MyEtherWallet Users Lose Funds to DNS Hack

MyEtherWallet (MEW) has reportedly been the victim of a DNS hack on a day when Google appears to be having some issues. Social media and online crypto forums are awash with reports that reveal funds have been stolen from the wallet of some users. Other users who might have logged into the service during the period of the hack may have also been compromised.

Users Report Stolen Funds

A MEW user broke the news on Reddit saying that 0.09 ETH (about $65) had been stolen from his/her account. The user had apparently fallen victim to a phishing scam based on a DNS exploit. The affected user also reported that upon visiting the site, the notification appeared that the connected was not secured. This is an anomaly for a service like MEW and an indication that all was not well. The user ignored the warning, entered his/her details and in 10 seconds, the coins were stolen.

Image showing warning message ignored by MEW user

MEW isn’t the only Ethereum-based service to have been hacked via a DNS exploit. Etherdelta was also hacked in December 2017. Many experts believe this phenomenon is due to the vulnerability created by the presence of a single point of failure in such services.

MEW and MyCrypto Confirm the Hack

MEW has since confirmed the hack via Twitter. An Ethereum address possibly linked to the hack has been identified. The address has already been tagged on Etherscan under suspicions of being involved in the hack. According to Etherscan, the tagged address conducted 180 transactions during the hack, stealing 215 ETH ($150,000) in the process. Comments on another Reddit post claim that MEW has traced the hack to a Russian IP address…

Read Full: MyEtherWallet Users Lose Funds to DNS Hack