread that has been discussing this problem. It may better for you to read carefully before try to make a double post like this, but i appreciate this kind of awareness. 

[ll63248555]

Damn hackers! Why don't they use their technology to do something useful to others? Why should we steal the fruits of others' hard work? Disgusting behavior!

[chocopapaya]

Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!

Invalid certificate: https://imgur.com/a/bh6p4DQ

Code:

root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42

;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62

root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42

;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62

Always make sure your connection is secure "green" in your browser!

LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29

Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.

Again, please make sure the SSL Connection is always green when you interact with any website.


Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/

I wish I had a merit to give you cause yes, this is crazy important.

Some solutions right now.

#1) Just DON'T log in to myetherwallet at all for the time being.

#2) Make sure you are at the correct site with the correct certificate and ssl connection

#3) Get a Trezor or Ledger and start using them to access mew

By now, everyone should know just how vulnerable web based wallets are.  It isn't really mew's fault, mew is just an interface to interact with the ethereum network.  On top of that, there are SO MANY warnings and advice on how to use mew safely yet so many people disregard them.

If you are serious about crypto, then you should ONLY be using paper wallets or hardware wallets.
If you actively trade, I would leave only the bare minimum required to trade on exchanges.
Everything else just store it away.
Would you leave your hardearned cash just laying around for anyone to pick up?
Why would you do the same with crypto?

[cryptosec.info]

There is an update in the MEW twitter regarding this problem and the team was working on it. It will be resolved asap. But i just found another thread that has been discussing this problem. It may better for you to read carefully before try to make a double post like this, but i appreciate this kind of awareness. 

Hey. I understand what you're saying. The reason I just posted this immediately because I didn't want to risk wasting a few more minutes in finding a similar post, as you may know, this is really really important and a 5 minute difference could potentially prevent a single(or multiple) investor for being screwed.

[HardFireMiner]

This kind of events put us in very defensive positions. If you can't even use safely myetherwallet, then you know there is a problem.

I wonder why this never happened with blockchain.info, as many say this is a common problem?

[trk]

Thanks for the warning
Look at that! In just few hours, the hacker already cashed out 215 ether!
And after reading the comments in the etherscan, it looks like he changes his address.
Stay safe buddy, use a hardware wallet!

[crampus]

Please explain what this phrase means, thanks "...correct certificate and ssl connection".
And if through the explorer you will be viewing your deposit, then it's not scary?

[Wipro]

Do not use myetherwallet.com if you're using Google Public DNS (8.8.8.8 / 8.8.4.4) at this moment, it seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!

Invalid certificate: https://imgur.com/a/bh6p4DQ

Code:

root@tali:/home/micky# dig @8.8.8.8 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.8.8 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44817 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9641 IN A 46.161.42.42

;; Query time: 7 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Apr 24 15:48:51 EEST 2018 ;; MSG SIZE rcvd: 62

root@tali:/home/micky# dig @8.8.4.4 myetherwallet.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> @8.8.4.4 myetherwallet.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36179 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;myetherwallet.com. IN A

;; ANSWER SECTION: myetherwallet.com. 9902 IN A 46.161.42.42

;; Query time: 33 msec ;; SERVER: 8.8.4.4#53(8.8.4.4) ;; WHEN: Tue Apr 24 15:50:27 EEST 2018 ;; MSG SIZE rcvd: 62

Always make sure your connection is secure "green" in your browser!

LE: Anyone that got their keys into this has had their funds transferred to http://etherscan.io/address/0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29

Edit2: Google Public DNS is now resolving the correct ips. Keep in mind the ttl of the old records was some 9000 seconds, we can expect some ISP's to cache that for their clients.

Again, please make sure the SSL Connection is always green when you interact with any website.


Source: https://www.reddit.com/r/ethereum/comments/8ek86t/warning_myetherwalletcom_highjacked_on_google/

This is not first time happening mate. People are really worry about losing the fund on using online wallet even they have the private key control with them. I advice you to bookmark the website URL correct.
You will get the tokens access still if you going to wallet with the perfect URL without any VPN plugs mate.
If you use tor browser you will get this issue. Hope your would get issue.

[Alexishugh7]

Wow...thanks for the heads up.
Triple checking the url can never be overemphasized when logging in to MEW.
Seems these  hackers wont be stopping their criminal acts anytime soon.
Triple check everything before inputting your private keys. Be safe out there

[IgorShumilo]

I really hope that the strong programmers are currently working on the creation of a safe cold wallet to store tokens on the blockchain of the Eth. This is a very necessary thing and I'm waiting for it. People tell me, maybe now there is such a purse?

[Pasnik]

This is really alarming mew were hijacked so all users must be aware of this bad news. There are really scammers that we should be very cautious on the website that we are using. Thank's for this information so I'll always be updated if this problem were resolved immediately.

[cryptosec.info]

This is not first time happening mate. People are really worry about losing the fund on using online wallet even they have the private key control with them. I advice you to bookmark the website URL correct.
You will get the tokens access still if you going to wallet with the perfect URL without any VPN plugs mate.
If you use tor browser you will get this issue. Hope your would get issue.

Please read the actual post. MyEtherWallet got hijacked on a DNS level, meaning that even though you're using the correct URL(https://myetherwallet.com) you could still get hacked.

[anjohyx]

Thank for let us know, we really need to careful and check everything before login to myetherwallet, my last login time is 11 hour ago, thank for God I don't have login in last hour, if not all my funds already transfer out to hackers wallet

[nrvkush]

If hacking really was, it would have a negative impact on the entire crypto market. To myetherwallet always had a high level of confidence. I don't even know what a wallet is for you to use...

[Flamebellow]

Terrible news . I have heard that some guy lose 85 eth from his wallet ... Damn , what a pain I think I was lucky , that I didn't login my wallets today , but I think I'l gonna buy some ledger to keep my funds in secure place , because mew have been compromised so many times that I can't trust it anymore .

[batang_bitcoin]

MyEtherWallet.com has been reportedly hacked – 215 Ethereum [ETH] phished in less than 3 hours
Don't login to your MEW accounts yet, wait until the dust settles and everything has been fixed.

Terrible news . I have heard that some guy lose 85 eth from his wallet

Totally terrible and whomever who's this guy that lost 85 ETH it's never safe to put that sums of holding to a web wallet. This is why getting your own hardware wallets is always the best storage.

[ilnick]

Just checked now, the link is true, green status, the certificate is valid. Perhaps this is danger for some countries.
If I use an extension like Metamask or loaded site MEW on my hard drive, is this safe in this case?

[makishart]

There is an update in the MEW twitter regarding this problem and the team was working on it. It will be resolved asap. But i just found another thread that has been discussing this problem. It may better for you to read carefully before try to make a double post like this, but i appreciate this kind of awareness.  

Hey. I understand what you're saying. The reason I just posted this immediately because I didn't want to risk wasting a few more minutes in finding a similar post, as you may know, this is really really important and a 5 minute difference could potentially prevent a single(or multiple) investor for being screwed.

Sure, I was understood about that. That's why I appreciate this thread.

Because I have known that not so many people are actively watching the latest update regarding what already happened or mainly to visit the official twitter account of myetherwallet.

Just checked now, the link is true, green status, the certificate is valid. Perhaps this is danger for some countries.
If I use an extension like Metamask or loaded site MEW on my hard drive, is this safe in this case?

Stay away at least at some moments.