MyEtherWallet Succumbs to DNS Attack with $ 17 million stolen

[RothsCoin]

Popular Ethereum wallet interface MyEtherWallet has succumbed to a DNS hijacking attack that allowed a hacker to redirect users to a malicious version of the website.

The MEW confirmed that this was not their fault and was trying their best to identify the attacked server to fix things as soon as possible.
This topic is rapidly spreading on the Reddit forum. The attacking IP address seems to come from Russia. At the time of writing, 25,000 ETH ($ 17 million) has been stolen.

It is highly recommend that everyone be careful when using the MEW wallet and follow the security instructions by MEW wallet. In other words, you are advised to integrate Metamask into login and make direct transactions via Metamask. If you want to check your balance, visit https://etherscan.io/, which means you do not have to log into MyEtherwallet.com anymore, so you will avoid the hidden potential risk here.

Rothscoin team.

[Herbert2020]

this is always going to be the problem with web wallets which is why they are always considered the least secure of all types of wallets. but unfortunately for ethereum there aren't any good options like there are for bitcoin. for instance we have Electrum for bitcoin which is a light wallet which is fast, secure and easy to use. but for ethereum there aren't any easy to use wallets that are fast and secure and don't take up all your hard disk space and bandwidth.

[jinxcreedy]

When I saw we this I felt bad for the victims. Many will blame MEW for security issue but they fail to realize that security of a software can only stand strong when the user employ good internet surfing habits.

Quite unfortunate though.

I have been a target of a cyber attack some years ago. Within 5 hours I got h it t over 23 times. But I didn't fall because I employ good surfing habits /ethics

[yomarve]

17Million dollars?  How could people have fallen for this?  When my devices are connected to my financial dealings I can access any site with them but the one i use for crypto or internet banking holds extra security. I don't access just any site.

I feel sorry for those victims.

[qiwoman2]

The problem is if people rush a lot, like we did a few days ago, it is very easy to lose a ton. Many people were redirected to a phishing site so that is the way they lost money and access to their tokens and ETH. Always you need to check that there is a green bar at the top, never ever put in your private keys without seeing the proper URL. We need to slow down and be very careful because in this Industry there are so many thieves waiting for us to make just one mistake and we lose everything. We all need to take cyber security in general more seriously, especially when we are dealing with money issues.

[snapee11]

I expected this problem but it seems to be very big with that $17M perhaps it happened for long a period of time before they noticed. And the people will gradually pullout their money

[jamesdean35]

this situation panicked in the world of cryptographic currency units. hackers steal tokens using advanced technology. now the thieves must stop. I'm afraid to look at your wallet as someone who uses myetherwallet.

[cilgindansci]

Such an attack made us all sad. 25,000 ETH is very serious. The required courses must be taken and the same problems shouldn't happen again.

[kecitiaoc]

Has the very unfortunate news been hacked again? I have also used it recently, hoping that there will be no loss, although I have very little money. However, this issue requires the official to strengthen security, otherwise many people are afraid to use it again.

[Bayoe_noe]

yes ,,, I also heard the news ... maybe we should be careful and also give extra security to our wallet if we use myetherwallet ...and also do not leave a lot of balance in our wallet ... so we can avoid hacker attacks...

[coinshn]

When you see the actual number like 17 million it's a wake-up call.

I had over $600 of cryptos stolen last year from a wallet. I wonder if that 17 million number only includes ETH and doesn't count the value of all tokens stolen?

[dhiraj0977]

Really scaring MEW threat. I will always now scan my balance on etherscan and ethplorer for update, try to prevent login directly in MEW wallet.

[chanc3r]

The problem is if people rush a lot, like we did a few days ago, it is very easy to lose a ton. Many people were redirected to a phishing site so that is the way they lost money and access to their tokens and ETH. Always you need to check that there is a green bar at the top, never ever put in your private keys without seeing the proper URL. We need to slow down and be very careful because in this Industry there are so many thieves waiting for us to make just one mistake and we lose everything. We all need to take cyber security in general more seriously, especially when we are dealing with money issues.

This is no only the first time the scammers are using DNS hijacking method to replace the real site with a fake one. I remember there are some icos are getting the same problem like parity. Remember this already happened with MEW for a few times. I guess use google DNS is not safe anymore and i'm not using it and nothing happen to me.

[Bttzed03]

This is really unfortunate. I believe MEW have been notified of this issue before by BLUE team way back in January. I think MEW could have prevented this if they welcomed the warning and took the necessary action.

[santouao]

Beware if the myetherwallet website is don't have https and don't use private key when accessing your myetherwallet. For now don't transact yet while ethereum developers fixing myetherwallet to prevent loosing ethereum and tokens. We can use an alternative coin for now like bitcoin, neo, and other altcoins for all of our transactions while ethereum is recovering.

[Duzenn]

That's the bad news.
Because most of the time I trust online wallets, I'm afraid to use MyEtherWallet wallet again, and I'm afraid of losing.

[h55]

Popular Ethereum wallet interface MyEtherWallet has succumbed to a DNS hijacking attack that allowed a hacker to redirect users to a malicious version of the website.

The MEW confirmed that this was not their fault and was trying their best to identify the attacked server to fix things as soon as possible.
This topic is rapidly spreading on the Reddit forum. The attacking IP address seems to come from Russia. At the time of writing, 25,000 ETH ($ 17 million) has been stolen.

It is highly recommend that everyone be careful when using the MEW wallet and follow the security instructions by MEW wallet. In other words, you are advised to integrate Metamask into login and make direct transactions via Metamask. If you want to check your balance, visit https://etherscan.io/, which means you do not have to log into MyEtherwallet.com anymore, so you will avoid the hidden potential risk here.

Rothscoin team.

yesterday DNS erorr was clear. but after 2 hours they try to fix it. Now it works fine for me. hackers tried to hack DNS from last week and i did not login to my wallet.

[Dudesss]

Yea I have noticed yesterday that the website of MEW is not accesable there was something on the page that it was being attack by some kind of crap I thought I was having problem with my Internet or Browser and now that I have read this it is clear now Thanks!

[willoweb]

Hardware wallets our salvation in such situations, well, or at least Metamask, but certainly not a private key to access the wallet through MEW.

[feny.blackpink]

Popular Ethereum wallet interface MyEtherWallet has succumbed to a DNS hijacking attack that allowed a hacker to redirect users to a malicious version of the website.

The MEW confirmed that this was not their fault and was trying their best to identify the attacked server to fix things as soon as possible.
This topic is rapidly spreading on the Reddit forum. The attacking IP address seems to come from Russia. At the time of writing, 25,000 ETH ($ 17 million) has been stolen.

It is highly recommend that everyone be careful when using the MEW wallet and follow the security instructions by MEW wallet. In other words, you are advised to integrate Metamask into login and make direct transactions via Metamask. If you want to check your balance, visit https://etherscan.io/, which means you do not have to log into MyEtherwallet.com anymore, so you will avoid the hidden potential risk here.

Rothscoin team.

Yes it is not the MEW side fault. but maybe in the future, can they have a 2fa authentication for login into MEW ?
i think it is necessary to develop some security system on the web wallet such as MEW.