Popular crypto wallet MEW hit by DNS attack that drained some users’ accounts

There is concern, tears and lost money in the world of crypto once again after MyEtherWallet (MEW), one of the most popular wallets on the internet, was hit by a DNS hack that saw some users lose their cryptocurrency.

MEW said in a statement that “a couple of Domain Name System registration servers were hijacked around 12PM UTC 24 April to redirect users to a phishing site.” Not all visitors to the site during the hijack were impacted, but MEW said that “a majority” of those who were had been using Google’s DNS.

“We are currently in the process of verifying which servers were targeted to help resolve this issue as soon as possible,” the company added, confirming that it has since secured its website. The company recommends those who had used Google DNS to switch to Cloudflare’s.

Wikipedia, country-specific versions of Microsoft, Google and PayPal and even banks have been hit by similar attacks before.

An incident like this doesn’t compromise the site directly, but, in the case of MEW, it led some users of the service to insecure websites that aren’t MEW. From there, those who entered private key information without realizing they had been phished risked having their data snagged by the attackers on the other side. With that information, the attackers could gain access to their account and drain its contents. (Note: This is a very good reason why people are advised to never enter private keys manually, and why secure hardware is highly recommended.)

It’s hard to quantify the impact of an attack like this because MEW is such a well-used and trusted service, while MEW said it is still gathering information on exactly what happened.

Coindesk reports that $150,000, or 216 Ether, was taken, but the figure is likely higher. One fraud tracker identified two wallets (here and here) used in the attack, and they lead to what looks like a holding wallet (here) that collected more than 520 Ether today. That would be around $365,000 at today’s price of $700 per ETH.

The actual amount taken could be higher still. The holding wallet leads to a larger wallet, which has a balance of more than $17 million in Ether and a constant stream of incoming transactions. That’s not to say that $17 million was stolen — that isn’t likely — but the attackers could be using other wallets which haven’t yet been tracked but eventually lead to this larger one.

Beyond using hardware like Trezor or Ledger, crypto wallet users — well, internet users in general — should check that the SSL of a website (shown to the left of the domain name in the browser bar) is secure when they are dealing with private information.

That’s the message that MEW gave to its community.

“Users, PLEASE ENSURE there is a green bar SSL certificate that says “MyEtherWallet Inc” before making any transactions. We advise users to run a local (offline) copy of the MEW (MyEtherWallet). We urge users to use hardware wallets to store their cryptocurrencies,” it said in a Reddit statement.

Those looking for an alternative to MEW could turn to MyCrypto, which was started in February by a former MEW co-founder and offers a similar service. Neither site holds users’ crypto or information; instead, they allow the checking of accounts and enable transactions to be sent to the blockchain, after which they are ferried on to the intended recipient.

Disclosure: The author owns a small amount of cryptocurrency. Enough to gain an understanding, not enough to change a life.