MyEtherWallet was hacked. Users lost about $ 152,000 worth of Ethereum, according to an official announcement.
Tuesday, a cybercriminal attack occurred on the MyEtherWallet web application dedicated to Ethereum’s storage and trading. Just 15 minutes after the attack was launched, the app team wanted to notify the users through a post on Twitter.
Irrespective of the Twitter notification, users were dissatisfied with the incident that happened, sharing their disappointments on social media.
“Went on to myetherwallet and saw that myetherwallet had [an] invalid connection certificate in the corner,” a victim posted on Reddit.
“As soon as I logged in, there was a countdown for about 10 seconds and A tx was made sending the available money I had on the wallet to another wallet ‘0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29.’ I have no idea what happened.”
The Lead Developer at BlockBits.io, Micky Socaci, wanted to explain the incident: “Do not use myetherwallet.com if you’re using Google Public DNS (126.96.36.199 / 188.8.131.52) at this moment,” Socaci wrote, adding: “It seems these DNS servers are resolving the domain to a bad server that CAN steal your keys!”
The funds were divided into smaller amounts
According to “blockchain information provider” Etherscan, the collected funds were divided into smaller amounts. It’s known that the following address: 0x1d50588C0aa11959A5c28831ce3DC5F1D3120d29 managed to collect funds from 179 accounts starting from 7:17 AM, earning an amount of 216.06 Ethereum.
After 3 hours, the hacker moved 215 Ethereum to the following address: 0x68ca85dbf8eba69fb70ecdb78e0895f7cd94da83. In the following moments, the funds went through the same splitting operations in smaller amounts, sending to several wallet addresses.
“All the DNS servers are resolving back to correct addresses … But I want to wait another [hour] or so,” stated the CEO of MyEtherWallet, Kosala Hemachandra.
Hemachandra supposes that the cybercriminals were “large enough to do a DNS poisoning attack on Google public DNS servers, which made it cache a malicious IP address for myetherwallet.com.” According to his reports, Google has fixed the problem “in a very short time”.
Asked by CoinDesk, Hemachandra said that “It is really unfortunate, we live in a world where even the most secured websites are prone to this kind of attacks. I am sad about this and I hope MEW team will be able to educate users and convince them [to] use hardware wallets and local versions of MEW.”
In comparison with the web app, Google’s response didn’t appear immediately.