MyEtherWallet (MEW) has reportedly been the victim of a DNS hack on a day when Google appears to be having some issues. Social media and online crypto forums are awash with reports that reveal funds have been stolen from the wallet of some users. Other users who might have logged into the service during the period of the hack may have also been compromised.
Users Report Stolen Funds
A MEW user broke the news on Reddit saying that 0.09 ETH (about $65) had been stolen from his/her account. The user had apparently fallen victim to a phishing scam based on a DNS exploit. The affected user also reported that upon visiting the site, the notification appeared that the connected was not secured. This is an anomaly for a service like MEW and an indication that all was not well. The user ignored the warning, entered his/her details and in 10 seconds, the coins were stolen.
Image showing warning message ignored by MEW user
MEW isn’t the only Ethereum-based service to have been hacked via a DNS exploit. Etherdelta was also hacked in December 2017. Many experts believe this phenomenon is due to the vulnerability created by the presence of a single point of failure in such services.
MEW and MyCrypto Confirm the Hack
MEW has since confirmed the hack via Twitter. An Ethereum address possibly linked to the hack has been identified. The address has already been tagged on Etherscan under suspicions of being involved in the hack. According to Etherscan, the tagged address conducted 180 transactions during the hack, stealing 215 ETH ($150,000) in the process. Comments on another Reddit post claim that MEW has traced the hack to a Russian IP address.
Couple of DNS servers were hijacked to resolve https://t.co/xwxRJ4H4i8 users to be redirected to a phishing site. This is not on @myetherwallet side, we are in the process of verifying which servers to get it resolved asap.
— MyEtherWallet.com (@myetherwallet) April 24, 2018
MyCrypto, a MEW rival service has also confirmed the DNS hack. The platform posted a tweet announcing that MEW user accounts have been compromised. In what seems can be seen less than subtle schadenfreude, the MyCrypto team is giving out all the details of the problem. It will be recalled that a bitter feud between MEW founders is what led to the breakaway of MyCrypto from MEW.
To be clear, if you've used @myetherwallet and entered your private key (or your json + password) past the time the site was compromised, you have been compromised.
Likely the most risk was within the last 3 hours. If you used it before then, you're probably fine.
— MyCrypto.com (@MyCrypto) April 24, 2018
Google DNS Issues
There have been reports of problems with the Google DNS service today, April 24. Binance posted a tweet in the early hours of the day, telling users that Google DNS was experiencing problems. Apparently, users of the platform had been affected by service disruptions. There is no indication of a connection between the Google DNS disruption and the MEW DNS hack. However, a tweet posted by CobraBitcoin alluded to a possible link between the two incidents.
Edit: While writing this article, MEW posted a tweet saying that the issue had been resolved.
What are your views on the MEW DNS hack? Were you affected? Let us know in the comment section below.
Images courtesy of Reddit, Twitter, AdobeStock, MyEtherWallet
